 One of the more limiting things about Signal is you have to give out your mobile number to everyone. Even if it is a burner, I still don't want to advertise to the world that it's mine. Was happy to read today that Signal is now beta testing a new username feature. https://community.signalusers.org/t/public-username-testing-staging-environment/56866 56 comments
@briankrebs I wonder how they are going to control the spam and other unwanted communications by someone setting up a bot. @trbarrettjr @briankrebs A phone number will still be necessary to sign up. The username is only to connect to a new contact without revealing your phone number. @fmhahne @briankrebs I hope so... That is why I am no longer on many social media networks because of the junk messages that fly at me. I couldn't block them fast enough. I don't want to see them go down a path that would make people disregard the value of the service as only receiving communications that are unwanted.  @trbarrettjr @briankrebs did you read the link? You still need to register with a phone number. @rugk The internet has a history of enshittification. This is going to be another example of in the future the requirement for a phone number to be removed, and now you have a dumpster fire of spam messages ricocheting across the service. When that requirement is removed, I am out. Draw a line from the other previous services such as WhatsApp. "WhatsApp for business" is cryptoscamming and now WhatsApp has become unusable. This is the wrong path for @signalapp @trbarrettjr @signalapp this is your personal opinion that a phone number is positive for messengers, others may disagree. So that "history" take is very subjective. But from what I heard Signal is on the same side as you, they seem to really want to keep phone number verification, for better or for worse.  @briankrebs Finally! I think it'll also be good for companies that want to support messaging customers over signal.   @abmantis @railmeat @wjmaggos @briankrebs @signalapp @element @matrix last time I checked (2 years ago maybe) metadata « sharing » on element/matrix wasn’t its forte compared to Signal (minus the need to have a phone number ofc). @wjmaggos @railmeat @briankrebs @signalapp @matrix or alternatively #xmpp / @snikket_im which has OMEMO that's based on the same double-ratchet algorithm as Signal. It also bridges well to SMS and voice phones using jmp.chat (or similar Vonage/Twilio for non-US/Canada numbers) Matrix has some nice features that XMPP lacks, but XMPP is still a well used and reasonable alternative. @wjmaggos depends on your threat model. I don't think the average user should be required to know a trustworthy admin. matrix is an option if you care for that. couldn't the people who run Signal instead run a Matrix server, along with Mozilla and Automatic etc? isn't that our better future, FOSS decentralized tech and lots of companies with principals that run these servers and we pay them a sustainable rate? @wjmaggos security in a decentralized service is hard. That is why email is the mess it is. if you don't want to cut of people, you need to use the lowest common denominator, which often is out of date and insecure @wjmaggos federation adds complexity which is the enemy of security. there is a reason why mastodon dm's are not end2end encrypted and it is not that msto defs are lazy. @Bindestriche @wjmaggos A good example of this: Matrix still hasn't rolled out fixes to all the Nebuchadnezzar vulnerabilities (homeservers control group membership and can add/remove members at will): https://nebuchadnezzar-megolm.github.io/ This is in part because fixing anything in a decentralized system is hard! Fixing these required, AIUI, a protocol change, which is a nightmare when you don't control all the servers and clients. @wjmaggos getting back in the habit of paying for online services with money instead of data is a good development. but choice of provider is not a silver bullet. there are good reasons why we have central food health inspections. checking if a provider is trustworthy requires a skilset that should not be necessary to just use a messenger. just as I don't want to bring a lab in a restaurant just to know the food is save to eat. there's two ways to ensure good service, democratic oversight/control or economic competition. neither are perfect. Signal seems great right now but I don't see the incentives for that to maintain. I guess there's also dog fooding, that the people who rely on something have the power to keep it good. the model of lots of FOSS projects and Wikipedia I guess.   @briankrebs Finally! Signal has really been behind on this. The phone number is one of the most identifying pieces of data there is.  @briankrebs About time. Requiring a phone number was always my biggest gripe with the app.  @briankrebs I think the phone numer is not known by signal but just some partial hash. I am not sure how it works, but there is some hiding going on.  @briankrebs it's really "designed in the USA". A lot of countries, Europe and Asia, require an ID to get a SIM card. France, Germany, Taiwan for the few I have personally tested. So "burner" isn't really a concept. Do you know if that means it also will be possible to use Signal on Android tablets without mobile phone hardware? @briankrebs The Session app, based on Signal (I think they forked?), requires no username or phone number and instead uses recovery codes. https://getsession.org @briankrebs Does this mean I am able to run multiple #Signal 'instances' so I can split private comms from business comms and well essentially ditch #Slack for my business? @briankrebs telegram has this feature, it's pretty nice. Have you tried telegram yet, if so, why choose signal over telegram? @briankrebs Lordy, yes! About time. Next have a layer of features for those of us using it because it's the best communication app out there, not because we need the super-security. JOB ONE: let users back up and move their entire messaging history! Not just iphone to iphone. @briankrebs@infosec.exchange @briankrebs looking forward to this! Been using telegram but can finally switch back to signal @briankrebs Here are some screenshots of how usernames work in #Signal if anyone is interested: |
Gregory's Server
@briankrebs Thank you! Finally.