this post was submitted on 20 Feb 2024
368 points (97.9% liked)

Technology

59589 readers
2838 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 19 comments
sorted by: hot top controversial new old
[–] hedgehog@ttrpg.network 39 points 9 months ago

Signal blog post on the topic, with instructions and links to join the beta: https://signal.org/blog/phone-number-privacy-usernames/

[–] Vent@lemm.ee 36 points 9 months ago

Awesome! I love Signal and the lack of usernames has always been one of it's bigger downsides, especially when comparing against other messaging apps.

[–] ryannathans@aussie.zone 13 points 9 months ago (2 children)

Can LEO tie a username to a phone number?

[–] rmuk@feddit.uk 25 points 9 months ago (1 children)

Depends. How smart is Leo?

[–] Vent@lemm.ee 8 points 9 months ago

From Signal's blog footnotes:

Usernames in Signal are protected using a custom Ristretto 25519 hashing algorithm and zero-knowledge proofs. Signal can’t easily see or produce the username if given the phone number of a Signal account. Note that if provided with the plaintext of a username known to be in use, Signal can connect that username to the Signal account that the username is currently associated with. However, once a username has been changed or deleted, it can no longer be associated with a Signal account. 

[–] ikidd@lemmy.world 11 points 9 months ago (1 children)

So do I still need to provide a phone number when I sign up?

[–] N00dle@lemmy.world 18 points 9 months ago (2 children)

you will still need a phone number to sign up for Signal

From signals official blog, yes you do

[–] ikidd@lemmy.world 8 points 9 months ago

Well, then this changes nothing as it applies to political organizing.

[–] rbits@lemm.ee 1 points 9 months ago

Damn. So still not a replacement for iMessage. Does anyone know of a good iMessage replacement (doesn't require a phone number, available for under 13s)?

[–] nodsocket@lemmy.world 4 points 9 months ago
[–] shellsharks@infosec.pub 4 points 9 months ago

Careful though. Maybe not as "private" as you may think... a thread from @sc00bz@infosec.exchange - https://infosec.exchange/@sc00bz/111966928032512918

[–] ArchAengelus@lemmy.dbzer0.com -4 points 9 months ago (3 children)

I see this as both a win and a problem:

As soon as you take away a hard link to a real-life identifier, the sketchy people come out of the woodwork and spread images of child exploitation.

Signal has not had this problem like some platforms (e.g. Kik), and I suspect two reasons:

  1. Lack of searchable chat rooms
  2. Concrete link to a phone number that anyone who contacts you must know (and make it easy to identify you to authorities)

Up until now signal has been an excellent secure replacement for text messaging between parties that know each other. I hope they don’t go the “chat groups” route, though I doubt they will. But I suspect this change will make it a preferred way for abusers to exchange images and videos nearly anonymously.

[–] felbane@lemmy.world 41 points 9 months ago (2 children)

The implication is that a phone number is still required, you just no longer have to share that with the people you communicate with.

[–] Vent@lemm.ee 27 points 9 months ago

Their blog post says explicitly that phone number is still required for sign-up and that usernames are purely meant as an avenue to message new people without sharing your phone number. Your username isn't even visible to anyone but you and you can change it whenever you want.

[–] ArchAengelus@lemmy.dbzer0.com 9 points 9 months ago

That does help. While It adds an extra step to the reporting process (having the authorities identify the human behind the tag), it does at least nearly guarantee someone can figure out who is behind it.

[–] xor@infosec.pub 4 points 9 months ago (1 children)

it's called “phone number privacy.”

[–] JohnEdwa@sopuli.xyz 4 points 9 months ago* (last edited 9 months ago)

Really rather important feature in places like here in Finland, where your phone number (and car license plate) is directly linked and publicly searchable to your full name and address :)

[–] wewbull@feddit.uk 1 points 9 months ago

I think this all comes down to how you separate the medium of communication and the content. Nobody cares that you can send encrypted emails between people on any server in the world. Or place encrypted files on any number on free cloud storage solutions. End to end encrypted communication between anonymous parties is fairly easily achieved if you just think about it a little. We don't hold those systems liable for the content they transmit unknowingly, either legally or in public opinion.

Why is it different for chat services? Have we just become conditioned because Facebook, Twitter, etc decided they needed to police their networks?