Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Encryption

Signal Messaging App Now Testing Usernames (pcmag.com) 52

Michael Kan reports via PCMag: Encrypted messaging service Signal is now testing usernames, which will offer people a more private way to share their contact details on the app. Signal kicked off the public test today through a new beta build available in its community forums. "After rounds of internal testing, we have hit the point where we think the community that powers these forums can help us test even further before public launch," says Signal VP of Engineering Jim O'Leary.

The development is a big deal since Signal -- an end-to-end encrypted messaging app -- has long required users to sign up with a phone number. That same number also needs to be shared in order to message other users on the app. This can be problematic since sharing your phone number exposes you to privacy and hacking risks. For example, a contact on Signal could choose to call and message your number over an unencrypted cellular network or pass off the number to someone else.

This discussion has been archived. No new comments can be posted.

Signal Messaging App Now Testing Usernames

Comments Filter:
  • Finally. (Score:5, Interesting)

    by ledow ( 319597 ) on Friday November 10, 2023 @05:23AM (#63995145) Homepage

    Always found it hilarious that an app that supposedly cared about privacy made you give your normal phone number to people if you wanted to talk to them.

    • Re:Finally. (Score:5, Insightful)

      by AmiMoJo ( 196126 ) on Friday November 10, 2023 @07:00AM (#63995255) Homepage Journal

      It's sill pretty bad that you need a phone number to register, and to transfer your account to a new device. To transfer it has to be the same phone number, so no using a burner SIM.

      You just have to trust that Signal Inc. will never disclose your phone number, or get hacked. Well, they are probably already hacked, by government security agencies like the NSA and GCHQ.

      Overall the Signal app isn't very good for protecting your privacy. End-to-end encryption doesn't prevent your IP address being observed by the Signal servers, tied to your phone number and account because they have to block unofficial clients and servers that want to federate. Better apps use the Tor network to prevent the server knowing your IP address, and don't require a phone number.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        You just have to trust that Signal Inc. will never disclose your phone number, or get hacked.

        Curious, if you don't disclose your own phone number, either by calling others on signal or so others can call you, what is the point of signing up for signal?

        Isn't that a bit like saying you need to sign up for an email account for the purpose of emailing, yet don't want to give your email address out?
        If you don't give the email address out, why did you need to sign up for email?

        That's the entire problem here.
        "Identification" / "Authentication", the first part of that is not intended (or can be) a secret.
        W

        • Curious, if you don't disclose your own phone number, either by calling others on signal or so others can call you, what is the point of signing up for signal?

          Isn't that a bit like saying you need to sign up for an email account for the purpose of emailing, yet don't want to give your email address out?

          I own my email address because I own my domain name. I don't own my phone number; the mobile carrier does. A domain name is also less expensive to keep active in perpetuity than a phone number.

          Teens seeking to use the service may not have a phone number, instead using their parents' house phone. This means that the parent who pays the phone bill is eligible to use Signal and the teen living with them is not.

        • Isn't that a bit like saying you need to sign up for an email account for the purpose of emailing, yet don't want to give your email address out? If you don't give the email address out, why did you need to sign up for email?

          Signal is not restricted to a mobile phone usage only. It is available for PC and Mac as well as iOS and Android tablets. The first app might have been on phones but the requirement of a phone is a reasonable question.

      • Shoutout to the Briar project , which uses Tor and not phone numbers and is just better in every way (except no iPhone support) https://briarproject.org/ [briarproject.org]
    • Re:Finally. (Score:5, Insightful)

      by cornfeedhobo ( 6270348 ) on Friday November 10, 2023 @07:44AM (#63995293)

      Classic error. Privacy != Anonymity.

      Why should I care if my friends and family have my phone number?

      All I care about is if the communication is encrypted and there is sufficient guarantees that the person I'm talking with is the same person they were yesterday and the day before.

      This change will only invite more scrutiny from the vocal minority that continue to make signal worse every year.

      • Re:Finally. (Score:5, Informative)

        by thecombatwombat ( 571826 ) on Friday November 10, 2023 @08:34AM (#63995371)

        The reasons are even in the summary. If the other party has your phone number, they can more easily screw up and text you something sensitive rather than using Signal.

        Consider that you are someone interesting enough to have a really skilled adversary with some resources. You're a journalist some powerful person or company doesn't like.

        If someone compromises the person on the other end of your chats, they now have your phone number. They can now use your phone number for all sorts of phishing attacks, and have a much wider set of paths to attack *your* device. If they just have your Signal username, it's much less useful to them.

        It's also often wanted for a much less technical sort of privacy. Women in particular give out fake numbers all the time, and many prefer to share Instagram and the like instead of a phone number. You can just block someone on Instagram, if they have your phone number, that at least feels much more permanent.

    • I always found it hilarious that people who want to communicate are desperate not to hand over a number which exists for the express purpose of communicating with them.

