59
Is Signal messaging really private?
(lemmy.ml)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 08 Sep 2025
59 points (66.1% liked)
Privacy
42146 readers
1256 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
The face that Signal needs phone numbers to sign up is very bad.
No one that has told me this has ever been able to offer up any sort of explanation, but please do feel free to give it ago.
The explanation is obvious. The phone numbers are a personally identifiable network of connections that is available to the people operating Signal servers. If this information is shared with the US government, then they can easily correlate this information with all the other data they have. For example, if somebody is identified as a person of interest then anybody they want to have secure communications would also be of interest.
Unlike Whatsapp, Signal doesn't store your network of contacts. They have your phone number, time of registration, and time of last connect to their servers. They go to great lengths to keep the rest private. In Signal's case, I don't see an issue at all, but I do see all the benefit.
They store your phone number, and have to route all the messages you created to the other phone numbers / user IDs in their database. This means anyone with access to signal's centralized database has social network graphs: who talked to who, and when.
If your threat model is "I just trust them", then its not a good one.
Privacy advocates have been raising the alarms about signal forever, but like apple, their fanbase just feels the security "in their gut", and think that because it has a shiny interface, it must be secure.
The only people who know what the server stores are the people running it.
Multiple-accounts and pseudonyms. It's like the 101 of interacting on the Internet. With a phone number requirement that's automatically made impossible.
Also SIM-cards/phone numbers are required by law to be attached to your real world identity in many countries.
What about them?
Why is that a problem?
Why are you posting as artyom@piefed.social and not @?
...because this is not a private message? And because my home address is not a piefed server. Such a weird question...
SS7 hacking can intercept your calls and text messages as well as your location just by knowing your phone number.
https://youtu.be/wVyu7NB7W6Y
I don't understand what that has to do with this conversation. Signal does not advertise your phone number to anyone that doesn't already have it.