I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
The only thing I’ll tack onto this is that with the introduction of Signal usernames, you still have to give Signal your number to verify that at least on some level, you probably are a real person. As someone with 5 different phone numbers, probably doesn’t stop spam as much as they’d hoped, but more than they feared, but at least now you don’t have to give that Craigslist guy who uses Signal your phone number, just your username. Is that the best method? I dunno, but but it is something.
I was unaware of this change, and it’s perfectly acceptable. No one has any ground to lambast Signal for requiring phone numbers to get an account. I think that’s a perfectly reasonable spam mitigation technique. The issue is having to shotgun your phone number to every Howard and Susan that you want to use Signal to communicate with.
This was honestly the only thing holding me back from actually using Signal. I’ll likely register for an account now.
If you are even remotely involved in any activist type of things, you certainly don’t want this US government honeypot have your phone-number and device id.
At least in theory, this is mitigated. The signal activation server sees your phone number, yes. If you use Signal, the threat model doesn’t protect you from someone with privileged network or server access learning that you use Signal (just like someone with privileged network access can learn you use tor, or a vpn, etc).
But the signal servers do not get to see the content of your group messages, nor the metadata about your groups and contacts. Sealed sender keeps that private: https://signal.org/blog/sealed-sender/
You would obviously want to join those groups with a user Id rather than your phone number, or a malicious member could out you. It’s not the best truly anonymous chat platform, but protection from your specific threat model is thought through.
edit: be sure to go to Settings > Privacy > Phone Number. By default anyone who already has your phone number can see you use signal (used for contact discovery, this makes sense to me for all typical uses of Signal), and in a separate setting, contacts and groups can see your phone number. You will absolutely want to un-check that one if you follow my suggestion above.
There are some mitigations in place, yes, but Sealed Sender on a centralized platform is snake-oil as someone with server access can easily do a timing attack and discover who communicated with whom.
Spam accounts are clearly the biggest factor for not letting anyone just sign up with an email. Although getting a new email without a phone verification is getting increasingly hard now.