What kind of private communication can we talk about if you must have a valid phone number to use Signal?! Lol
this post was submitted on 27 Mar 2025
521 points (96.8% liked)
Privacy
36475 readers
319 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
Signal recently implemented "usernames" instead of phone numbers
Pretty sure you still need a phone number for an account, though - the usernames are just for sharing your contact with other people.
Most peoples' phone numbers are easily linked to their identity. Which means the government knows who's using Signal.
Usernames are definitely an improvement, but this is a fundamental limitation in Signal's design.
load more comments
(3 replies)
load more comments
(2 replies)
load more comments
(3 replies)
Consider Briar.
Uses Tor. Works directly over Bluetooth/WiFi if the internet is censored or shut down. Decentralized, no accounts. No phone number required.
Of all the options available, I feel like this one is the best suited to current threats (oppressive governments with all-encompassing surveillance, and the willingness to destroy critical institutions and infrastructure).
The app is super barebones right now - feels like SMS - but it works. Main downside is that both participants have to be online at the same time (maybe group chats can work around this?), since there's no servers.
How does the Bluetooth work? If you're close enough to be in bluetooth range with someone aren't you close enough to just speak to them?
One use case could be mass protests/uprisings, where you have a lot of people congregated in a small area. An increasingly popular strategy among governments these days is to just shut down the entire internet in an agitated region. Bluetooth could keep information flowing between people with only mutual contacts, as they move in and out of range.
load more comments
(2 replies)
load more comments
(1 replies)
No, it is not. 🚮
Regarding the trick of an adversary gaining access by emailing or SMS'ing a QR code for adding another device...
Why does the new device not demand the PIN before being added?
load more comments
(2 replies)
Here are two reasons you might not want to use Signal: Your contacts, your settings, your entire Signal experience is tied to a Signal account managed by Signal. Metadata—who you’re talking to, when, and how often—can still be collected and analyzed. Question everything.
"The only metadata that Signal would have access to, is the phone number used to register, the date of initial registration, and the date of last use."
https://www.reddit.com/r/signal/comments/exd92f/what_kind_of_usermessage_metadata_is_observed_and/
The issue of centralization can be a problem, but in regards to metadata, sealed sender does a lot to prevent Signal's servers from knowing who messages who, which makes Signal a lot more private than described here.
So use no messenger? Any decentralized options?
SimpleX is decentralized, requires no phone number, based on Signal code. Screws up invitations via FB/Messenger though.
load more comments
(2 replies)
load more comments
(1 replies)
I personally use carrier pigeons with caesar cipher. I know I can't out tech google, so I will go medieval.
You can do better than Caesar cipher
load more comments
(1 replies)
How's signal compared to Element?
Also, is there a secure way to directly send messages to someone else's phone without the message having to be stored on a central server? As in they're only stored on the recipient device. Is that even possible with how the internet works and how packets are routed between networks? Even if the server has no way of decrypting messages by default, just having the encrypted messages stored there is a liability because your encryption keys can easily get leaked by malware running on your device, phishing, etc.
element keeps a lot of metadata unencrypted. but it is federated, you can choose the server that has access to it (deny federation for the room or set up federation ACLs if important to keep it there), and because of the former it's harder to just shut down.
https://github.com/matrix-org/matrix-spec/issues/660
signal doesn't, in theory they don't even know the recipient of your messages (but there's a twist in that part as I remember), but it is centralized around US servers. it is easier to shut down.
Signal is great, that's why I'm suspicious that this recent story is to not only target journalism, but also secure app communication. I wouldn't be surprised if it's used as an excuse to remove signal from the app stores.
Hopefully I'm just being too paranoid.
I don’t think that’s the case, I just think it is old people not know how to use technology.
Additionally, all these people in power are using signal, how is that not a loud endorsement that everyone should be on it.
Sadly, my contact list remains mostly on WhatsApp and Facebook messenger only.
Anyone who uses Facebook messenger as their only messenging app will need to text or call me. Fuck that. I do, however, use WhatsApp and discord for work and uni group chats. If or when that's no longer the case, people who only use those will need to text me, too.
load more comments
(2 replies)
Immediately had that thought as well.
Don't blame the barn for not holding the horses when you leave the fucking door open.
I can't imagine any messenger is private if you invite random people into a group chat 🤦♂️
Layer 8 security issue
error: problem between keyboard and chair
but nowadays maybe it works better with screen
PEBCAK Problem Exists Between Chair And Keyboard!
Knew of an IT help desk employee who used this as a resolution in a ticket. Yeah, he got fired as soon as the customer looked up what it meant.
load more comments
(1 replies)
load more comments
(1 replies)
Signal is the place for top secret communications, but not for any government business, top secret or not (at least not when using a public instance - they could fork the project to keep decryptable records on gov servers where the official gov instance would run).
Out of curiosity, what’s a better app for that use?
Anything that logs all the communication.
Govs have their own apps, email servers, various other web-based tools to exchange data, etc. Usually also gov hardware (ie can't use/access such gov apps on non-gov phones).
It's not "what's better" it's what is mandated/required/the law.
Much like when you get a regular average job you have to use whatever is permitted - company email is the usual, can't just deal with company data over your private email account where the company has no oversight.
load more comments
(1 replies)
at least not when using a public instance - they could fork the project to keep decryptable records on gov servers where the official gov instance would run
All the people in the chat were high enough that the government for free provided them with secure rooms in their homes so everything would be done through government hardware and encryption programs.
Yes, ofc, using Signal was intentional to not keep any records/evidence.
load more comments
(1 replies)
load more comments
(2 replies)