3

Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private -...

 6 months ago
source link: https://it.slashdot.org/story/24/02/20/1835203/signal-finally-rolls-out-usernames-so-you-can-keep-your-phone-number-private
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private

Sign up for the Slashdot newsletter! OR check out the new Slashdot job board to browse remote jobs or jobs in your areaDo you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 20 million monthly users. It takes less than a minute. Get new users downloading your project releases today!
×

Encrypted messaging app Signal has launched new feature allowing users to conceal their phone numbers and instead use usernames, in a move aimed at boosting privacy protections long sought by cybersecurity experts and privacy advocates. From a report: Rather than give your phone number to other Signal contacts as the identifier they use to begin a conversation with you, in other words, you can now choose to be discoverable via a chosen handle -- or even to prevent anyone who does have your phone number from finding you on Signal. The use of phone numbers has long been perhaps the most persistent criticism of Signal's design. These new privacy protections finally offer a fix, says Meredith Whittaker, Signal's executive director. "We want to build a communications app that everyone in the world can easily use to connect with anyone else privately. That 'privately' is really in bold, underlined, in italics," Whittaker tells WIRED. "So we're extremely sympathetic to people who might be using Signal in high-risk environments who say, 'The phone number is really sensitive information, and I don't feel comfortable having that disseminated broadly.'"

So now instead of having a phone number that identifies your phone, you have a username that identifies your phone. And this accomplishes what, exactly?

  • Re:

    When you are baiting scammers, and they ask to chat with you on signal, they don't get your mobile number?

  • It accomplishes a lot. In order to reverse-engineer the username, one would have to gain access to Signal's records and link the username to an IP or other identifiers. This requires a subpoena at the least. When a phone number is used, any idiot can go to a data broker website and find out who that phone number belongs to. It also means that law enforcement can subpoena the cell carrier, which tends to be much easier to work with for law enforcement (even having portals setup so they can instantly login and get data) than a company like Signal, which stores very limited information compared to cell providers [signal.org].

  • Re:

    You might not be aware, but you don't need to use your actual name as your user name.

    In many countries you do need to use your actual name, backed up by government ID, to get a phone number.

    • Re:

      This.

      A friend of mine had to show his passport to purchase a prepaid SIM in Greece a few years ago. Fortunately, I had purchased a SIM plus a cheapo GSM phone in Germany. With cash, no ID required. And it worked just fine in Greece.

      Sure, there were roaming charges. But if I was bent on committing some nefarious deed, a few Euros wouldn't really slow me down.

      • Re:

        You need to show your passport in Germany for SIM cards since before 9/11 (2001). Of course there are enough places where you can buy one (especially if you buy a phone too) without much fuss, especially around train stations.
        Greece introduced this much later, after some criminal escaped from the prison TWICE by just having a helicopter show up and picking him up. Yes, they caught the dude and then he escaped again with a helicopter. I think the second time a guard shot himself in the foot. You can't make t

  • Re:

    A few reasons:
    1. Providing a phone number can expose more personal information that some people would like as the phone number might tie to other information through external databases. A username would only be able to do that through Signal's databases.
    2. People don't want to be contacted via phone/sms and don't want to share that
    3. Many 2FA still use SMS which is vulnerable to a sim-swapping attack if the attacker knows the phone number

    • Re:

      It's still not enough because Signal having your phone isn't acceptable either.

      • Re:

        >"It's still not enough because Signal having your phone isn't acceptable either."

        +1000

        I was coming to post the same thing. There is no reason that Signal should have your mobile phone number. Signal should be usable on any device, including a tablet or deactivated, neither of which have a number. Sure, they need SOMETHING to set you up and for recovery, but why can't that be an Email address? I noticed there is also no way to use Signal within a web browser (web-based). Why?

        I am so VERY tired of ev

        • Re:

          These are by design. Companies have learned that they can say security and idiots will accept it. I argue that privacy is not separate from security and that true security and privacy means even the company you are dealing with should have no way to tie an account to a real human if the human chooses for it to not be so. Almost all 2 factor that is put in place in the last 5 years is put in place in the name of security, but it is simply these companies putting in place mechanisms that allow them to tie an

        • Re:

          I think they've been reluctant to do this because of concerns that not having it tied to a phone number will make spam easier. As it is, I get one or two spam messages every couple of months, and while it's not impacting me right now, it could become a major problem later, made worse by Signal being completely unable to filter based on content by design.

          On top of that, if they see sharply higher uptake and use enabled by email addresses, they would also face higher bills, and as an organization that is heav

          • Re:

            >"I think they've been reluctant to do this because of concerns that not having it tied to a phone number will make spam easier. [...] made worse by Signal being completely unable to filter based on content by design."

            I suppose that is possible. But not sure how/why. If you need to create an account to use Signal and send messages, they can very easily spot any account sending out tons of messages and deduce it is almost certainly spam. Doesn't matter the destination or content. Especially easy to en

  • Re:

    It's difficult to translate username to real-world phone number for making unwanted solicitation phone calls without having a table showing those relationships?

    I mean, are you trying to be remarkably obtuse here?


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK