| ▲ | aaravchen 13 hours ago |
| Ironically, Signal actually ranks a -1 for privacy in this use.
Presumably you're already using Signal and getting mainstream contacts to start using it too. You probably have a basic profile that at least includes your real name, and might also have your picture. Maybe you're even one of the 7 people in the world that use the Stories feature in it. Well good news, now all of that is also unconditionally available to anyone in any group you ever join, including any future changes you ever make to that info, unrevocably forever into the future. Signal has a fun dark pattern where it unrevocably grants permissions for anyone you allow to contact you to see everything in your profile for the rest of time. It has only a single trust level with contacts effectively: full trust.
This is unacceptable in any tool you use for online community, unless you exclusively use it for online community and can decline to provide any info in this full-trust level. Unfortunately Signal also makes very sure you can't have a second account, by tying your account to a phone number, and only allowing one Signal instance per mobile device. Is Signal good? Yes, but only exclusively for communication with people you already trust. EDIT: typos |
|
| ▲ | raxxorraxor 8 hours ago | parent | next [-] |
| I dislike Signal as I need to identify myself through info that is protected. Like a phone number for example. Not a privacy app in my opinion. Sure, might be good for some use cases... but overall there are better solutions. |
| |
| ▲ | a3w 5 hours ago | parent | next [-] | | Completely not my experience: I have lots of Signal contacts I cannot phone, since the phone number is never shared by default. Not even the signal contact is shareable. It is way too privacy focused to work easily. i.e. I cannot even match two people I have in contacts unless one of them sends me their hidden username. Then they can talk to one another. And people in my contacts don't use their full name. In groups, they often share the first name, making it confusing as hell. And many use an arbitrary nickname, most often the abbreviated first name I think but sometimes truly random stuff, and might even change that yearly with no mapping in my history to tell me who they were. | |
| ▲ | cykros 7 hours ago | parent | prev | next [-] | | Keep an eye on Whitenoise. It's basically taken the technology behind Signal and placed it atop Nostr, so rather than signing up with a phone number, you do it with an npub (pubkey). Still in very early days so the features aren't all there yet, and battery use could be better, but they've got the basics of it working already. | |
| ▲ | lukan 5 hours ago | parent | prev | next [-] | | "but overall there are better solutions." Can you please name some? | |
| ▲ | Gud 8 hours ago | parent | prev [-] | | Why the downvotes? A messaging app that requires a personally identifiable token is inherently not good for privacy… |
|
|
| ▲ | derkades 10 hours ago | parent | prev | next [-] |
| The part about stories is not true. When sending a story you can choose who to send it to. To make it easier you can even put people in groups |
|
| ▲ | ozlikethewizard 11 hours ago | parent | prev | next [-] |
| You can have multiple instances of signal on a mobile device, and you can use VoiP or eSIMs to register. Signal with an online persona revealing no identifying information, registered to a cash purchased eSIM on an ungoogled android is as good as your getting. Why do you think so many jurisdictions are trying to ban both GrapheneOS and Signal. |
| |
| ▲ | kenniskrag 8 hours ago | parent | next [-] | | In europe you need identification to buy a sim or esim. https://www.reddit.com/r/europe/comments/9ziqfi/european_cou... | | |
| ▲ | Normal_gaussian 7 hours ago | parent | next [-] | | To be clear, your linked map shows that it is not a blanket "in europe". Around 20 European countries don't need an ID to get a SIM card and 30 do. For those learning about political nuance against the backdrop of current propaganda, it is worth noting that the UK and Ireland do not require registration and that the populous are significantly politically opposed to it; and then Russia requires registration and has one of the most linked up registrations. | |
| ▲ | JCattheATM 2 hours ago | parent | prev | next [-] | | Which is very backwards/nannystateish, same nonsense in AU. Thankfully anyone can buy one anonymously in the US and just use that even if it's more expensive. | |
| ▲ | andrepd 7 hours ago | parent | prev [-] | | Didn't know that the UK, the Netherlands, or Portugal aren't part of Europe... Also, you can buy phone numbers with monero for 0.08$ https://smspool.net. | | |
| ▲ | lvass 6 hours ago | parent [-] | | And what happens when the next guy buys that same number and registers on Signal? Phone numbers are recurring costs. And to keep a truly private one you must keep paying without ever disclosing personal info and that is really hard. Signal is a privacy nightmare for long term use. | | |