      • Historically, mobile carriers in the United States and Canadian markets have billed subscribers for each outgoing voice minute, each incoming voice minute, each outgoing text message, and each incoming text message. Giving a mobile number to a malicious person lets said person cost you money. All they have to do is send enough text messages to your number to cause the mobile carrier to shut down your account for having zero balance. After this, you cannot make or receive calls nor send or receive text messa

      • I always found it hilarious that people who want to communicate are desperate not to hand over a number which exists for the express purpose of communicating with them.

        People should be able to choose the method they want to communicate in my opinion. I hope that is not some sort of controversial opinion where you live. I mean by that logic, people should not object to others getting their physical address if they email someone.

    • that supposedly cared about privacy

      You have to take into account what's the threat model addressed by the app.

      Signal doesn't target the "The NSA, GCHQ, Mossad and FSB are all after my ass" or "I am an Uighur living in in China" crowd - where a highly motivated threat actor with vast means is specifically targetting the user.
      Signal mostly targets users who would like their private communication to stay private and not get accidentally spilled out by a server hack (which is what end-to-end encryption covers), by a stolen phone, etc. i.e.: most

  • Reverting back (Score:4, Informative)

    by BeTeK ( 2035870 ) on Friday November 10, 2023 @05:29AM (#63995151)
    I find it hilarious that what made it Whatsapp so successful was that accounts where phone number tied. This made for non-tech people easy to use as it wouldn't require registration and contacts where imported from phone numbers. This is basically reverting back what it used to be ie. having account names as primary contact information.
    • Re:Reverting back (Score:4, Informative)

      by ledow ( 319597 ) on Friday November 10, 2023 @05:50AM (#63995183) Homepage

      Nobody's reverting. It's an option.

      How you can claim to be a privacy-aware messaging app when literally everyone you talk to gets your phone number is beyond me.

      Simplicity is all well and good, and Whatsapp could easily make it required for sign-up but optional for discovering users (and why can't I just have as many aliases as I like, ala Bitcoin wallets) which can't be linked - so when I do have to Whatsapp a company's support lines or my boss wants to chat to me on Whatsapp, I don't have to give out my phone number to people that I don't want to have it?

      Whatsapp even gives out all the numbers you have on your phone - if you're Dual SIM, every contact in Whatsapp gets both your numbers, which defeats the purpose of having separate numbers.

      • by geekmux ( 1040042 ) on Friday November 10, 2023 @06:58AM (#63995251)

        Nobody's reverting. It's an option.

        How you can claim to be a privacy-aware messaging app when literally everyone you talk to gets your phone number is beyond me.

        If people truly cared about privacy, they wouldn't be carrying around a 24/7 personal tracking device tied to a phone number they freely give out anyway.

        Kills me that some assume consumers treat their phone number like it's some kind of secret. Please. A criminal would give that shit out to the app tracking the package delivering a ski mask before a bank robbery. Just to highlight the ignorance and irony.

      • How you can claim to be a privacy-aware messaging app when literally everyone you talk to gets your phone number is beyond me.

        You are not your phone number any more than you are your username. Your UID is low enough that you should remember a time when we printed everyone's number along with their name in a big BIG book and gave it out for free.

        You know... so people could communicate with you.

        • Your UID is low enough that you should remember a time when we printed everyone's number along with their name in a big BIG book and gave it out for free.

          You know... so people could communicate with you.

          Only land lines were included in the directory. Incoming calls on land lines have always been free of charge in the U.S. market. Incoming calls and texts on mobile devices are not, at least until you upgrade to an unlimited service plan that costs several hundred dollars per year.

          • Several hundred a year. Sure, $25 or $30 a month for unlimited. If you can't afford that, you can get a free low income phone. Teens that can't get together $25 a month aren't trying very hard...Probably just use whatsapp anyway.

            • Teens that can't get together $25 a month aren't trying very hard

              That or they have a high school principal who refuses to sign work permits except for students with perfect attendance and at least an A- average.

        • by Equuleus42 ( 723 )

          Your UID is low enough that you should remember a time when we printed everyone's number along with their name in a big BIG book and gave it out for free.

          My UID is low enough that I can remember when everyone's number was etched into cuneiform tablets.

    • Re:Reverting back (Score:5, Informative)

      by itsme1234 ( 199680 ) on Friday November 10, 2023 @06:14AM (#63995211)

      WhatsApp is also mobile-only (and at first there wasn't even the web interface that went through your phone anyway) and there is no option to just close the program without signing out completely or uninstalling. None of the other IMs at the time, from Skype to really anything had this "anti-feature", but it also meant you could reach someone on Whatsapp as opposed to getting them on Skype whenever they feel like logging in, possibly months (!) later.

      • This isn't an anti-feature, it's their core purpose. Many moons ago WhatsApp didn't even allow you to send messages. It was literally a way of transmitting your active status on iPhone to your other iPhone contacts. That's it. Only when that idea flopped did they add messaging features and reinvent themselves.

