No, seriously. Even if the messages are encrypted, the metadata including your account info and the account info of everyone you talk to are not. In a lot of these cases, they don’t have to have the actual contents of the messages to have a pretty clear picture of what you might be talking about!
With a phone number that’s almost certainly registered to your real identity, it makes it trivial to track what you as a person is doing even without breaking the encryption! An encrypted messenger that requires anything related to your real identity to get an account is security theatre.
For example: if you suddenly start messaging back and fourth with an account, and that account happens to have the same phone number as the one on the business card and website of an out of state abortion clinic worker, and your own phone number’s area code just so happens to fall in a state that banned abortions after Roe v Wade got trashed, it juuuust might imply a few things about you. They can’t definitively prove what the messages were, but if your state criminalizes any and all attempts to get an abortion anywhere, it’s probably enough to get a warrant against you.
What viable user-friendly (i.e. no account creation required) options are there? I just want my messages between friends and family to not be mined by greedy corporations.
The problem is not the account, but the mandatory phone number verification
Yes, it is. At least from the perspective of normal users.
The reason for WhatsApp (or Telegram or iMessage) becoming as big as it is was the convenience (later the network effect, of course, too) of just entering your phone number and then it just works™. No server selection, no password to remember, totally hassle free—that is the argument I get to hear very often.
And honestly, I have no idea, how we could provide a similar conveniance that is fool proof and secure and private.
I was referring to the “no account creation required” and given how other online services seem to be doing fine with accounts I don’t think it is as big of a hurdle as you make it seem.
Of course automatic discovery of accounts based on phone numbers is a different topic, but there are also plenty of people who hate that feature (Telegram has a special feature to not allow that even).
luckily, from the warrants they’ve received in the past we know that they don’t store metadata, and the only information about the requested numbers that they’ve been able to provide to the court were the date of registering an account and the last time they were online, both in Unix epoch format: https://signal.org/bigbrother/
This only tells us what they do by default and without gag-order. They could still be forced to log specific users and are barred from telling us by legal request.
Furthermore, it is known from Telegram disclosures that the FBI has been approaching staff from messenger companies with the offer of quite a lot of money to act as moles inside these companies.
As long as Signal is a centralized service with servers in the US, neither problem can be solved and that makes Signal inherently unsafe to use.
You have to keep the bigger context in mind here. Even if Signal only tracks your phone number, it can be easily correlated with other data that’s associated with you that’s aggregated from your online footprint.
They probably do it to prevents spam/abuse. It is supposed to be a better WhatsApp after all, not a completely federated software. So it gotta be somewhat user friendly.
Probably referring to that it’s harder for scammers to create scam accounts because they need to verify the phone number is actually theirs before the account can send messages. IMO, still not worth requiring a phone number for the 90% of legitimate users.
Not sure if Signal does this, but most websites will automatically look up the phone number registration, see that it’s from one of those companies, and reject it.
The original argument is that Signal does not want to create a social graph of user accounts on their server and rather rely on the already existing one of the users phone book.
But that is very narrow thinking and ultimately counterproductive as others have pointed out here already.
It’s abominable that Signal still requires a phone number.
How else are they going to track you?
No, seriously. Even if the messages are encrypted, the metadata including your account info and the account info of everyone you talk to are not. In a lot of these cases, they don’t have to have the actual contents of the messages to have a pretty clear picture of what you might be talking about!
With a phone number that’s almost certainly registered to your real identity, it makes it trivial to track what you as a person is doing even without breaking the encryption! An encrypted messenger that requires anything related to your real identity to get an account is security theatre.
For example: if you suddenly start messaging back and fourth with an account, and that account happens to have the same phone number as the one on the business card and website of an out of state abortion clinic worker, and your own phone number’s area code just so happens to fall in a state that banned abortions after Roe v Wade got trashed, it juuuust might imply a few things about you. They can’t definitively prove what the messages were, but if your state criminalizes any and all attempts to get an abortion anywhere, it’s probably enough to get a warrant against you.
What viable user-friendly (i.e. no account creation required) options are there? I just want my messages between friends and family to not be mined by greedy corporations.
deleted by creator
Matrix is pretty good.
The problem is not the account, but the mandatory phone number verification.
XMPP with the Android Conversations or BlabberIM client works pretty well as an alternative and uses the same high quality encryption as Signal.
Yes, it is. At least from the perspective of normal users.
The reason for WhatsApp (or Telegram or iMessage) becoming as big as it is was the convenience (later the network effect, of course, too) of just entering your phone number and then it just works™. No server selection, no password to remember, totally hassle free—that is the argument I get to hear very often.
And honestly, I have no idea, how we could provide a similar conveniance that is fool proof and secure and private.
I was referring to the “no account creation required” and given how other online services seem to be doing fine with accounts I don’t think it is as big of a hurdle as you make it seem.
Of course automatic discovery of accounts based on phone numbers is a different topic, but there are also plenty of people who hate that feature (Telegram has a special feature to not allow that even).
deleted by creator
Briar?
luckily, from the warrants they’ve received in the past we know that they don’t store metadata, and the only information about the requested numbers that they’ve been able to provide to the court were the date of registering an account and the last time they were online, both in Unix epoch format: https://signal.org/bigbrother/
This only tells us what they do by default and without gag-order. They could still be forced to log specific users and are barred from telling us by legal request.
Furthermore, it is known from Telegram disclosures that the FBI has been approaching staff from messenger companies with the offer of quite a lot of money to act as moles inside these companies.
As long as Signal is a centralized service with servers in the US, neither problem can be solved and that makes Signal inherently unsafe to use.
You have to keep the bigger context in mind here. Even if Signal only tracks your phone number, it can be easily correlated with other data that’s associated with you that’s aggregated from your online footprint.
What you wrote is simply wrong.
Signal encrypt metadata to the best of their capacity. On the contrary matrix, xmpp, telegram, WhatsApp don’t (unless sth changed since last year)
For example on my matrix server I could read the IP, username and time of each message.
https://signal.org/blog/sealed-sender/
This is what they tell you. Since signal isn’t self-hostable or federated, you can’t verify that.
As far as i understand this is a client side implementation. So it’s verifiable.
They probably do it to prevents spam/abuse. It is supposed to be a better WhatsApp after all, not a completely federated software. So it gotta be somewhat user friendly.
What? It’s easier for spammers/scammers to enumerate phone numbers (because they follow a specific pattern) than usernames or random IDs.
Probably referring to that it’s harder for scammers to create scam accounts because they need to verify the phone number is actually theirs before the account can send messages. IMO, still not worth requiring a phone number for the 90% of legitimate users.
There are websites online that offer 10 minute phone numbers.
Not sure if Signal does this, but most websites will automatically look up the phone number registration, see that it’s from one of those companies, and reject it.
There are these services still around.
https://sms24.me/en/messages/Signal
You’ll notice most numbers aren’t from US. The ability to detect VoIP numbers only applies to NA.
The original argument is that Signal does not want to create a social graph of user accounts on their server and rather rely on the already existing one of the users phone book.
But that is very narrow thinking and ultimately counterproductive as others have pointed out here already.