this post was submitted on 11 May 2025

192 points (86.6% liked)

Privacy

37806 readers

656 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

192

Why does Signal want a phone number to register if it's supposedly privacy first? (programming.dev)

submitted 4 days ago by [email protected] to c/[email protected]

286 comments fedilink hide all child comments

I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message "hi " could be displayed was baulked at.

Why does signal want a phone number to register? Is there a better alternative?

(page 6) 43 comments

sorted by: hot top controversial new old

[–] [email protected] 7 points 3 days ago (18 children)

Is there a quick explanation of what signal actually does? I don't understand the need for a phone number either. Jami doesn't ask for a phone number. It has other deficiencies that make me not want to use it, but those are technical rather than policy, more or less. Similarly, irc (I'm luddite enough to still be using it) doesn't ask for a phone number either. So this is all suspicious. There are a bunch of other things like this too (Element, Matrix, etc.) that I haven't looked into and tbh I don't understand why they exist.

load more comments (18 replies)

[–] [email protected] 33 points 3 days ago (25 children)

Bots. If it makes you feel better, you can disable other people finding you via phone number and just give them your username. All messages are private.

load more comments (25 replies)

[–] [email protected] 5 points 3 days ago (11 children)

Session is an alternative that does not require, or request, your phone number (or any other identifying information). Honestly, I have no idea why Signal got popular and Sessions did not. As soon as Signal asked for my phone number that set off alarm bells for me and I’ve never really trusted it since.

load more comments (11 replies)

[–] [email protected] 6 points 3 days ago (2 children)

thousands of threads on this topic since decades ago.

it's an eternal debate (since signal has no plans to change)

just read the history and join the rest of us waiting for them to change. using signal before that change is completely optional. go ahead and don't use it. no problem.

opening the discussion again is just tiring.

[–] [email protected] -1 points 3 days ago (1 children)

opening the discussion again is just tiring.

so tiring that i opened it and read it, then typed a long response.

load more comments (1 replies)

[–] [email protected] 120 points 3 days ago (10 children)

Because they're building a private, not anonymous, instant messenger. They've been very open about this.

load more comments (10 replies)

[–] [email protected] 0 points 3 days ago (9 children)

My conspiracy theory brain goes:

Its funded by the government.

Yes, the messages themselves are encrypted, but they don't need that, they have access to all the useful metadata.

They can find everyone near the site of a protest (via cell tower data), then find their signal accounts, then see who they are contacting, potentially revealing who the the other protestors and protest organizers are.

And if you need access to the messages, they don't need to crack the encryption, they could just send pegasus to your phone (and they already have you phone number to do so), and they'll have access to every message.

Then they just find those other protestors, also send pegasus to their phones.

I mean, the Signal code is technically legit, they just used a side channel (zero day exploits) to gain access.

But this is just a theory, I don't have any evidence supporting this hypothesis.

[–] [email protected] 2 points 3 days ago (3 children)

They don't need Signal to do any of this though, so this doesn't seem like a very plausible theory.

load more comments (3 replies)

[–] [email protected] -1 points 3 days ago* (last edited 3 days ago)

This is what the UK police do with WhatsApp data. Even though they can't read the messages, they do use the connections of messages to suspicious characters as evidence including date and times, which also puts these other people in the spotlight, opening further investigations.

The UK police can also use 'stinger' devices that are "fake" mobile data towers to intercept mobile communications.

[–] [email protected] -2 points 3 days ago

Your theory sounds legit

load more comments (6 replies)

[–] [email protected] 15 points 3 days ago* (last edited 3 days ago) (1 children)

Signal is not perfect but we control its app, libre software. See SimpleX Chat.

Escaping WhatsApp and Discord, anti-libre software, is more important.

[–] [email protected] 5 points 3 days ago (4 children)

Why we need to defeat those first? We can go straight to SimpleX?

[–] [email protected] 8 points 3 days ago (1 children)

What SimpleX, Signal, or any app like this need first and foremost is traction, as new users generate more new users. One of Signal's goals is usability (usually achieved by being simple, as in no complexity for the end user). In my opinion SimpleX lacks that. This is the same reason Signal needs a phone number: populating your contact list with users already on the platform

[–] [email protected] 3 points 3 days ago (1 children)

You can go to Simplex (for sure a lot of people here already done it) but if only privacy nerds get to this place this is not a great solution. We (I'm talking about us using Lemmy and chatting on SimpleX) must convince people, starting by friends and family to stop using these fucking socials then at this point SimpleX will be considered as a viable alternative

load more comments (1 replies)

[–] [email protected] 49 points 4 days ago

Everything is a balancing act. Privacy, anonymity, and security aren't the same things. They're sometimes, and in some aspects always, difficult to achieve without compromising one of the other two.

When you add in the goal of quick, easy setup to make the service useful in the first place. Doesn't matter how good the service is at the trinity if nobody is willing to use it. Signal just errs on security first, privacy second, anonymity third.

[–] [email protected] 5 points 4 days ago* (last edited 3 days ago) (1 children)

They implemented an alt method IIRC but you must go out of your way to search and find it. I just recall seeing a bunch of post headlines about using email or something like that a year or so back.

They send an initial SMS message that is a main expense and funded by some rich person and donations. I think that has some significance to encryption or something but I'm not sure of the details. I could be wrong on that one, it has been years since I read the details.

load more comments (1 replies)

[–] [email protected] 13 points 4 days ago (3 children)

If you want to be mainstream a) you can't have spammers, scammers, and all the other scum of the earth and b) finding your contacts in the app HAVE TO be plug and play. Literally no normie will bother adding with usernames or whatever.

load more comments (3 replies)

[–] [email protected] 30 points 4 days ago (3 children)

One of the design goals is that they don't have a user database, so governments etc can't knock down their door demanding anything. By using phone numbers your "contacts" are not on their servers but local on your phone.

[–] [email protected] 14 points 4 days ago (2 children)

But your phone number is, and thus every agency can get your full name and address and location.

[–] [email protected] 9 points 3 days ago (2 children)

Yes but only yours. That's still better and only having to knock on one door to get everything.

load more comments (2 replies)

load more comments (1 replies)

[–] [email protected] 4 points 4 days ago (1 children)

https://signal.org/blog/phone-number-privacy-usernames/

[–] [email protected] 4 points 4 days ago* (last edited 3 days ago)

you will still need a phone number to sign up for Signal

[–] [email protected] 2 points 4 days ago (3 children)

I believe you can delete your phone number once you're up and running, but yeah that seems like an anti-feature.

[–] [email protected] 4 points 3 days ago* (last edited 3 days ago)

When anyone get a copy of your data, nothing will bring it back.

[–] [email protected] 4 points 4 days ago (1 children)

I see an option to change it, not delete. It's still attached to a SIM card which requires identity verification in many states.

[–] [email protected] 3 points 3 days ago

You're right. That is odd.

[–] [email protected] 17 points 4 days ago (3 children)

It's focused on ensuring there is no middleman between you and the other party, but it does not have a goal to provide anonymous messaging. Sadly.

[–] [email protected] 10 points 4 days ago

Signal IS the middleman.

[–] [email protected] 15 points 4 days ago (2 children)

no middleman

Signal is not P2P

[–] [email protected] 7 points 4 days ago (6 children)

No but it's e2ee.

load more comments (6 replies)

load more comments (1 replies)

[–] [email protected] 93 points 4 days ago (2 children)

Spam prevention

[–] [email protected] 46 points 3 days ago

And discovery.

load more comments