  • by mad7777 ( 946676 ) on Friday November 10, 2023 @06:23AM (#63995225)

    followed the link. clicked the "windows" link, which downloads the regular installer .exe, whereupon I am immediately prompted to open the Signal app on my phone.

    so. what exactly has changed here??

    • by gavron ( 1300111 )

      The link to signal-desktop apt alpha is a 404. You'd think before putting out a message encouraging people to download... they... would... test the links.

      • by mad7777 ( 946676 )

        yep.
        the page does in fact invite people to compile from source, but then it also provides this link for Windows users, which is useless. anyway... I've been waiting for this feature for several years. I'll just wait a bit longer!

  • by bradley13 ( 1118935 ) on Friday November 10, 2023 @08:07AM (#63995339) Homepage

    Signal seems to not quite know where they are going. The decision to stop working as an ordinary SMS client, for example. Sure, in that case, SMS messages were not encrypted - but you could show that in the UI. Now, everyone needs one more messaging client, which leads to the danger of sending unencrypted SMS when you actually meant to use signal.

    Some comments complain about the phone number requirement. Yes, that means you are not anonymous. However, your messages are still private. What is your use case? Do you really want to be anonymous to your friends, family and colleagues? I don't, and I also want to know who I am corresponding with. In this sense, allowing the user-name option is (imho) a poor idea. I hope they make it obvious in the UI whether or not the person has had to enter a phone number.

    If you want the option to be fully anonymous, Signal is probably not the right app. However, anonymity is not what most people really want.

  • Pass off? (Score:1, Offtopic)

    Pass off the number? Or did you mean pass on the number?

    I'm not sure what kind of passing off you could do with it.

    Pissing off, certainly. That goes without saying!

  • by fred6666 ( 4718031 ) on Friday November 10, 2023 @09:10AM (#63995427)

    As long as you can't use signal without a phone number and a mobile phone, it's going to suck.
    I should be able to register by creating a username and password, and use it on a PC without having to piggy back on a phone.

    • I should be able to register by creating a username and password, and use it on a PC without having to piggy back on a phone.

      Then let's nail down what a replacement for Signal that does not require a phone number would look like. For comparison, let's use Element [element.io] as an example of what exists. Element requires Internet access on the device where it is used in order to send and receive messages. Say you're using Element on a PC. In this hypothetical situation, how would you order an Internet access subscription for the PC without using a phone?

      • Say you're using Element on a PC. In this hypothetical situation, how would you order an Internet access subscription for the PC without using a phone?

        Out of topic, but you typically order Internet using another Internet connection. That how I did it the last 5 times.
        But if you prefer, you can also walk to your ISP's office and some may allow you to order from there. You can also use someone else's phone, a pay phone, a landline without SMS function to order as well.

      • by Nkwe ( 604125 )
        Of course you can. Free and anonymous Internet is available via public WIFI in many locations.
      • In this hypothetical situation, how would you order an Internet access subscription for the PC without using a phone?

        Maybe you just don't need one, especially if you want to somehow fly under the radar and you'd just use free wifi that you can find in tons of places nowadays? Or it might come as part of your lodging arrangements? Or of course as someone else answered already just over internet or in the shop.

  • In addition to requiring a phone number to have an account, I've always found it funny that Signal prohibits having your account active on more than one mobile device, yet allows your account to be installed on up to 5 desktop devices. I get that this is probably an attempt at security, but I don't quite get the reasoning, and at the very least I think Signal should allow an option for an active account on more than one mobile device, even if it's off by default (with a warning about turning it on). I perso
  • it looks like you get some random digits added to your username... "myname.69" for exmple. this is to make it harder for attackers to guess according to the app...

    does this mean there can be multiple people with "myname" but with different numbers? or is myname unique?

  • In the UK, only allowing phone numbers gave Signal a loophole for Online Safety Act purposes as their service technically met the stupidly simple definition of being an SMS/MMS service. If it allows usernames too, then it is no longer sending messages via a provider between telephone numbers.
  • I know people who have been disappeared... Privacy and anonymity are more important than ever before. Don't assume "everything is fine" just because you live in a first world country. Your illusions of freedom and rights can be taken away at any moment and have been many times in the past.

  • At one time I used Signal as my everyday messaging app. It would send unencrypted SMS messages to non-Signal users, and use the encrypted channel for other users. I don't understand the switch to Signal-to-Signal only. If a bad actor (such as a theoretical tyrannical government) ever got hold of the data in my phone, there would be Signal with texts to Grandma all wrapped up in an encrypted ball with the texts to my theoretical guerrilla cell. More haystacks for more needles. Why did they move away fro
  • What's old is new again Hooray!

"If the code and the comments disagree, then both are probably wrong." -- Norm Schryer

Working...