I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
Ignore the comment saying signal is “end to end encrypted” “private” etc They are simply stuck in a delusional state where they try to convince themselves that signal is the best option so they can continue using it. Nothing is private if it isn’t fully libre because you never know what the proprietary code is doing. The signal protocol itself has its source code released, and the encryption and security code is publicly available, but the signal Foundation has stated that it uses both free code and proprietary code. Their reason is UI, but it’s hard to make sure whatever proprietary code is being used for because you simply can’t see it. As GNU puts it: “You’re walking in a pitch black cave”. Jami is fully libre and is a GNU project. You don’t even need any phone number!
Jami, as much as I prefer it on various philosophical grounds, simply doesn’t work very well at the moment. :(
And we should report problems and fix them ourselves to make it better
Based
Yeah I’m on their Discourse forum, but the situation isn’t that great, and it’s unclear to me if the problems are fixable. Particularly when there are incompatibilities between version X and version Y, where both versions are already in the wild. You can’t travel backwards in time to fix those versions, and this (like email clients or telephones) is an application area where you can’t tell people to update their clients all the time. You have to keep things interoperable.
It’s also often inconvenient to reproduce bugs like that in order to diagnose them. If you try to talk to someone over Jami and it doesn’t work, you generally can’t borrow their phone to analyze the issue. If you’re one of the core developers, maybe you have access to a room full of different kinds of phones and OS versions to test with, but a typical user/contributor won’t have anything like that.
Yeah, this is just the reality of unpaid free software developers, they don’t have the recourses to work on every single bug as quick as a paid developer, but that doesn’t justify not reporting bugs and working with the developers to fix them. Like you said, Jami is grest ethically so why not make it great function? Also, don’t you have a computer and a phone? Test on those. I don’t own a phone, so I can’t test the phone, but I do gladly test on my laptop.
Those are nice generalities but I think they ignore reality. Jami seems like sort of a side project to its developers. Bug reports often are answered with a suggestion to make sure everyone is running the latest version of Jami, which is often useless advice. Like if you try to call your friend with your new phone and the call doesn’t complete, it’s unhelpful for your phone manufacturer to say your friend should get a new phone. You might be interested in helping fix the problem but your friend just wanted to have a phone conversation and doesn’t want to get dragged into a debugging project. It’s even worse if the other person is not your friend but rather is someone you just met and exchanged numbers with. If you try to follow up with a phone call and there is a problem, GAME OVER. You permanently lose contact with that person. You can’t possibly suggest Jami as a Skype replacement after that happens to you once or twice.
Another thing with comms programs in general is you really can’t debug them with just one computer. Their whole function is to let two computers talk to each other, so you need two computers where you control both ends and ideally control the network as well, so you can insert delays, network faults, etc. If the Android version has trouble talking to the Iphone version, you need both kinds of phones. I’m not sure if Jami’s devs really understand that. I’ve worked on telecom stuff in the past and it’s just the reality of that field.
Yet another (I’m not sure of this) is that Jami is a peer to peer program so I suspect some of the problems revolve around firewall traversal gotchas of various types. I don’t know if there is a cure for this while keeping the basic architectecture intact. I do like it in principle and I know that people get BitTorrent working reliably without too much trouble, so maybe Jami is just missing some trick.
Finally, Jami is pretty old and back in those days, people hadn’t really thought about the subtleties of encrypted group chats. Signal does a better job, and these days there is a standard (RFC 9420) for how to do it (I don’t know if Signal follows this standard). It would be good if Jami were revamped for that, but 1) that would break interoperability again, and 2) I don’t know if it’s workable at all with Jami’s architecture (serverless, using a distributed hash table for peer discovery).
For now I’ve sort of given up on Jami and am trying to figure out what to use instead. It’s unfortunate that the main devs don’t seem to have that much interest in making Jami reliable. Randos like me capable of making small contributions can’t really help much with more involvement from the experts.
You make amazing points, and I completely agree with you. I will continue to use Jami since it’s good enough for me to talk with my friends. I mean now the only replacement which is not a replacement just another thing I use to chat is GNU Emacs. I hope the development speed and motivation increases and please do inform me if you found an alternative
You should have visited Signal’s github page first, I dunno. Before talking. Made up a lot of stuff.
They do have proprietary code for that crypto wallet they have there, well hidden, and for, eh, phone number registration, but other than that module it’s all released, I think.
The server and the client applications are FOSS. You can host it for yourself, patching out the domain names and registration parts the way you like it more.
They also have Google Play Libraries included for Push Notifications and Maps.
I didn’t actually know the server code was published. It’d be cool if the client allowed multiple servers so you could talk to people on the “normal” master while also thing a private instance
I think choosing a server, like in some ICQ clients, is not a complex modification.
