[2Gkashmiri]

yes. yes yes. yes. yes

100%. the same reason i avoid whatsapp and signal like the plague. "mobile number" is in itself a big identifier when you are living in a place where you have o do mandatory KYC so that the government knows which each mobile number is linked to the actual human being.

i dont care signal doesnt hold any messages. the government can ask for my number and they can use the xkcd spanner method to do the rest. the point is to AVOID PII in the first place, matrix does this wonderfully. no need for mobile number or email number or your real name.

living in an actual police state, i can attest to how important that is, americans/europeans can hardly imagine.

[Gasp0de]

So what exactly is your threat model here that signal doesn't counter? They need to know your phone number before asking signal about it.

[ghostpepper]

Not the OP but I would guess that there is a large group chat of people talking about something the government doesn't like. The government manages to get their hands on one phone from the group, and then they automatically have all the other phone numbers too.

[2Gkashmiri]

https://thenextweb.com/news/kashmirs-police-want-people-to-r...

exact same thing. you register your whatsapp group meaning you either get a mole as a member to keep track of the activities or you are made to (unverified) install pegasus style malware on your phone so that the admins can be tracked.

this is exactly https://kashmirlife.net/sleuths-silently-listen-to-clubhouse...

so its not like i am just making this shit up.

remember, clubhouse makes you sign up using the phone so there you go. Now, if the numbers werent there, it would still be possible but not as low effort

[simiones]

In much of the world, for the government at least, that is a given: you can't get a phone number without presenting legal ID, and the issuer of the phone number is required by law to maintain this association. This is true in much of Europe, for example.

[Gasp0de]

So what exactly do you think will happen? The government tells signal "We know that simiones phone number is +1 12345678, give us his registration date!"?

I don't get your threat model.

[njarboe]

As far as I know burner phones are still available in the US.

[tialaramex]

> i dont care signal doesnt hold any messages. the government can ask for my number

Whose number? How are the government going to "ask for your number" ? Signal doesn't hold any data that would let them answer that query if they wanted to.

[salawat]

You realize, with a phone number, all payment details for the SIM can be accessed?

And that from the SIM, you get IMEI, which can be cross ref'd with telecom logs to get geolocation?

Phone numbers are basically a glorified UUID. Also, in most jurisdictions it is required by law that telcos have tight integration with Law Enforcement, and even with the U.S., any type of investigation will start with a pull for the individual's phone number from whereever, cross ref that with SIM financial payment info, cross ref'd with bank accounts/credit card activity for purchase activity. Then cross-ref with Driver's license/civic/court records?

By DEFAULT. Third party doctrine. It ain't protected by the Fourth Amendment. In less zealous states, forget about principled restraint. The phone number is effectively your citizen Id.

When people like me start raising hell about the dangers of UUID primitives, this is what we're trying to protect you from.

No one can be trusted with the view created by the aggregation and cross-reference of this type of info. Every government/legislature/population will eventually "think of the children/criminals" their way to it anyway though, while law enforcement jumps up and down with glee at how complete a picture they can get through their fusion centers. Then it's just a matter of how long it takes for an autocrat to insert themselves into a place of power until the technological marvel that empowers law enforcement to "ensnare the bad guys", has "bad guys" surreptitiously crossed out and replaced with some signifier for a set of people that contains you.

If you don't think that happens, you ain't been paying enough attention. If you wonder why that hasn't been an issue before, it was because part of what puts a check on LE was the burden of physically referencing and cross-ref'ing data, which would put a fundamental cap on the ability for any abuse of power to materialize.

We're losing that check. Quickly.

[tialaramex]

> You realize, with a phone number, all payment details for the SIM can be accessed?

Sure. But which phone number?

[2Gkashmiri]

>Whose number? How are the government going to "ask for your number" ? Signal doesn't hold any data that would let them answer that query if they wanted to.

does signal keep your mobile number? just that? not asking about metadata or actual message data, just number associated to an account?

[tialaramex]

Yes. The government can indeed ask, "Hey, what phone number is 1-555-123-4567 ?" and Signal can tell them it is "1-555-123-4567".

Or, instead of spending $$$ on lawyers to make Signal tell you the answer to obvious questions, which US government agencies have done several times - I reckon I'd do it for $10 per time, minimum order 1000 stupid questions.

