A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 108 users / day
- 435 users / week
- 1.32K users / month
- 4.54K users / 6 months
- 1 subscriber
- 4.39K Posts
- 111K Comments
- Modlog
Seriously. I’m getting really sick of OPs take, it is a fundamentally flawed and ignorant understanding of what privacy and anonymity are.
If I’m at work and I need to speak to someone in private, we can go in a room and close the door. That’s a PRIVATE conversation. It doesn’t mean that nobody heard me say “hey Bob, can I talk to you for a minute?” It doesn’t mean nobody saw us go in there and shut the door. The conversation is still private.
It’s NOT private if someone is listening up against the door, or if there’s a recording device in the room (in our analogy most messenger services and protocols fit here).
Signal IS PRIVATE CONVERSATION. But there’s metadata about who is talking to whom, and it’s NOT anonymous for the reasons OP pointed out, even if OP is a rabble rousing idiot.
Signal is private, free, accessible, and has a good feature set. Their foundation is a nonprofit with ethical motives, and it’s widely adopted worldwide because it fills a very real, very necessary niche.
Signal is NOT anonymous. If you want to be anonymous online you’ve got a lot, possibly an insurmountable amount, of work to do. Signal should not be a part of that because it’s NOT anonymous.
Quit strawmanning a good thing because it’s not what you’re looking for.
removed by mod
Sounds like a lack of security rather than a lack of privacy.
removed by mod
Here, go argue with this guy for a few weeks, and give us a break for a while.
Why is only message text considered “information / content / context” here. Signal has your real name and address via phone numbers, and has every other real person you talked to, and when. Why is “message text” considered context, but social networking graphs aren’t?
All these definitions are highly subjective, and the above one clearly considers social networking graphs to not be “content”. Basically they’ve re-defined privacy in a way that excludes highly sensitive information like everyone you talk to, and when.
Been saying this for many many years and always get blank stares in response. All the more annoying when its for use in groups that are all about privacy and they only want to use telegram.
However, it does make me happy to finally see someone else say it. So, thanks for that.
removed by mod
2FA is an important security layer, if the service, after sending you the activating SMS with the code, delete your number (normal in serious services), it’s also not an privacy problem. In big us corporations on the other hand, it is, eg.Google store tour number and also probably share it, there 2FA is not an option. Instead a number, some services also admit alternatively a second e-mail account to receive the activation code, there, if you have doubt, you can use an disposable mail, so there isn’t any privacy problem.
removed by mod
2FA is important, but if you use your phone number for anything, you have no idea how long they retain it, how they directly use it, if they sell it, etc. A real phone number can be mapped back to you trivially.
It should be standard to offer TOTP codes that can be used via an authenticator app, hardware key, etc. Aome places do, many do not.
But at the end of the day, they typically don’t ask for your phone number because they want to give you security, but rather as a proxy to ensure you have a unique identity. Most people will have only one phone number, and it will be more difficult / costly to get additional ones than burner emails, etc.
Yes, iy’s always to use with a grain of salt. As said, it ads a security layer, but can be an privacy hole, despte that mail directions are easier to track as phone numbers, at least in the EU, you can’t be mapped back to an user, this is only possible in crime investigations by the police with an court order. Mail adresses on the other hand are unique identifiers which are way easier th track, except you use an disposable mail or alias. Anyway, eg.in Vivaldi 2FA is safe and apart optional, as also the account itself, only needed when you want to use sync or the use of Vivaldimail, blog and other services it offers. In much other services it’s also only an option.
If Signal isn’t private, then why it is recommended over WhatsApp, Matrix and over SimpleX?
Because most people don’t consider the very basic concept made by op.
No one should be recommending signal over matrix and simplex. It’s probably more secure than whatsapp, but both have social network graphs of everyone you talked to, and when.
Matrix’s encryption algorithm was broken for a while and when it was fixed it it took app devs years to migrate to the new requirements. It still might even be the case for a lot of them, I haven’t looked in a while.
SimpleX should be secure AFAIK though, but I’ve heard that it may not be able to scale well to larger user bases. It seems everything has pros and cons.
removed by mod
OP is confusing privacy with anonymity.
I’d say the two are different but related.
Seems OP is discussing the loss of anonymity, but the below ARE privacy concerns:
Granted that it is difficult to completely obfuscate some aspects of your identity.
Those two concerns has been fixed last year.
You misunderstand; regardless of what is shown to other users, the folks running the service know your number, and that you desire using encrypted chat.
Ah, that’s because of your use of someone, yes Signal still has that data.
This thread shows the success of Signal’s PR campaigns, and how a shiny app can get people to overlook all the privacy concerns. They’re just as successful as Apple at getting people to think that a US-based corporation hosted on Amazon’s servers and subject to national security letters, whose privacy model is “just trust us with your phone number”, is in any way secure.
removed by mod
Were there conversations exposed? Do you even understand the difference?
Do you think your phone number is private?
removed by mod
it’s definetly not public information
It wouldn’t work very well if it wasn’t.
