196

Why does Signal want a phone number to register if it's supposedly privacy first? (programming.dev)

submitted 6 days ago by 0101100101@programming.dev to c/privacy@lemmy.ml

291 comments fedilink hide all child comments

I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message "hi " could be displayed was baulked at.

Why does signal want a phone number to register? Is there a better alternative?

you are viewing a single comment's thread
view the rest of the comments

[-] frazorth@feddit.uk 3 points 5 days ago

They are referring to message metadata.

Even if they don't show the content of messages, if they can show that phone number A is sending messages and getting replies to number B then that's all the government needs.

https://signal.org/legal/

For the purpose of operating our Services, you agree to our data practices as described in our Privacy Policy, as well as the transfer of your encrypted information and metadata to the United States and other countries where we have or use facilities, service providers or partners.

They store metadata, which is distinct from encrypted data.

Are you saying sealed sender is a lie?

https://signal.org/blog/sealed-sender/

When you send a traditional piece of physical mail, the outside of the package typically includes the address of both the sender and the recipient. The same basic components are present in a Signal message. The service can’t “see into” the encrypted package contents, but it uses the information written on the outside of the package to facilitate asynchronous message delivery between users.

They have a list of encrypted messages, who it's from and who it's to, based upon the sealed sender description. If you are using phone numbers then you are not anonymous, and a TLA agency can search known bad numbers even if Signal does not try to build that graph.

[-] fmstrat@lemmy.nowsci.com 1 points 3 days ago

Did.. Did you just read the problem they were trying to solve, and just, skip the solution?

[-] frazorth@feddit.uk 1 points 2 days ago

No.

We have been exploring techniques to further reduce the amount of information that is accessible to the service, and the latest beta release includes changes designed to move Signal incrementally closer to the goal of hiding another piece of metadata: who is messaging whom.

They haven't hidden it yet. It's a goal.

[-] fmstrat@lemmy.nowsci.com 2 points 2 days ago* (last edited 2 days ago)

What?

That blog entry is almost 7 years old. Sealed Sender came a long time ago.
The literal quote you provide has a link on "exploring techniques" that you didn't click. It takes you to another blog post for the launch of Private Contact Discovery, which takes you to a repo of the service, but because your cutting and pasting such old stuff even that's been replaced by a V2.

Please take a step back and read the technical docs, or at least more recent info.

As ratcheting and chaining are used, messages are sent with rotating keys on ebery message as the sender/recipient identifiers for the messages, not the phone number. It would be way easier to tap Google for Firebase notifications to get to what you are talking about.

And the capability argument is moot if it's been proven in court to not be done today. You could say that about any service that uses push notifications that go through cloud providers.

Tagging @onlinepersona@programming.dev

load more comments (3 replies)

this post was submitted on 11 May 2025

196 points (86.6% liked)

Privacy

37857 readers

327 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS