Email or username:

Password:

Forgot your password?
BrianKrebs

One of the more limiting things about Signal is you have to give out your mobile number to everyone. Even if it is a burner, I still don't want to advertise to the world that it's mine.

Was happy to read today that Signal is now beta testing a new username feature.

community.signalusers.org/t/pu

56 comments
Thomas Barrett 👨‍💻

@briankrebs I wonder how they are going to control the spam and other unwanted communications by someone setting up a bot.

Fernando Miguel Hahne

@trbarrettjr @briankrebs A phone number will still be necessary to sign up. The username is only to connect to a new contact without revealing your phone number.

Thomas Barrett 👨‍💻

@fmhahne @briankrebs I hope so... That is why I am no longer on many social media networks because of the junk messages that fly at me. I couldn't block them fast enough. I don't want to see them go down a path that would make people disregard the value of the service as only receiving communications that are unwanted.

rugk

@trbarrettjr @briankrebs did you read the link? You still need to register with a phone number.

Thomas Barrett 👨‍💻

@rugk The internet has a history of enshittification. This is going to be another example of in the future the requirement for a phone number to be removed, and now you have a dumpster fire of spam messages ricocheting across the service.

When that requirement is removed, I am out.

Draw a line from the other previous services such as WhatsApp. "WhatsApp for business" is cryptoscamming and now WhatsApp has become unusable.

This is the wrong path for @signalapp

rugk

@trbarrettjr @signalapp this is your personal opinion that a phone number is positive for messengers, others may disagree. So that "history" take is very subjective.

But from what I heard Signal is on the same side as you, they seem to really want to keep phone number verification, for better or for worse.

eagerpebble

@briankrebs Finally! I think it'll also be good for companies that want to support messaging customers over signal.

Basil

@briankrebs Do you still need a phone number to sign up?

rugk

@basil @briankrebs if you read the link you would know the answer is yes

william.maggos

@briankrebs

isn't @signalapp centralized? shouldn't we all be moving to something that isn't?

Mithiriath

@abmantis @railmeat @wjmaggos @briankrebs @signalapp @element @matrix last time I checked (2 years ago maybe) metadata « sharing » on element/matrix wasn’t its forte compared to Signal (minus the need to have a phone number ofc).

keverets

@wjmaggos @railmeat @briankrebs @signalapp @matrix or alternatively #xmpp / @snikket_im which has OMEMO that's based on the same double-ratchet algorithm as Signal. It also bridges well to SMS and voice phones using jmp.chat (or similar Vonage/Twilio for non-US/Canada numbers)

Matrix has some nice features that XMPP lacks, but XMPP is still a well used and reasonable alternative.

Bindestrich

@wjmaggos depends on your threat model. I don't think the average user should be required to know a trustworthy admin. matrix is an option if you care for that.

william.maggos

@Bindestriche

couldn't the people who run Signal instead run a Matrix server, along with Mozilla and Automatic etc? isn't that our better future, FOSS decentralized tech and lots of companies with principals that run these servers and we pay them a sustainable rate?

Bindestrich

@wjmaggos security in a decentralized service is hard. That is why email is the mess it is. if you don't want to cut of people, you need to use the lowest common denominator, which often is out of date and insecure

Bindestrich

@wjmaggos federation adds complexity which is the enemy of security. there is a reason why mastodon dm's are not end2end encrypted and it is not that msto defs are lazy.

Charles OuGuo

@Bindestriche @wjmaggos A good example of this: Matrix still hasn't rolled out fixes to all the Nebuchadnezzar vulnerabilities (homeservers control group membership and can add/remove members at will): nebuchadnezzar-megolm.github.i

This is in part because fixing anything in a decentralized system is hard! Fixing these required, AIUI, a protocol change, which is a nightmare when you don't control all the servers and clients.

Bindestrich

@wjmaggos getting back in the habit of paying for online services with money instead of data is a good development. but choice of provider is not a silver bullet. there are good reasons why we have central food health inspections. checking if a provider is trustworthy requires a skilset that should not be necessary to just use a messenger. just as I don't want to bring a lab in a restaurant just to know the food is save to eat.

william.maggos

@Bindestriche

there's two ways to ensure good service, democratic oversight/control or economic competition. neither are perfect. Signal seems great right now but I don't see the incentives for that to maintain.

