> which is linked to identity and precise location
I live in a country with strict KYC on phone numbers - my signal account uses a phone number from a different country in the world, not associated with any person in a country I have never been to and activated in a very odd location once only before being destroyed.
If you actually care about security / privacy to the extent of hiding from state actors then it is trivial to do. If you are cosplaying as a privacy enthusiast, then different matter and we can all bang on about open-source, audits, 14 eyes, tor, monero.
I hope you bought your phone with cash in that case, since even without providing phone number it's easily indentifiable in network back to you even without SIM card through IMEI when registering to network.
In my opinion "secure messenger" should protect from any actor. If we start making exceptions then it cannot be called secure anymore.
Signal requires extra information that is not necessary for exchanging messages. That is at least suspicious. If you are fine with giving away your number you can just use WhatsApp or Telegram.
“If you are fine with giving away your number you can just use WhatsApp or Telegram.”
Those projects do not have the same high standards as Signal has. Especially not Telegram. I use Whatsapp for convenience/social reasons, but I definitely prefer Signal for the additional security. Telegram I don’t use at all.
I don’t believe it’s reasonable to throw out the baby with bath water, just because Signal requires a phone number for registration.
Protection from “any actor” would of course be nice – but do you really believe that threat model is reasonable?
Would using Session, Matrix or OMEMO protect against any actor whatsoever?
If we want to base our discussion in reality, I do believe we need to talk about threat models in more detail than “I want protection from any threat actor”.
Let’s take an example:
If I send a message to a friend I don’t want any script kiddies, ISP, cloud provider or advertising agency to be able to read it. I don’t want any passive eavesdropper to be able to read it e.g. by slurping up all traffic from my nearest IXP (i.e. dragnet surveillance). However, if Five Eyes/Mossad/MUST/FSB really wanted some intel on me, they would probably be able to retrieve it if they were willing to spend some resources. But probably not by decrypting my Signal messages. There would be other, far cheaper ways to retreive the info.
Your phone number and messages can easily be leaked if there is a vulnerability in your smartphone OS or Signal app. However if you use a messenger not requiring a phone number, then attacker gets only the messages.
Also as I understand you have to give your number to your contacts to be able to chat with them. For comparison, Telegram allows adding contacts without sharing a phone number. So in Signal all contacts know your real identity and your location.
I’m not convinced about the reasonability of this threat model where leaking messages is fine but leaking the telephone number means game over.
However, I do understand that sharing one’s phone number is problematic for some users.
With that said: Until Signal implements user names in their system, please note that the user is not required to sign up for Signal with their primary telephone number. One could use Google Voice or a prepaid SIM card for example.
as i said, the MOBILE NUMBER IS A PII and the government needs just that bit to extract you from your home and subject you to anything they deem necessary in order to silence you.
this is not a fairy tale i am larping about. "sealed sender" or whatever BS tech you throw at the wall doesnt make you secure. if your number can be found out, your goose is cooked.
Why should whatsapp/facebook/twitter help them? 1. they have business interests in india and they NEED to please the government if they want to survive in india so there are no court orders or anything needed. the police have carte blanche to demand any information and for them, name/number is good enough because the data is available with them.
an example from my own home. A family member was active on twitter last year and would get into "twitter debates" and that nonsense. they would use their own name because of the websites ask for "firstname/last name" and normally people don't care about that. anyway, during one such online fight, a random opponent apparently told them "you wont listen to me so i will have police explain it to you" or something to that end. 3 days later the police comes home "enquiring" about them. we had a hard time "explaining" the situation and some money exchanged hands after which we were off the hook. "never again they said, later"...
afterwards, i did a checkup of their account and they had 2FA activated on their number which i strongly suspect was passed on to the police. again, no "evidence" but my own anecdata.
>Feel free to explain your threat model.
i am "living" this threat model so the techniques used in iran for example used by dissidents or anti-government protestors or in china by anti-ccp protestors for example, i am going through that myself and PII in any form is dangerous.
sure, lets say i don't use my real name in twitter or use 2fa and twitter gives my "ip address" or something. they would have to corelate that information with a separate demand with ISP.... not low hanging fruit as much. mobile numbers, well they have dumps and mobile numbers dont change hands a lot.
OTOH, if i use my selfhosted matrix for example, the provider, some random DMCA ignore ones would laugh at them. even if they asked for payment, i pay from crypto so what will they get? and its not like the webmaster of my own server(read me) would not give any details to any demand from even PM of india so short of blocking my server IP,what can they do?
The only threat that comes from Signal using phone numbers is that if the police arrests someone you are communicating with, and police somehow unlocks their phone (https://xkcd.com/538/), then they can see what you and them wrote as well as your phone number and therefore know who you are. I agree that in some situations, for example anti-government activists, journalists communicating with whistleblowers or criminals, this is bad. For these situations, Signal is not the solution.
Signal uses centralized server with closed source (they hidden code for one year until they finally gave up when users nagged them, nobody knows what they did during that year), Signal requires your phone number, Signal doesn't allow third party apps officially and tried to push some shady crypto, I mean how many red flags you need to avoid such POS app?
The Signal client has always been open source: you can inspect precisely what the client is sending to the server (if you trust the source). If you're not sending undesirable information from the client to the server, no amount of closed source-ness of the server is going to get that from you.
Even if some adversary is doing some kind of correlation to glean metadata from your traffic, they are definitely doing the table stakes here to preserve privacy and not just send your information off willy-nilly.
yes, we can transparently see that it is a failure of a solution due to having our phone number and check this out: Signal's application isn't the only participant in Signal's application we don't want having that
Backdoors are funny that way, sometimes the client operates correctly but a weakness in implementation can be abused by the server. Not that i know or think this is happening but they do insist on that phone number at all costs which these days is more identifying than a finger print which allows targeted exploitation if the server facilitating connectivity was hostile for whatever reason.
As Signal is on a centralized Google Cloud instance, it can easily be shut down by the providers and that is that.
> nobody knows what they did during that year).
They (and Moxie) were too busy shoving their private cryptocurrency scam project in Signal to later get as many users using it as possible to then pump and dump the coins on exchanges.
The fact that it can be shut down easily has nothing to do with how secure it is. I too dislike the fact that it is centralized, and the cryptocurrency thing, but from this to say that Signal is "complete joke" - it's not just a long way, it's non-sense.