Comment by heavyset_go 5 days ago
This is one of the reasons it's crucial that the next set of secure messaging systems does away with tying real phone numbers to accounts.
One phone gets compromised and the whole network is identified with their phone numbers.
> You still need to use your phone number to sign up, though.
Which defeats the whole point. What if the FBI politely asks Signal about a phone number?
All they'd learn that way is that that phone number has a Signal account, when it was registered, and when it was last active. In other words, it doesn't tell them whether it's part of a given Signal group. (See https://signal.org/bigbrother/.)
They publicly publish these requests. You can see how little information is provided — just a phone number and two unix timestamps IIRC. https://signal.org/bigbrother/
I might be misremembering or mixing memories but i remember something about them only storing the hash of the number.
So the FBI cant ask what phone number is tied to an account, but if a specific phone number was tied to the specific account? (As in, Signal gets the number, runs it through their hash algorythm and compares that hash to the saved one)
But my memory is very very bad, so like i said, i might be wrong
If the Signal Messaging LLC is compromised, then "updates", e.g., spyware, can be remotely installed on every Signal user's computer, assuming every Signal user allows "automatic updates". I don't think Signal has a setting to turn off updates
Not only does one have to worry about other Signal users being compromised, one also has to worry about a third party being compromised: the Signal Messaaging LLC
Signal Messaging LLC is US-based and needs to follow CALEA[1] by law.
[1] https://en.wikipedia.org/wiki/Communications_Assistance_for_...
They aren't allowed to tell you by law, and courts work with prosecution to keep implementation details away from the public, and investigators will engage in parallel construction to obfuscate the sources of evidence. That's just on the normal law enforcement side.
Once you get into the national security side, the secrecy is even higher.
"Carrying this speculation a step further, it is possible that the available tools have been compromised either in individual instances or en masse. Even where security products are open-source, adequate security evaluations are difficult to conduct initially and difficult to maintain as the products evolve. Typical users upgrade their software when upgrades or packages are offered, without even thinking of the possibility that they may have been targeted for a Trojan horse."
Whitfield Diffie and Susan Landau, Privacy on the Line: The Politics of Wiretapping and Encryption (MIT Press: Cambridge, 2007), 372
Italics are mine
Using any mobile phone connected to mobile network is breach of OPSEC, period. Even more in countries, where you cannot get anonymous SIM card.
Not using phone numbers in chat app doesn't protect you against someone locating you.
When phone is turned on, even without SIM, your location is saved, in inches. Thanks to 5G.
And some phone turns itself on automatically, lol.
Using laptop (without any wifi card) -> Wifi card (rotating fake MAC) -> wifi network/LTE modem with IMEI spoofing
Agreed, but people are going to people and will use phones, anyway. Might as well not include identifying information during registration.
Signal is a desktop app, as well. Even if you wanted to run it on Qubes in a Faraday cage, you'll need a phone number to register to use the app.
In the ideal situation, no one would be using Signal, phones or computers, the design of the internet is inherently identifying and non-anonymizing.
Hiding your phone number is a setting now. Has been for well over a year.
You can't sign up without one, and it being an option means people who are in danger won't do it.
Also, if someone's phone is confiscated, and you're in their Signal chats and their address book, it doesn't matter if you're hiding your number on Signal.
It's better to just not require such identifying information at all.
That's true for any system where you have contacts linked. Same thing happens when you have names and avatars.
If you don't want to link your contacts... don't link your contacts...
But this doesn't have the result that the GP claimed. The whole network doesn't unravel because in big groups like these one number doesn't have all the other contacts in their system.
For people that need it:
| Settings
|- Chat
| |- Share Contacts with iOS/Android <--- (Turn off)
|- Privacy
| |- Phone Number
| | |- Who Can See My Number
| | | |- Everybody
| | | |- Nobody <----
| | |- Who Can Find Me By Number
| | | |- Everybody
| | | |- Nobody <----
| |- App Security
| | |- Hide Screen in App Switcher <---- Turn on
| | |- Screen Lock <---- Turn on
| |- Advanced
| | |- Always Relay Calls <-----
Some of these settings are already set btw
I would imagine that the issue that people have here isn't so much that you can hide from other users, but whether or not you can hide your information from the company behind Signal. I'd assume that if you can't hide from the company, then you can't hide from the US government. We know that you can extract messages from a compromised phone because they aren't encrypted at rest. Which I guess would mean that even if you have disappearing messages and similar, your messages could proably still be extracted from a group chat with a comprimised user in it.
If we go full tinfoil, then do you really trust Apple and Google to keep your Signal keys on your device safe from the US government?
It's probably not that bad, but I do know that we're having some serious discussions on Signal here in Europe because it's not necessarily the secure platform we used to think it was. Then again, our main issue is probably that we don't have a secure phone platform with a way to securely certify applications (speaking from a national safety, not personal privacy point of view).
Session is a low-privacy fork of Signal.
source:
https://soatok.blog/2025/01/14/dont-use-session-signal-fork/
hn discussion:
Ricochet (chat via Tor .onion circuits): https://www.ricochetrefresh.net/
Tox (if you're addicted to phones): https://tox.chat/
>What better alternatives do we have?
Set up your own XMPP or Matrix server and only expose it via Tor.
Physical keys are the real path. Sign every message with your Yubikey.
Bots can authenticate just as well as human users. Both bots and trolls are completely different set of issues that cannot easily be solved, regardless of your approach.
Zangi does this. No idea on their overall security posture compared to Signal, however.
> it's crucial that the next set of secure messaging systems does away with tying real phone numbers to accounts.
I haven't tried it, but Signal supports not sharing your phone number/just communicating with usernames: https://signal.org/blog/phone-number-privacy-usernames/
You still need to use your phone number to sign up, though.