I guess there's also dog fooding, that the people who rely on something have the power to keep it good. the model of lots of FOSS projects and Wikipedia I guess.

Irenes (many)

@briankrebs oh finally! that's been allegedly in the works for YEARS

Danie van der Merwe

@briankrebs Finally! Signal has really been behind on this. The phone number is one of the most identifying pieces of data there is.

Viss

@briankrebs fiiiiinally. ive been using wire heavily

polycosmos

@briankrebs This is a step in the right direction. :)

schrotthaufen

@briankrebs About time. Requiring a phone number was always my biggest gripe with the app.

J$

@schrotthaufen @briankrebs Requiring having a phone at all is my biggest gripe.

DELETED

@briankrebs

Finally! That is some good news for a change! Thanks, Brian.

gunstick

@briankrebs I think the phone numer is not known by signal but just some partial hash. I am not sure how it works, but there is some hiding going on.

Hubert Figuière

@briankrebs it's really "designed in the USA".

A lot of countries, Europe and Asia, require an ID to get a SIM card. France, Germany, Taiwan for the few I have personally tested. So "burner" isn't really a concept.

Thomas Svensson 🖖

@briankrebs

Do you know if that means it also will be possible to use Signal on Android tablets without mobile phone hardware?

Bernard Marx

@briankrebs Decentralized simplex.chat/ does not even use user ID's. You create and dispose of addresses as you want. It is easy to use, but most people are too habituated to Signal or other apps to try it. Here is my current address: simplex.chat/contact#/?v=1-4&s

getsession.org/ uses the Signal protocol with user names and is decentralized. Matrix and XMPP are also good.

@briankrebs Decentralized simplex.chat/ does not even use user ID's. You create and dispose of addresses as you want. It is easy to use, but most people are too habituated to Signal or other apps to try it. Here is my current address: simplex.chat/contact#/?v=1-4&s

doodlemania

@briankrebs The Session app, based on Signal (I think they forked?), requires no username or phone number and instead uses recovery codes. getsession.org

SIEM

@briankrebs Does this mean I am able to run multiple #Signal 'instances' so I can split private comms from business comms and well essentially ditch #Slack for my business?

Daniel Tuttle 🌵🤘

@briankrebs awesome. This is mostly why I dont use Signal much

Frank Kumro
@briankrebs about time, let's hope they let us delete our numbers when it is released.
Ayoub A. 🕊️

@briankrebs telegram has this feature, it's pretty nice. Have you tried telegram yet, if so, why choose signal over telegram?

Jiko Rojino

@ayoubabedrabbo @briankrebs

Telegram may be more popular but it lags Signal in terms of privacy.

"Telegram’s messages are only encrypted between you and the server and the server and recipient. It means your message is stored unencrypted on Telegram’s servers and can be read by the company. You can opt to create a ‘secret chat’ in Telegram which provides full end-to-end encryption, but by default, your messages don’t have this level of protection."

groovypost.com/reviews/signal-

@ayoubabedrabbo @briankrebs

Telegram may be more popular but it lags Signal in terms of privacy.

"Telegram’s messages are only encrypted between you and the server and the server and recipient. It means your message is stored unencrypted on Telegram’s servers and can be read by the company. You can opt to create a ‘secret chat’ in Telegram which provides full end-to-end encryption, but by default, your messages don’t have this level of protection."

quixote

@briankrebs Lordy, yes! About time.

Next have a layer of features for those of us using it because it's the best communication app out there, not because we need the super-security. JOB ONE: let users back up and move their entire messaging history! Not just iphone to iphone.

nmmr

@briankrebs@infosec.exchange
If the next thing is to keep the disk space usage at a humane level on iOS, I got no more complaints:‘)

welkin ga 📌 💧⚖️

@briankrebs looking forward to this! Been using telegram but can finally switch back to signal

Giupardeb

@briankrebs we omvitomg you to help the community!

jan

@briankrebs
#Threema and #SimpleX do offer messaging without phone number authentication.

Go Up