It is at best slightly obscured information. If your life depends on a phone number never being associated with you, and you frequently use that phone number, you’re a dead person.
dw I don’t. My phone number was leaked, I don’t know how and it really sucks. It probably happened before I started caring about privacy. and all these phone number aliasing services either don’t operate in my region or cost too much money.
Signal allows you to speak confidentially, therefore it is private. It is not, by default, anonymous. Yes, this plus the centralized server mean that potentially dangerous metadata, like relationship maps, can be collected. All indications are this isn’t the case, but that’s not something you can count on.
If you need anonymity, which you probably do at least a bit, use simplex. And yes, having more people using anonymous services like simplex is a good thing for the community as a whole. That said, I’m not going to try to convince all of my friends to use simplex. It’s just too far from the mainstream, missing too many features. Signal is a sufficient compromise for most people, and it’s sufficient for me for most purposes.
I’m ready to be called milquetoast, and while I see where this comes from, it comes off idealistic if we are to communicate with people in the present day in any practical way. Do not forget how much of an improvement it already is over the likes of proprietary messaging apps and how much effort it already is to move people to Signal. It is surprisingly difficult for common folk to grasp the concept of anything but a phone number when it comes to messaging apps.
Which definitely begs the question of why people put any effort into trying to move any of their contacts to signal in the first place. I believe the answer is that they didn’t value privacy either. Just the idea of it.
Indeed, those who don’t have older friends totally underestimate how confused the oldies get by the concept of an alternative phone/messaging app.
simplex is shady af and literally run by some sus crypto rugpull bums. best to use xmpp and irc. they have been existing for many years and still standing strong.
removed by mod
Privacy and anonymity is different things
When this US service has your phone number (meaning your real name and address), then what is the point of making this distinction? Is them having my address private?
No one should have this info, regardless of how you every person differently defines “privacy” vs “anonymity”
because they are completely different things
So its a “private” and “secure” US corporation that knows everyone I talk to and when? I’ve heard this one before.
No, it’s a private and secure protocol (not corporation) thanks to end to end encryption. You can evaluate the protocol yourself with your own eyes, except clearly you cannot read, but modulo that.
Newsflash, chuckles: your IP address IS NOT ANONYMOUS. Any private protocol you use without going through Tor, i2p, or some similar anonymizing network IS NOT ANONYMOUS.
You’re attacking a strawman. Neither Signal nor anyone else has claimed the protocol or the service are anonymous. Which, yes, is something that every user should know before trusting it. They should understand what it means and what the consequences are. I’m honestly not sure you’re even there.
This means nothing when you have no idea what code the server is running, they even went a whole year without publishing their server code updates, until they got a lot of backlash over it. Real security doesn’t require a “just trust us” claim.
Also, metadata is content. Even if they don’t have the message text, Signal still has the real identities of everyone you talked to, and when. With that you can build social network graphs, which are far easier to harvest and more useful anyway than trying to read through message content and determine meaning.
Just because you know where I live doesn’t mean you know what’s going on in my house
See the difference?
Words have meaning
Signal knows the real identities of everyone you talk to, and when. Is that not “knowing what’s going on in your house?”
The post office knows where I live too. And who I send messages to. Didn’t mean they read my mail
Started to write a long paragraph to explain the difference between privacy and anonymity but I now believe this new user is (no idea why) collecting engagement via rage bait. I won’t participate in their posts anymore.
It might even come from a good place, namely trying to always do “better” and be “more private” but in practice it’s just lead to confusion.
You can use whatever app you like, but I think this adds confusion.
Signal is private because no one can see your messages except the people you are messaging. The government can’t, Signal themselves can’t.
Signal is not anonymous only in the sense that the government can check if you use Signal. That’s it. They can tell if you use Signal. They can’t link messages to your number in any way through data requests, etc.
Not forcing anyone to use Signal, but if you choose to, you can know it is private.
(So this post is confusing privacy with anonimity basically)
Anonymity is a very big part of privacy and always has been. That is why you don’t write your name on your voting ballot.
They are conceptually quite different.
People use both the terms interchangeably, but they are not the same thing.
Voting ballots are anonymous because you didn’t write you name on them (and they can’t be linked back to you hopefully), but they are not private because you have no control over how the data is used (once you submit a balot you have zero control over what happens to it next).
I’m not finding any definitions of “privacy” that suggest the term refers to control of something. Regardless of whether that something is within or outside of your reach.
From the page you linked:
Signal conceals what you say.
In a data sense specifically, I believe privacy refers to your data being hidden from unwanted eyes (aka you have control over who can see your data).
Which is also what you do when you vote. You control who has your identifying information and who has the information on how you voted. Which I guess is still different from Signal if we are still talking about that. Since you cannot control who has your identifying information.
removed by mod
You keep saying this. But you never offer any proof. Everyone keeps telling you why there is a distinction but you keep conflating the two, and here you are flat out bullshitting. It is in fact private.
What is your point? I am beginning to think YOU are propaganda. Or an idiot.
Privacy: You knowing who I am but not what I’m doing
Anonymity: You knowing what I’m doing but not who I am.
How is someone having your real identity, and address, “private” ? This distinction is pointless.
