Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
They will allow to hide your phone number from your profile, but what about your profile name ? This will identify you after your username is used. So you must also remove your name from your profile, this will confuse your previous contacts (I’m not sure if names come from profile or contact list actually).
I feel the options for phone number display are not sufficient to have several privacy profiles.
Still sucks you will need a phone number to use it though. Hopefully they adopt meshnet type technology similar to https://berty.tech so people can communicate even when the internet is shut off across all platforms with end to end encryption
Another day, another chat service.
Berty looks cool but is it just forming a BLE mesh or an I misunderstanding?
My mouth waters at the idea of decentralised, infrastructure-less, encrypted, p2p, mesh messaging
Thanks for pointing me towards Berty!
I’d say it is infrastructure-agnostic and not necessarily without infrastructure.
There’s also https://simplex.chat/
I’m not seeing any WiFi direct/Bluetooth mesh capability with Simplex
It looks like a p2p messenger - which is cool, but that’s not what tickles my pickle
Yeah, afaik, it only goes through TURN servers. The thing with direct Wifi or Bluetooth is that you almost never need it. Most of the time you will be messaging people on different networks. If you want more pure mesh options, check out Jami.
In the world of Mobile, you’re always going to have to have some kind of signalling protocol that will have to be through someone else Simply because establishing listening functions that help push notifications reach you at all consumes battery. In this case, I think what the real thing should be is, if we should be trusting these push notification systems We should be able to host them as well Servers we choose to associate with our devices
What gets me really excited is the idea of messaging in low internet connectivity areas (aeroplanes (to someone else on the plane)) on the subway/underground
The idea of Bluetooth/WiFi direct mesh, with “internet gateway” devices (maybe those people are rewarded in some way)
In this dream of mine, people can communicate, send data, through non ideal internet conditions (maybe one person on an aeroplane has internet, and they are the gateway for others)
There may be some relay servers running on AWS or whatever, but people could also run their own relays (I guess all devices are a relay)
I’ve tried to get this working myself, using a library called “reticulum” I found in GitHub (good library, but I couldn’t get Bluetooth/WiFi mesh working)
So you want to engineer wireless specifications because internet isn’t always everywhere. Just hook into Amazons sidewalk network this is about your only option. It’s basically LoRa
There’s Briar, but I am upset they don’t have the bluetooth mesh functionality on desktop at least yet, and I don’t know if you can make it work in a VM.
I think I tired Briar, but I either couldn’t get it working on android or on iOS
Why are phone numbers a requirement anyway
People are putting too much thought into this. It’s discovery. Signal is a WhatsApp alternative. You switch from WhatsApp and want to know which of your contacts you can still talk to? No action necessary, you can do it right away.
Simple as.
Try doing that without a phone number.
I guess that’s true, but I’d prefer the phone number part being optional. If you don’t give it, you don’t get access to the easy migration or discovery features, but you get to hide your phone number.
Edit: It’s not that I don’t trust them, either.
You need some sort of verification that the person is a person. Phone number puts a layer between you and the service you are trying to use - the provider of the number. The provider holds your identity but only passes on a phone number.
It’s definitely not ideal, but not bad
Thing is it is very easy to get a signal account with a fake number, I have 3 different ones. My spare phone don’t have a sim or number, but do have signal. On my main phone I have one for each profile.
To validate that a user is a person. The idea is to trust the phone companies that a person who happens to possess a phone number is actually a person.
expired
I never said it was a good solution. There is no way to trust any validation that a user on the Internet is a person. But this way is cheap easy and most people aren’t gonna go through the effort of masking their identities.
Also one discrepancy in an audit of a phone number trusted user base sticks out enough for cops to make some progress.
expired
Some question to be honest. I cannot expect any privacy if I have to share my phone number.
Privacy and anonimity are different things. As long as nobody besides you and the indented destination(s) has access to the content of your communication, that communication maintains privacy, even if everyone sees that it’s you talking.
Also, and this is something I mention all the time, the only information this gives is that you use signal. Besides that, as soon as anybody else registered your phone in their contact list, your phone number is already known and associated with you considering that many apps (like all the meta ones) gain access to the contact list and the chance that anybody who has your phone number uses one of those is almost 100%.
App-accessible contact lists is the original sin of smartphones. As a result, a few powerful corporations know the social graph of entire countries. The handful of people who make efforts to stay anonymous be damned - they’re in the database too thanks to their friends. This one infuriating feature makes decent privacy all but impossible.
They do their best to use the number in ways no one but your contacts who use Signal can actually see what that number is, to be fair. And you’re still private either way. What a phone number breaks is anonymity, which is something they don’t explicitely claim to give you. (I think)
Download and installed but it still insists on a phone number. I don’t see a way to bypass.
A phone number will always be required to limit bot accounts.
I believe they still require a phone number for the TESTING phase but it can be the same oje you already use for your regular Signal (if im understanding it correctly)
Bet if you read the link, it explains how to join the Staging test app (separate from main app).