They had it implemented but discarded it out of stupid centralization ideology. Moxie said it on a Chaos communication Congress presentation he held but which he didn’t wanted to be recorded, as the stuff he said was stupid and wrong.
Well, some of the stuff they wrote, not said, wasn’t stupid and wrong.
This is why escaping WhatsApp and Discord, anti-libre software, is most important part.
That’s not the full picture. That’s exactly the problem I was highlighting. The issue isn’t whether some of the code is “FOSS”, it’s about whether all of it is. If even small parts remain proprietary (as you mentioned), then we can’t verify what those parts are doing. And those parts could theoretically significantly affect the data collection. Also, I didn’t make up a lot of stuff. The Signal Foundation themselves have confirmed that certain UI and build components are not fully libre. As the GNU project puts it, if part of your system is closed, then you’re trusting a black box, no matter how well-lit the rest of it is.
Signal protocol guarantees that what’s on the server we can discard in your suspicions, it doesn’t matter, because you are not trusting it.
The client is fully open.
You are trusting the server, or do you verify the fingerprint of EVERY contact of yours? The normal people don’t, as Signals UI purpusfully doesn’t encourages it.
Normal people don’t anyway.
If it’s not fully free, I don’t trust it. I don’t understand how someone in a privacy community doesn’t understand how much a few lines of code can track someone so easily no matter how much of the program is free software.
Server code openness doesn’t matter other than functioning at all. For a system acceptable in a privacy community.
Molly.im is a Signal Client fork with Security enhancements and the possibility to install a version with only free software.
Great, but it relies on signal’s servers, so it’s centralised. Also, Moly merely removes proprietary parts from Signal, but that’s a workaround (same thing for linux-libre kernel, it’s free software, but just a workaround which is why I’m looking to help with HyprbolaBSD). I’m not coming here to say Molly isn’t an improvement, but being centralised and relying on a non-tully-free program’s servers is a huge red flag for me :)
It doesn’t matter whether a server claims to run free software or not. You can’t verify what it’s running. That’s why E2EE is designed entirely around the client. You can’t trust the server no matter what.
Did anyone say that was the problem? It will not matter how encrypted your messages are when the centralised service gets easily banned.
Yeah the comment I responded to did
Directly above, doesn’t look like it.
k
You can easily verify the keys of the person you’re speaking with, and they’re generated locally… so technically speaking, even if their servers are leaking, your messages are still unreadable, but yea that’s not ideal
Not when it’s backdoored. So, tell the guy above there’s a fully libre copy.
? Even if the servers are backdoored, your messages are still encrypted by your key - as long as the server didn’t manipulate the keys at the first exchange, which you can check by verifying the security code
If it matches, then it’s okay. Such features exist in all encrypted messenger apps
The app, not the server.
I think they have reproducible builds on Android. iOS doesn’t allow that though.
There’s also a fork named Molly on Android. It’s nice.
deleted by creator
Your theory sounds legit
What are you doing to help others escape WhatsApp, anti-libre software?
deleted by creator
Obviously Signal is the lesser evil, but don’t use Signal if you are planning a revolt is what I’m saying.
or if you’re the US’ secretary of defense and you’re going to bomb Houthis
🤷
deleted by creator
Put that at the start. This is c/privacy, not c/revolt.
Seems like a lot of unnecessary steps there
This is what the UK police do with WhatsApp data. Even though they can’t read the messages, they do use the connections of messages to suspicious characters as evidence including date and times, which also puts these other people in the spotlight, opening further investigations.
The UK police can also use ‘stinger’ devices that are “fake” mobile data towers to intercept mobile communications.
They don’t need Signal to do any of this though, so this doesn’t seem like a very plausible theory.
deleted by creator
Why can’t they send Pegasus to everyone?
If they can create a fund and invent Signal, they can just make Pegasus part of AOSP and have every manufacturer be forced to install it silently
deleted by creator
Because their founder (Marlinspike) is probably under a National Security Letter, maybe it’s just that, maybe he’s done some crimes they’re also holding over him. If you look at his behavior it’s that of someone very paranoid that they’re going to be found out to be cooperating with the feds and get hit with charges for not upholding the bargain, someone straddling one or two big lies that have to be maintained to keep their life going. Very controlling of things they should be open about if they care about privacy as they claim. But exactly the behavior of someone under an NSL who’s terrified of getting hit with charges for that and maybe other things but who is expected to front and run a purported privacy first messenger. The secrecy, the refusal to allow others to operate their own servers, the antagonism towards federation, the long periods without publishing source code updates.
