Hacker News new | ask | show | jobs
by HNisCIS 39 days ago
Will this finally get Signal to stop demanding phone numbers to register accounts?

Lots of services you'd rather have an anonymous account with (Google, Meta, Discord) are partially/fully mandating phone numbers as a spam mitigation strategy. Also this paves the way to internet connections/mobile internet requiring ID
1 comments
Cider9986 39 days ago
Signal's requirement for phone numbers has allowed it to surge in popularity by allowing it to take advantage of people's already established contacts. They do this in a privacy respecting way[1].

Simultaneously, Signal is trying to raise the cost of accounts by requiring phone numbers. Although spammers can get mass amounts of phone numbers, it will at least raise the cost. Email 0 cents, phone # 10 cents–there will be less spammers with phone #s.

I don't think we'd have to worry about the spam if people only used usernames instead of phone numbers, because it would be massively harder for spammers to find your account and message you. But, with usernames, you don't get the contact discovery that allows for growth.

[1] https://signal.org:8443/blog/private-contact-discovery/

link
HNisCIS 39 days ago
That's all nice but it's also the defacto option for non technical people who need state actor resistant security and if they can just be subpoenaed to get the verified ID of the account holder that defeats the entire use case
link
Cider9986 39 days ago
Signal is not an anonymity tool–it is a privacy tool. It is not anonymous in any way. If you need anonymity you should use SimpleX over Tor.
link
HNisCIS 38 days ago
Simplex is run by borderline grifters and Tor isn't a messenger.

I don't understand why this is so controversial. If you follow the news on the slightest the game right now is feds raiding journalists, taking their devices and then trying to unmask their sources. It doesn't matter what XYZ is "for", when the stakes are this high we need to be protecting people full stop.

link
Cider9986 37 days ago
You are using an Ad hominem ("Simplex is run by borderline grifters"), Straw man ("Tor isn't a messenger"), appeal to consequences ("It doesn't matter what XYZ is "for", when the stakes are this high we need to be protecting people full stop."), and an implicit no true Scotsman ("defeats the entire use case").

>Simplex is run by borderline grifters

The developers' character is irrelevant—the code is open source (agpl) and trustless. The whole point of e2ee is that it doesn't matter what the server is running.

>Tor isn't a messenger

I never claimed it is—Tor is an anonymity network that helps make SimpleX the most anonymous messenger. You run Orbot on your phone routing your SimpleX traffic through it. SimpleX has no identifiers, and Tor protects the network level so you have no traffic that can be correlated.

>I don't understand why this is so controversial. If you follow the news on the slightest the game right now is feds raiding journalists, taking their devices and then trying to unmask their sources. It doesn't matter what XYZ is "for", when the stakes are this high we need to be protecting people full stop.

You aren't addressing my point. You can't make a great service with a threat model that encompasses every threat. Signal is a great option for everyday messaging—its architecture was never designed to be anonymous, it is centralized and mainstream. High stakes don't change what a tool was built to do; recommending it to journalists as though it provides anonymity is the wrong thing to do. Signal sacrifices anonymity in order to gain popularity.

I will say Signal is fine for 99% of journalists and their sources. The only metadata that Signal provides to law enforcement is account creation date[1].

[1] https://signal.org/bigbrother/district-of-columbia/

link