Holy shitballs what the actual fuck the difference is that if the conversation is private, people cannot listen in. Are you being obtuse?
I don’t consider it “private”, if you were to know the real identities of everyone I was talking to, and when I talked to them. I’m not telling any US corporation like signal that especially.
Yes, we get it. You don’t consider it “private” because you are using your own personal definition of the word, and getting all fucking bent out of joint because the definition you just fucking made up all on your own doesn’t match what other people mean when they say the fucking word. WE FUCKING GET IT. END OF THREAD.
Dude, these are problems that people have been dealing with on the Internet for more than 30 years now. Not only do we have precise vocabulary that you have not bothered to educate yourself on, WE HAVE SOLUTIONS TO THESE FUCKING PROBLEMS. These are ANONYMITY issues, not PRIVACY issues. If you want an anonymous messaging platform, FUCKING USE AN ANONYMOUS MESSAGING PLATFORM. It’s not fucking rocket science.
Please spare us the autism and read a fucking RFC.
My neighbor knows who I am and where I live…next door. He does not know what I do, other than observe that I ride a John Deer around in the fields and corn comes up shortly there after. Riding a John Deer in a field is observable by all public passers by. In public we are not guaranteed an expectation of privacy. He doesn’t know tho, that I run a private sex dungeon and crack still in my basement.
I’m a haxor diddling some server somewhere to gain access. The server admin can see what I’m doing and indeed would have a record of what I was up to including any associated IP addresses, but wouldn’t know me from Adam’s house cat if I were truly conducting my activities in an anonymous manner.
So because he knows only a limited amount, that’s the distinction between private and anonymous?
Signal is not your neighbor. Signal’s DB stores phone numbers and knows who you are, and who you talked to, and when. Are the people you talk to considered “public”, to a US-based corporation?
It is my distinction, yes. There are many other distinctions like it, but this one is mine based on my threat model. Now, if you’d supply your definition/distinction and threat model, then I can be pedantic about it as well. Or we can accept that, since we are talking about a wide swath of users, no one real definition suites all. If you’d like a similar exercise, hit Lemmy Self Host and pose the question, ‘What is self hosting? Is hosting on a VPS considered self hosting or is a home lab considered self hosting’. Report back please.
You know the part in the Signal setup where it asks you for your phone number for verification purposes? You do know Signal does not prohibit the use of temp phone numbers. You can try as many as you like until you get one to work (if you’re relying on free temp phone) One phone number not giving you any joy, tap ‘Wrong number’ and try again, or use a paid for burner phone service such as MobileSMS.io (which is specifically recommended for Signal), Burner, Quackr.io, Temp-Number.com, or there are reports of using Google Voice, if you dare tread those waters.
As I understand the Sealed Sender protocol, it does redact or seeks to redact the metadata of ‘whom you contact and who contacts you’. Since 2024, Signal has introduced usernames to reduce reliance on sharing phone numbers. You can set a username and hide your number from others, though it remains in the database for account purposes. Sooooooo…find you a temp burner phone number to use.
As I’ve said early on, I have no dog in this hunt. You can use Signal, Simplex, Smoke Signals, design a new enigma machine, whatever. My corn is going to grow regardless and my neighbor will still not know about my sex dungeon and crack still. LOL
removed by mod
I’ve already covered the phone number conundrum further in this thread.
Quite laughable. Have fun storming the castle bro.
removed by mod
What data breach could there possibly be? Phone numbers are already public information and that’s literally the only info Signal has. Oh no! My phone number that’s publicly available already has been released in a “breach”!
It’s already been mentioned numerous times but you’re confusing privacy and anonymity.
Per Cambridge Dictionary:
Privacy: someone’s right to keep their personal matters and relationships secret
Anonymity: the situation in which someone’s name is not given or known:
Using Signal, even after giving them your phone number, fits the definition of privacy in that matters discussed through the app are secret to anyone outside of the sender and recipient. Even if Signal is told to hand over messages, they can’t, there’s nothing to access on their end. Private? Yes. Anonymous? No.
Try looking up “privacy vs anonimity” (or a similar search query). You may find that your post is talking about anonimity, not privacy.
Signal is private.
removed by mod
okay, it’s become clear that you’re simply broken. End of thread.
removed by mod
How are you still unable to differenciate privacy and anonimity.
And you are calling us stupid for using Signal…
Seriously, use whatever you are comfortable with, but don’t spread misinformation and panic.
Yep we’re all out to get you. We have meetings and everything. We have a pot luck on Sunday, and you cannot come.
Did you look it up?
Yes, as I said, the government can tell if you use Signal or not by asking Signal (by providing Signal a phone number and asking if they have a record of it).
It’s not anonymous in that sense, but it is still private because your messages cannot be revealed by such data requests.
I am a huge fan of SimpleX and their removal of user IDs. I think it’s a brilliant solution, and wish that SimpleX was recommended more than Signal.
removed by mod
Yes, phone number should be optional for easy contact discovery, not mandatory. As Threema. You have to provide your ID when buying a sim card.
Not only that, but self-hosting should be an option. It isn’t with signal, which is based and hosted in the US, on amazon servers, and subject to national security letters .