Hacker News new | ask | show | jobs
by 2Gkashmiri 1297 days ago
as i said, the MOBILE NUMBER IS A PII and the government needs just that bit to extract you from your home and subject you to anything they deem necessary in order to silence you. this is not a fairy tale i am larping about. "sealed sender" or whatever BS tech you throw at the wall doesnt make you secure. if your number can be found out, your goose is cooked.
1 comments
cpach 1297 days ago
Feel free to explain your threat model.

We are quite many where the threat model does not depend on hiding our phone number from the government.

link
2Gkashmiri 1297 days ago
yeah.... let me present some material

https://gulfnews.com/world/asia/india/kashmir-lockdown-arres...

https://thenextweb.com/news/kashmirs-police-want-people-to-r... >Kashmir’s police want people to ‘register’ their WhatsApp groups

https://www.dailyexcelsior.com/police-crackdown-keypad-jehad... >Police crackdown on ‘keypad jehadis’

https://kashmirobserver.net/2022/01/11/jk-police-launches-cr... >J&K Police Launches Crackdown On People ‘Misusing’ Social Media

"misuing" means writing material that is critical to the ruling party.

https://www.greaterkashmir.com/chenab-valley/authorities-in-... here, the police simply take your name/number and pick you up from the street. open and shut case in an hour.

Why should whatsapp/facebook/twitter help them? 1. they have business interests in india and they NEED to please the government if they want to survive in india so there are no court orders or anything needed. the police have carte blanche to demand any information and for them, name/number is good enough because the data is available with them.

an example from my own home. A family member was active on twitter last year and would get into "twitter debates" and that nonsense. they would use their own name because of the websites ask for "firstname/last name" and normally people don't care about that. anyway, during one such online fight, a random opponent apparently told them "you wont listen to me so i will have police explain it to you" or something to that end. 3 days later the police comes home "enquiring" about them. we had a hard time "explaining" the situation and some money exchanged hands after which we were off the hook. "never again they said, later"...

afterwards, i did a checkup of their account and they had 2FA activated on their number which i strongly suspect was passed on to the police. again, no "evidence" but my own anecdata.

>Feel free to explain your threat model.

i am "living" this threat model so the techniques used in iran for example used by dissidents or anti-government protestors or in china by anti-ccp protestors for example, i am going through that myself and PII in any form is dangerous.

sure, lets say i don't use my real name in twitter or use 2fa and twitter gives my "ip address" or something. they would have to corelate that information with a separate demand with ISP.... not low hanging fruit as much. mobile numbers, well they have dumps and mobile numbers dont change hands a lot.

OTOH, if i use my selfhosted matrix for example, the provider, some random DMCA ignore ones would laugh at them. even if they asked for payment, i pay from crypto so what will they get? and its not like the webmaster of my own server(read me) would not give any details to any demand from even PM of india so short of blocking my server IP,what can they do?

link
Gasp0de 1297 days ago
The only threat that comes from Signal using phone numbers is that if the police arrests someone you are communicating with, and police somehow unlocks their phone (https://xkcd.com/538/), then they can see what you and them wrote as well as your phone number and therefore know who you are. I agree that in some situations, for example anti-government activists, journalists communicating with whistleblowers or criminals, this is bad. For these situations, Signal is not the solution.
link