I can do other stupid questions, wondering which Telegram user is "@foobar" ? I can tell you it's "@foobar" and for just $10. Now, Telegram can tell you a lot more about this user of theirs, so you might want to get the court to make them do that, but Signal don't know anything about their users so maybe my $10 service is more "useful" for Signal? I guess it really depends what you think the word "useful" means.

[2Gkashmiri]

https://www.reuters.com/world/india/india-forced-twitter-put...

what are you on about. how could a company compel a government to "pay" them when they can just force them to have a mole on payroll?

[tialaramex]

You seem to have completely missed the point. Signal doesn't know anything useful for such purposes. A mole, a court order, it doesn't matter.

[ViViDboarder]

So I’m this threat model the government knows your phone number, suspects you’ve been communicating with others, and beats a confession out of you… Why is the phone number being used in a chat app significant?

They can still beat you with a wrench to divulge your information even if it’s on Matrix or even pen and paper.

[2Gkashmiri]

>They can still beat you with a wrench to divulge your information even if it’s on Matrix or even pen and paper.

this does not scale as easily. sure if you are an actual target, your goose is probably cooked anyway but what about the masses? i am just saying, what we call "mass surveilance" and wrench beating dont go hand in hand. mobile number helps them in mass surveilance which can give them more leads.

if that limb is removed, they can still do it but it is a bit harder so the hope is they will focus their time on only serious cases as opposed to everyone willy nilly because it is just so easy

[em-bee]

because in a civilized country you won't get beaten, but your phone number can be used to verify that you do have an account on a service which you can then be forced to reveal the contents off.

[egberts1]

I prefer privacy over anonymity, which is what Signal does best.

Only Signal leaves your message on their servers totally encrypted at-rest whose keys stays at your phone. No court order can ever hope to compel Signal what was said. The court will instead need one of the parties' phone for that, if it hasn't expire-deleted yet and doesn't have 9-alphanumeric characters or longer password length.

That cannot be said true of Telegram, WhatsApp, WeChat (that I've reversed engineered).

[phpisthebest]

>>americans/europeans can hardly imagine.

Americans and Europeans have the desire to learn this lesson the hard way. They lack the wisdom to learn from others and instead believe their governments are the noble governments that would never violate their rights for power.

[njarboe]

Traditionally Americans are quite suspicious of their government. The battles over 1st Amendment free speech and 2nd Amendment gun rights, among many, are a testament that the sentiment is still widely held.

[egberts1]

Notably Democrats and their zeal to oppress those who believe in their freedom of speech. (See Twitter saga and US government's lack of control over media of commoners, aka digital public square)

Only China does it better ... the oppression, of speech, that is, as evidence by a video of CCP police roaming subway trains, reading every subway commuters' cellphone for social media content. As if CPP's ability to monitor centralized servers isn't cutting it anymore.

https://mobile.twitter.com/caro4ontario/status/1597588741371...

[phpisthebest]

>>Traditionally Americans

Traditional Americans are few and far between these days. Decades of "liberal" education pushing a rose colored view of strong central governments have changed the American Culture this is why you see younger voters increasingly looking to government not community to solve their problems.

[symlinkk]

Well, only republicans.

[ViViDboarder]

Each party picks something it seems. Republicans can’t seem to be bothered with the 4th amendment and Democrats seem to support it. At least at local levels. At the federal level nobody seems to care.

[phpisthebest]

Both parties largely see the constitution as something they need to get around, and have largely (with full support of the courts) inverted the meaning of the constitution to be not a limit on government power, but a limit on individual rights

In your example where Democrats support the 4th amendment, what except if a random person says you are armed then the 4th goes out the window, except if you are deemed to be rich then the 4th goes out the window, except if you have the "Wrong" opinions then the 4th goes out the windows

Democrats like Republicans only support the 4th, and every other amendment to the point where it supports their narrative and desire for power, the second the constitution is deemed to stand in the way of their power well it is document that should be ignored "for the greater good"

[marcinzm]

Unless you're thinking of getting an abortion.

[prego_xo]

I know, right? I heard Americans are born without half of their brain.

[phpisthebest]

I know denial of biology is the rage these days, but Humans are born with very limited brain capacity and develop it over time as they age, maxing out about 25 years of age or so.