This doesn’t necessarily mean that signal message content is compromised, the NSA primarily scrapes metadata and would most care about knowing who is talking to who and to put real names to those people and building graphs of networks of people. Other things like what times they talk can be inferred from upstream taps on signals servers without their knowledge or cooperation via traffic observation and correlation especially when paired with the fourteen eyes global intercept network. With a phone number it’s also a lot easier to pinpoint an exact device to hack using a cooperating (or hacked) telecom. Phone numbers can also be correlated to triangulated positions of devices, see who in a leftist protest network was A) heavily sending messages and B) attended that protest and left last and begin to infer things about structure and particular relationships.
And those saying it has to do with spam prevention, that’s kind of nonsense. First I still get the occasional spam, second a phone number that can receive a confirmation text is something all these criminal organizations have access to which the average person doesn’t. Third it’s possible to prevent spam just by looking for people (especially new accounts under 120 days old) sending very small amounts of messages (1-3) to a very large amount of other users especially in a short amount of time. Third there’s no reason to keep the phone number tied to the account, a confirmation text could be required with a promise to delete the phone number immediately after (would still be technically useful to the NSA though less useful for keeping track of people changing numbers or using a burner for this who might be higher value targets).
That is a pretty weird post that doesn’t make much sense, but I remember meeting Moxie and asking him about Android security and being surprised at how defensive he was about it. Is Signal the app he was working on? That helps somewhat. I get them confused with each other.
The Signal app doesn’t appear to be on F-droid, which is a bit discomforting.
Secret sender invalidates your metadata argument
Removed by mod
I have exactly once as did a couple of my friends from the same stranger.
I got one one time, been using it for years. Fuckin’ weird to try on people who are privacy and security conscious. My guess is that they were attempting to see what numbers are using signal in the first place if someone responds with a “fuck off” then the spammer knows they use signal.
you will still need a phone number to sign up for Signal
Spam prevention
And discovery.
It’s not an argument. Think about regular mobile numbers, are they preventing spams? No.
deleted by creator
Are you seeing spam on signal? Do you even know why spam is possible on phone networks and what the difference is between phone networks and the internet?
I don’t know what is spam for you, but when you get three message requests from three girls respectively named Tania, Clara and Ella that are contacting you about you carrier or your management skills, I call it spam.
The way that Signal integrates phone number is odd because it opens up the spam door. O understand why Signal use phone numbers this way (to make “normies” adopt Signal more easily like WhatsApp would do) but it not the best to kind of contaminate the network with the traditional cell network
Because Signal has a low user base. Why Spam on Signal, if you can reach everyone with an SMS?
The point, I believe, wasn’t about spam but likely got derailed. It was probably about the phone number requirement being unnecessary. I’ll just add that even if it is, it’s a measure geared towards common users that often need to recover access to their accounts through means they’re already familiar with, as is a verification SMS. It’s not the safest nor the most private, but it’s easier to deal with for most people. Whoever wants something that doesn’t depend on a SIM or eSIM should try Briar and SimpleX. None of these will be a perfect solution for every single person though.
deleted by creator
Scams, girls wanting to chat with you, incredible money opportunities…
deleted by creator
deleted by creator
I believe you can delete your phone number once you’re up and running, but yeah that seems like an anti-feature.
I’m sure that just sets the database column
hide_phonenumberto TRUE.When anyone get a copy of your data, nothing will bring it back.
I see an option to change it, not delete. It’s still attached to a SIM card which requires identity verification in many states.
You’re right. That is odd.
If you want to be mainstream a) you can’t have spammers, scammers, and all the other scum of the earth and b) finding your contacts in the app HAVE TO be plug and play. Literally no normie will bother adding with usernames or whatever.
finding your contacts
Wrong, it is not optional, does not stop spam and the worst way to try.
Do not let this derail us. Escaping to libre software is the best return on investment.
Do not let this derail us.
Nothing is derailing you personally. Why are you repeating this to others?
To avoid any misunderstanding discouraging others from using Signal over apps like WhatsApp, while commenting on areas where it could improve. Privacy has never been single player.
One of the design goals is that they don’t have a user database, so governments etc can’t knock down their door demanding anything. By using phone numbers your “contacts” are not on their servers but local on your phone.
That’s WRONG they have a Database of every Phone number registered to them and metadata like the last time they logged in. You send all your contacts numbers to signal so they can respond who is also using Signal.
But your phone number is, and thus every agency can get your full name and address and location.
and then every phone number on your phone by arresting you and searching your phone.
This sounds like it’s a problem no matter what method of communication you use, unless you keep no address book and memorize everything.
deleted by creator
Yes but only yours. That’s still better and only having to knock on one door to get everything.
If I’m the target, then this is enough.
You are not the only person using Signal.
During registration they want a phone number to send a verification code. I know I am me. They don’t need to verify that.
They do. Otherwise anyone can register with your phone number and start messaging as if they were you.
If you want more privacy you’d need something like Simplex.
