190
in the end of the day, the end user needs an id. this is perfect for the everyday user, but obviously if you are writing anti regime articles, you might want to look around for more anonim apps.
this post was submitted on 11 May 2025
190 points (86.5% liked)
Privacy
37786 readers
406 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
perfect for the everyday user
...because of course, they don't need privacy, do they now. "Nothing to hide" and all that jazz.
load more comments
(1 replies)
Reduce spam bot accounts and other malware, as well as to allow for user discovery so you can find your contacts more easily. It's not designed to be an anonymous service, just a private one.
load more comments
(1 replies)
The amount of trolls in this thread that either try to spew false information intentionally or just have no idea what they are talking about is insane.
If you are worried about what data (including your phone number) law enforcement can recieve (if they have your specific user ID, which is not equal to your phone number) from the Signal company check this: https://propertyofthepeople.org/document-detail/?doc-id=21114562 Tldr: It's the date of registration and last time user was seen online. No other information, Signal just doesn't have any other and this is by design.
If you want to know more about how they accomplish that feat you can check out the sealed sender feature: https://nerdschalk.com/what-is-sealed-sender-in-signal-and-should-you-enable-it/
or the private contact discovery system: https://signal.org/blog/private-contact-discovery/
Also as Signal only requires a valid phone number for registration you might try some of these methods (not sure if they still work): https://theintercept.com/2024/07/16/signal-app-privacy-phone-number/
This shows they do not need our phone numbers but they still demand it.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
load more comments
(1 replies)
edit: it's funny how people downvoting comments about signal's sealed sender being a farce never even attempt to explain what its threat model is supposed to be. (meaning: what attacks, with which adversary capabilities specifically, is it designed to prevent?)
Downvoted as you let them bait you. Escaping WhatsApp and Discord, anti-libre software, is more important.
Downvoted as you let them bait you. Escaping WhatsApp and Discord, anti-libre software, is more important.
I don't know what you mean by "bait" here, but...
Escaping to a phone-number-requiring, centralized-on-Amazon, closed-source-server-having, marketed-to-activists, built-with-funding-from-Radio-Free-Asia (for the specific purpose of being used by people opposing governments which the US considers adversaries) service which makes downright dishonest claims of having a cryptographically-ensured inability to collect metadata? No thanks.
(fuck whatsapp and discord too, of course.)
load more comments
(5 replies)
it's being answered in the github thread you linked. Sorry that this is not enough for you but it's enough for most people: "For people who are concerned about this sort of thing, you can enable sealed sender indicators in the settings"
it’s being answered in the github thread you linked
The answers there are only about the fact that it can be turned off and that by default clients will silently fall back to "unsealed sender".
That does not say anything about the question of what attacks it is actually meant to prevent (assuming a user does "enable sealed sender indicators").
This can be separated into two different questions:
- For an adversary who does not control the server, does sealed sender prevent any attacks? (which?)
- For an adversary who does control the server, how does sealed sender prevent that adversary from identifying the sender (via the fact that they must identify themselves to receive messages, and do so from the same IP address)?
The strongest possibly-true statement i can imagine about sealed sender's utility is something like this:
For users who enable sealed sender indicators AND who are connecting to the internet from the same IP address as some other Signal users, from the perspective of an an adversary who controls the server, sealed sender increases the size of the set of possible senders for a given message from one to the number of other Signal users who were online from behind the same NAT gateway at the time the message was sent.
This is a vastly weaker claim than saying that "by design" Signal has no possibility of collecting any information at all besides the famous "date of registration and last time user was seen online" which Signal proponents often tout.
Signal fills an incredibly important spot in a spectrum of privacy and usability where it's extremely usable without sacrificing very much privacy. Sure, to the most concerned privacy enthusits it's not the best, but it's a hell of a lot easier to convince friends and family to use Signal than something like Matrix.
There is a lot of FUD here. It's just like anti-vaxxers claiming vaccines make you autistic or have microchips in them: they don't understand what they're talking about, have different threat models, and are paranoid.
Messages are private on signal and they cannot be connected to you through sealed sender. There have been multiple audits and even government requests for information which have returned only the phone number and last connection time.
So, they do not need our phone numbers but they still demand it.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
Messages are private on signal and they cannot be connected to you through sealed sender.
No. Signal's sealed sender has an incoherent threat model and only protects against an honest server, and if the server is assumed to be honest then a "no logs" policy would be sufficient.
Sealed sender is complete security theater. And, just in case it is ever actually difficult for the server to infer who is who (eg, if there are many users behind the same NAT), the server can also simply turn it off and the client will silently fall back to "unsealed sender". 🤡
The fact that they go to this much dishonest effort to convince people that they "can't" exploit their massive centralized trove of activists' metadata is a pretty strong indicator of one answer to OP's question.