| ▲ | vel0city 6 hours ago | parent [-] | | There is a week long registration lock protected by a PIN. Your contact list is protected by that PIN as well. They cannot access your chats. All your contacts will get a notification that the contact has changed when they go to talk to your phone number or get a message from your number. https://support.signal.org/hc/en-us/articles/360007059792-Si... | | |
| ▲ | lvass 5 hours ago | parent [-] | | This is good and means no one can impersonate you using your phone number, but doesn't solve the recurring costs issue, you still need to buy a new number when someone registers yours, and every financial transaction puts you at more privacy risk. And is terrible UX, imagine having to add your contacts new numbers every other week. | | |
| ▲ | vel0city 3 hours ago | parent [-] | | People generally already have phone numbers. In the markets Signal is targeting its rare for people to not already have a phone number. It would be quite strange for someone to be paying for a phone number just to use Signal, and if you don't already have one then yes I'd suggest Signal isn't the choice for you. Not only that, but its a unique identifier people generally have already had and generally have already shared and historically been OK with sharing with people they want to talk to. That's a part of the reason why Signal originally chose that way of finding contacts, people were already connected in that way. It makes on boarding people massively easier and greatly reduces the friction of people actually using it. A messaging platform is pretty useless if I can't easily find my friends on it. > And is terrible UX, imagine having to add your contacts new numbers every other week Practically nobody is getting a new phone number every other week. And once again, if you are the kind of person getting a new phone number every other week, I'd agree Signal probably isn't the platform for you. If you don't have a phone number or your number changes all the time, I agree Signal isn't the choice for you. If you already have a phone number, are OK with what having a phone number means in terms of privacy, and that phone number is pretty stable, then Signal isn't a bad choice to use to message on. It does mean theoretically some large organization (like a government with a warrant) can potentially see "John Doe has this phone number, this phone number is related to Signal, therefore John Doe possibly uses Signal", but personally I'm not too worried about that tiny bit of information leakage. Besides, with enough effort one could probably ID that looking at internet traffic patterns unless you're really that paranoid about controlling your network routing. Especially when that means I'm able to actually convince family to use the platform, as they're used to just looking up people by phone numbers and don't want to have to deal with managing yet another unique identifier on yet another platform. If they had to register another account and manage yet another identity, they wouldn't use it, and thus I'd be stuck just talking SMS with them which results in worse privacy outcomes for our conversations. |
|
|
|
|
| |
| ▲ | dns_snek 10 hours ago | parent | prev | next [-] | | You can do all of that but you shouldn't have to when using a privacy-focused messenger, and most people won't so they'll be exposed and suffer the consequences if they use Signal expecting a certain level of privacy (and pseudo-anonymity). It's a terrible anti-feature and the only reason they're not being punished for it is because there aren't many alternatives to pick from. | |
| ▲ | OJFord 10 hours ago | parent | prev | next [-] | | That's privacy for someone who cares deeply and will get it somehow no matter what, not default zero-effort privacy for the ignorant. (Which WhatsApp does pretty well for example.) | | |
| ▲ | oarsinsync 10 hours ago | parent [-] | | > default zero-effort privacy for the ignorant. (Which WhatsApp does pretty well for example.) Can you elaborate on what default zero-effort privacy for the ignorant WhatsApp offers, that Signal does not? | | |
| ▲ | OJFord 7 hours ago | parent [-] | | I don't know, I'm not familiar with Signal. But features such as described above with worse privacy than the basic chatting functionality detract from it, it's not just that it would be a bonus if it were better, because that's exactly how effort comes in, having to know about it, and the typical layman user just blindly uses it. Take Telegram for example, where only explicitly 'secret' chats are e2ee, you have to go out of your way, it's not the easy path. |
|
| |
| ▲ | ekianjo 10 hours ago | parent | prev [-] | | Of course it's revealing information. If I know that two users that are identified by their phone numbers are talking to each other every day, this is a clear connection you can exploit. Metadata is only useless if you have no imagination. |
|
|