Signal’s internal identifiers are, of course, not phone numbers. And you can download their server and host it without requiring phone numbers for registration. Just they simply can’t afford it, they need to prevent bots from registering and sending messages somehow. A group message is stored in Signal as many times as there are group members, for example.
They need to verify using a phone number because otherwise other people could sign up using your phone number and pretend to be you? What?
They can only sign up using your phone number if they do require a phone number. If they didn’t ask for a phone number then how would people sign up using your phone number?
deleted by creator
… but why require numbers in the first place.
It’s focused on ensuring there is no middleman between you and the other party, but it does not have a goal to provide anonymous messaging. Sadly.
Signal IS the middleman.
no middleman
Signal is not P2P
No but it’s e2ee.
deleted by creator
End-to-end encryption have been designed so that a “middleman” such as Signal can’t read your conversation. Signal goes even further by encrypting metadata protecting other information such as who you’re talking too and at what time (some technical and targeted attack could however determined these).
In asymetrical cryptography we tend to assume that what we call middleman is a third-party placed between the two peers during the public key exchanges (such as handshake). Signal is indeed a middleman on the infrastructure level but the software has been designed to protect you from middlemen having access to the raw, unencrypted data.
That say if you don’t verify your peer’s public key it’s not impossible that someone has done a man-in-the-middle attack and that you’re sending message to him and he’s rerouting them to your peer, etc… However this is unrealistic for the average person.
So even if it’s not a p2p infrastructure but some centralized servers we can assume that there is no middleman thanks to e2ee.
You can’t just write three paragraphs (that contain half-truth, half-misinformation) about how Signal is the middleman and then conclude “you can assume there’s no middleman”. You can’t assume that. Signal is the middleman. There’s no arguments to be made against this. Signal doesn’t claim they aren’t the middleman either.
Do you know that using most P2P messenger you still rely on multiple ISP and big tech owned communication wire in order for your message to get delivered, even if there is no central server ?
What’s your point?
I am referring at man-in-the-middle attacks
Of course. Sorry, but I meant no middleman as in minifying the role of the server in your messahing. Signal’s goal is to ensure the server cannot have access to your messages and its only role is to receive and send data.
THATS WRONG! Signal Server can just do a man in the middle as you try connecting to your contact for the first time. You need to verify the fingerprint manually which is not very obvious and present in the UI. In SimpleX.chat you automatically verify the fingerprint, as its the way to establish the chat to your contact and is included in the way you distribute the contact to you.
Privacy: they know who you are but they don’t know what are you doing/when are you doing. Anonymity: they don’t know who you are.
Haven’t seen anyone link this here so I’ll link it myself
https://dessalines.github.io/essays/why_not_signal.html
Some things are outdated, like how you had to give others your phone number (although it’s still necessary for signup) but most of these still hold up
It’s private but it’s not anonymous. they know who is talking to who, but not what they are talking about.
That’s not exactly true. See Sealed sender: https://signal.org/blog/sealed-sender/
Privacy is not necessarily anonymity. Signal uses a phone number to prevent spam and DDOS attacks on their network. Session doesn’t do this and got wrecked by DDOS attacks to the point where most of the major groups are pretty much dead.
Use Signal to talk to people you know. That’s what it’s for. You don’t use it for anonymous chats.
Session is an alternative that does not require, or request, your phone number (or any other identifying information). Honestly, I have no idea why Signal got popular and Sessions did not. As soon as Signal asked for my phone number that set off alarm bells for me and I’ve never really trusted it since.
deleted by creator
This is incredibly important. Signal is considered the “gold standard” of encrypted and private communication for a reason.
Thanks for this link but your username also makes this pretty sus. 😜
deleted by creator
Ya. It was a joke.
Isn’t Session the one with insane username strings?
Session is the one with broken security.
I don’t know that their security is “broken”. It may be, I don’t know. But also without anything that connects you to any particular message, it seems that – in itself – is a pretty good form of security.
I just don’t get why people accept Signal’s justification for requiring a phone number. They absolutely don’t need to (session proves that). It is certainly possible for them to say, “If you register without a phone number and access to your phone book then you will lose automatic discoverability by other users of Signal — meaning that you need to find another (physical) way to exchange your Signal username with your contacts”. They CAN do this. I think many users, like myself, would be fine with this tradeoff for greater anonymity. For some reason, they have steadfastly refused. The reasoning behind this refusal is what bothers me.
Yes. That was how they avoided using identifying information from their users.
So the reason Session never took off is probably because exchanging contact information is a big hassle, effectively barring users looking for convenience?
No, it had and has other problems
I assume ease of use and spam prevention.
I think Signal tries to be at least somewhat attractive to the average person who wants more privacy than just using WhatsApp or whatever. Making it easy to message existing contacts helps a lot with adoption.
