Privacy

37765 readers

463 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

180

Why does Signal want a phone number to register if it's supposedly privacy first? (programming.dev)

submitted 2 days ago by 0101100101@programming.dev to c/privacy@lemmy.ml

263 comments fedilink hide all child comments

I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message "hi " could be displayed was baulked at.

Why does signal want a phone number to register? Is there a better alternative?

you are viewing a single comment's thread
view the rest of the comments

[–] ryannathans@aussie.zone 4 points 1 day ago (2 children)

It doesn't "mess with your contacts". You can choose to give contacts access if you wish to have secure contact discovery. Contacts are not uploaded.

It's robustly encrypted and quantum secure, without metadata leaks like the sender of a message.

It's recommended by Edward Snowden.

If you want to message someone, have the ability to verify there is no man in the middle attack, have perfect forward secrecy, very strong crypto, use open source software and still have all the conveniences of a modern message app, use signal.

[–] solrize@lemmy.world 4 points 1 day ago (1 children)

Do you mean the client side is open source? What about the server? If you're required to use Signal's server, how do you know it's not disclosing metadata? If you can self-host it, why the phone number?

[–] ryannathans@aussie.zone 3 points 1 day ago* (last edited 1 day ago) (2 children)

The idea is you don't need to trust the server

Messages sent don't contain a readable sender field

Mobile numbers may not be necessary long term, architecture depends on accounts being created Witt phone numbers. Usernames were very recently introduced. Soon we may see requirement for phone number dropped, unless related to spam control

[–] rirus@feddit.org 2 points 1 day ago

You trust the server if you don't verify fingerprints. Signal makes that too difficult.

Sealed sender is a theater that you can enable but still have to trust Intel, aws and the signal server.

[–] solrize@lemmy.world 2 points 1 day ago (1 children)

The wikipedia article looks informative and I will read through it: https://en.wikipedia.org/wiki/Signal_(software)

Is spam a serious problem on other messaging systems?

[–] ryannathans@aussie.zone 1 points 1 day ago

I have received maybe 3 spam messages in many years of use

Spam is a huge problem on other messaging apps I have tried

[–] rirus@feddit.org 0 points 1 day ago (1 children)

CONTACTS ARE UPLOADED

Robust encryption isn't useful if you don't verify the fingerprint and signal makes that not intuitively.

SIGNAL CLIENT HAS UNFREE SOFTWARE INCLUDED

[–] ryannathans@aussie.zone 2 points 1 day ago* (last edited 1 day ago)

Contacts are never uploaded

Hashes of some numbers are if you enable contact discovery

Verifying keys is easy, what are you talking about?