One of the reasons why Democrats want 16-year-olds to vote, because only people with limited brain development would support most of their policies ;)

[35amxn35]

Europeans especially. In my experience, they are extremely ignorant in this regard to the point of child-like naivety, but let them learn the hard way. It's truly the best way to learn after all.

[vorejdajo]

Problem with matrix is ip address. Even with VPN, fingerprinting your messages is a issue. You can't delete your messages, whose copies maybe stored in multiple servers.

[imiric]

Sure, but couldn't you just use a disposable number? (Assuming you live in a place where you can buy SIM cards without showing a personal ID, which is most countries.)

That's a minor inconvenience compared to not being able to communicate with most people who use these mainstream networks.

I'm more worried about the lack of encryption and trustworthiness aspect of them than giving away a phone number.

[ls15]

Most countries require SIM card registration nowadays.

https://www.phonetravelwiz.com/phone-travel-options/sim-card...

> Of the 245 countries/territories with territory-bound mobile operators, 185 countries have SIM card registration laws. 13 will collect biometrics (fingerprints, but some will take a face scan too). 51 countries have no registration requirements.

Which by itself is questionable.

[happymellon]

A lot of people talk down on the UK invading privacy, but interestingly we don't require it!

[imiric]

Hmm I didn't think it would be that many. I'm sure there might be workarounds, like ordering online or buying from vending machines at airports, etc., but yeah, it's certainly not as convenient as before.

[chopin]

The problem isn't buying the SIM card, the problem is activating it.

[logifail]

> Assuming you live in a place where you can buy SIM cards without showing a personal ID, which is most countries

I had understood that the majority of countries now required SIM card registration. Plenty of EU member states do (at least Belgium, Austria, Italy, Germany...), so it's not just the usual suspects(!)

[StreamBright]

The are no disposable numbers in many countries anymore. On the top of that you are just generating even more signal than using a single number.

People have to understand that meta-data about you is almost as important as data.

For example just the fact that your phone has signal or telegram installed is meta-data that helps to identify you. They do not need to know your name.

And for bonus:

https://www.justsecurity.org/10311/michael-hayden-kill-peopl...

[2Gkashmiri]

you can't get disposable (anonymous) mobile numbers in india. >I'm more worried about the lack of encryption and trustworthiness aspect of them than giving away a phone number.

you can use your own encryption on top of a cleartext model if that is a problem

[XorNot]

This is silly. You adopt practice based on your threat model. Threat models presuming the government can just torture information out of you also mean that any system will give you away - you're either completely anonymous or not, but if you use a messenger of any kind from your home internet IP address, then they'll come pick you up.

Telecom companies have full records of who had what IP, for what duration and when as does your ISP. If a phone number will get you pinched (based on no decryptable data) then so will anything else.

[StreamBright]

Exactly. You need to manage to be indistinguishable from p50 users if you are serious about anonymity. This is much more difficult than using strong encryption and matrix instead of signal.

[XorNot]

Very much this. Which creates all sorts of weird problems, like very act of using an unusual messaging or encryption scheme is likely to finger you.

Signal is partly an attempt to normalise a service with strong encryption to provide a crowd it's easier to hide in.

[2Gkashmiri]

>Signal is partly an attempt to normalise a service with strong encryption to provide a crowd it's easier to hide in.

i am saying remove the mobile requirement and signal is perfect. not until then.

[2Gkashmiri]

people regularly use VPNs and today,in 2022, that is no longer a fringe action. NORMAL people now use VPNs to bypass geo restrictions.

signal to noise ratio of people using VPNs removes the linking user device to an account to a good extent.

now, in the existing model, whatever method you use, your number is STILL a PII, in whatsapp or signal or whatever.

>then so will anything else.

100% agree but you whatever counter measures you take, your number is still available in whatsapp/signal so there is NO way to prevent that. IF these two did not have the number, then that would indeed be better but not until then

[ViViDboarder]

I’m not sure what the threat is that the phone number opens you up to.

That a government will scan all domestic phone numbers against a Signal API to identify a list of users who, at one time, installed Signal and use that list to target you? They can do the same with IP addresses of people using VPNs as well. Something is tied to you regardless.

You’re right that the Signal would allow this by phone number or IP, so it’s an additional angle at the same threat.