Im an idiot visiting from the front page. But this headline without context is wild.
c’mon Signal, gimme that apk & I give you some logs in return, don’t make it hard on me
deleted by creator
They want you to do just that: https://community.signalusers.org/t/public-username-testing-staging-environment/56866 That link has instructions on how to sign up.
omg i’m so excited for this
What is this stupid website. Cant open it because they have banned my IP. Why the fuck do they ban MullvadVPN servers?
Surprisingly it’s fine on Tor.
Tor probably can’t carry enough traffic to concern them
deleted by creator
The list of tor exit ips is publicly viewable. Some IPS block the entire list contrary to Tor Project’s request not to do exactly that.
deleted by creator
Cloudflare can do it at least
The firewall I manage at work blocks tor exit nodes and app traffic at the application layer.
Banned on my VPN, too, good to know I shouldn’t be aggravated at my service.
https://community.signalusers.org/t/public-username-testing-staging-environment/56866
Some malicious users do use VPNs to send spams and many websites automatically bans these IPs. Normally switching to a different VPN server will resolve the issue.
Try a different server. I’ve never had any issues accessing bleepingcomputer with Mullvad.
This is a feature that Session had right?
Session doesn’t use phone numbers at all.
Neither does Briar or SimpleX
True but I like where session is headed
love me some briar, but signal is a legitimately decent privacy focued app with serious mindshare, adoption and ux/ui features. I love them both, but unless the other person is a technophile, signal is my go to recommendation and briar remains my “secret club” app.
Briar is nice, but only for emergencies lol
My exact use case haha. Became invaluable when the internet was unavailable. Used my phone’s hotspot to create a wlan, then used it to communicate with those I needed to. Communicate internetlessly with your nearby groups, brought to you by Briar.
So if Im at a music festival or something similar and I dont have phone service I can still just make a hotspot and send messages out through the hotspot signal?? Thats so awesome if Im understanding that correctly
You would likely face another issue in that scenario: briar + hotspot draining your battery.
Only if those you’re sending to are also on the same hotspot signal. Basically, you’re creating a local wifi network, and Briar works over WLAN.
Hmm, could you elaborate on this? What was your exact use case for Briar, how did it help solve it, and what were the challenges?
We were with several other groups and had no internet, but needed to communicate through text. Briar filled the gap with its ability to communicate internetlessly through a local network (as long as the others are on the same network). Creating a hotspot with one phone and connecting the others makes a wlan with your group inside. Could you tell me what I’m missing from my explanations? I’d be happy to elaborate further if I knew.
You know what Session also has? Well it ain’t forward secrecy.
True but I don’t think its that bad
how so?
Session will use full onion routing and it should hide most metadata from your communications. It also uses strong encryption so it should be hard to brute force the encryption
Session does NOT use the tor network. They use their own, smaller, way easier to take over network.
I never said they used the Tor network. I just said they use onion routing over lokinet. Lokinet is pretty powerful and is much faster than Tor. In the future we may see other messaging apps use lokinet assuming it works well and is secure
And I did not say you said that. Thatdoes not matter though, as what I say still stands. The network they use for onion routing is incredibly weak. Even Tor isn’t as powerful a network as most would think.
Also: Speed does not matter. Speed ≠ strength.
while the following is not really my threat model, wouldn’t a person who’s being targeted, say a journalist/activist, have a higher chance of their device being compromised (possibly even physically)? If so, would Session still be a valid option for them?
Noice
Finally
Now if they’d just let me run the damned client on more than one device so I can reply to messages from my tablet.
Signal for iPad syncs with phone Signal.
No idea why it’s exclusively for iPads… 🤷
Take a look at Molly for your tablet!
deleted by creator
I’m running it on phone, tab (long ago), and desktop… What do you mean?
Maybe they mean how the messages don’t sync between devices
Yup, exactly. I switch between phone and tablet during the day and signal is the only messaging client that makes me stop what I’m doing and pick up an entirely separate device to check messages and reply. A bunch of my friends ended up on telegram or matrix because the usage model just doesn’t work for people who use multiple android or iOS devices.
Probably mean run it on more than one phone. I’d love to run it on my iPhone and my android phone but it can’t be run without a phone number on a phone afaik
Yeah this is a limitation that I’d also like they „fix“.
Ah, I thought that was by design.
But they do sync. They just don’t keep messaging history, which is, as you say, by design. Signal doesn’t keep copies of your messages so they cannot give you old message history if you connect your account to a new device.
They could sync those between devices on the same network. It’s definitely possible to have both.
That’s true, but once you trust a new device, there’s no reason the authority (your phone that has all history) couldn’t transfer the history over to the new client.
I get it would add some complexity, but it could be done in a secure and private way.
I feel like that is also by design. If your account is compromised, you wouldn’t want them to be able to pull messages from your existing devices. It kinda defeats the purpose of them not being stored on the servers.
deleted by creator