| ▲ | pyb 9 hours ago | parent | prev | next [-] |
| How could Signal be considered privacy-conscious ? The first thing they do is ask for your phone number. |
| |
| ▲ | neobrain 9 hours ago | parent | next [-] | | Signal has profiles nowadays that can be used to connect with people without sharing phone numbers. The latter are only used for signup and discarded immediately after. | | |
| ▲ | pmontra 8 hours ago | parent | next [-] | | I don't know how Signal works and I never used it, but could I signup with a phone number and keep using it with another number, on the same phone? | | |
| ▲ | alias_neo 8 hours ago | parent [-] | | Yes. The phone number is just for activation, once activated, you can swap the SIM and carry on. Or have the SIM that receives the activation text in another phone, or be virtual, or whatever. |
| |
| ▲ | reactordev 8 hours ago | parent | prev | next [-] | | I doubt they are discarded when push notifications exist | | |
| ▲ | Krizzu 6 hours ago | parent [-] | | push notifications are not related to phone number, but rather to a randomly generated token in app. |
| |
| ▲ | pseudalopex 2 hours ago | parent | prev [-] | | Another comment contradicted this.[1] [1] https://news.ycombinator.com/item?id=46959019 |
| |
| ▲ | direwolf20 8 hours ago | parent | prev | next [-] | | WhatsApp sends a copy of all your messages to ICE. Signal doesn't. | | |
| ▲ | dizhn 8 hours ago | parent [-] | | Source? | | |
| ▲ | ses1984 5 hours ago | parent | next [-] | | https://en.wikipedia.org/wiki/PRISM https://en.wikipedia.org/wiki/XKeyscore https://en.wikipedia.org/wiki/William_Binney_(intelligence_o... https://en.wikipedia.org/wiki/Room_641A https://en.wikipedia.org/wiki/Parallel_construction https://www.reuters.com/article/world/uk/nsa-staff-used-spy-... Millennials and older generations witnessed this happening bit by bit, some of us tried to fight it, but ultimately it’s everywhere now, and apparently it’s been so ubiquitous for so long that people aren’t even aware of it anymore. | | |
| ▲ | dizhn 5 hours ago | parent | next [-] | | I am the person who asked for the source. 1) I do not believe for a second that Meta would actually implement something that would remove their own ability to read those messages. 2) We do not have any proof that their claimed e2e chat service is actually compromised. The matter of fact tone of the parent made me think there was some actual proof or at least something more than speculation. That's why I asked for a source. | | |
| ▲ | ses1984 4 hours ago | parent [-] | | I am not sure I understand what you’re saying. If meta can read those messages, then they’re most definitely not e2e encrypted. Given the historical record, you would be a fool to assume that any service run by a public company isn’t fully tapped by US intelligence agencies. They’ve been tapping anything and everything they can get their hands on, why stop at whatsapp? Let me flip it around: what proof do you actually have that it is e2e encrypted? Zuckerberg pinky promised? | | |
| ▲ | saintfire 4 hours ago | parent [-] | | You didn't actually flip it around at all. They're stating they doubt Meta would ever allow full e2ee, which is not evidence but simply speculation. AND They asked for a source/evidence to prove their hunch is more than speculative. | | |
| ▲ | ses1984 3 hours ago | parent [-] | | What standard of proof is required here? It’s not criminal court. The original post I replied to simply asked for proof, without also stating they doubt meta would ever allow e2ee. My post is more directed at other readers who might take the absence of a smoking gun as an assumption of safety. |
|
|
| |
| ▲ | Krasnol 2 hours ago | parent | prev [-] | | Not a single link has anything on OPs claim. |
| |
| ▲ | attila-lendvai 8 hours ago | parent | prev [-] | | whatsapp is facebook; do you need any other "source"? i'd be surprised if they didn't have straight out government logins... | | |
| ▲ | dizhn 7 hours ago | parent [-] | | Of course I need another source. I think you're right too but this is just speculation. I thought you had access to some actual information. | | |
|
|
| |
| ▲ | zikduruqe 4 hours ago | parent | prev | next [-] | | No they don't. They ask _for_ a phone number. It doesn't have to be yours. | |
| ▲ | DivingForGold 7 hours ago | parent | prev | next [-] | | Give Signal a burner phone. | |
| ▲ | alt187 8 hours ago | parent | prev [-] | | Because they have an huge PR campaign and a lot of money to invest in keeping their place. |
|
|
| ▲ | gsaslis 8 hours ago | parent | prev | next [-] |
| I didn't think I'd ever be part of any group of 7 people in the world, but today is that day, I guess. And I know one more of those people already! 5 more to go. |
|
| ▲ | fsflover 9 hours ago | parent | prev | next [-] |
| > Ironically, Signal actually ranks a -1 for privacy in this use And it ranks near Discord in terms of removing the single point of failure. |
|
| ▲ | mastermage 12 hours ago | parent | prev [-] |
| [flagged] |
