Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption Privacy

Signal's New Usernames Help Keep Cops Out of Your Data (theintercept.com) 39

Longtime Slashdot reader SonicSpike shares a report from The Intercept: With the new version of Signal, you will no longer broadcast your phone number to everyone you send messages to by default, though you can choose to if you want. Your phone number will still be displayed to contacts who already have it stored in their phones. Going forward, however, when you start a new conversation on Signal, your number won't be shared at all: Contacts will just see the name you use when you set up your Signal profile. So even if your contact is using a custom Signal client, for example, they still won't be able to discover your phone number since the service will never tell it to them.

You also now have the option to set a username, which Signal lets you change whenever you want and delete when you don't want it anymore. Rather than directly storing your username as part of your account details, Signal stores a cryptographic hash of your username instead; Signal uses the Ristretto 25519 hashing algorithm, essentially storing a random block of data instead of usernames themselves. This is like how online services can confirm a user's password is valid without storing a copy of the actual password itself. "As far as we're aware, we're the only messaging platform that now has support for usernames that doesn't know everyone's usernames by default," said Josh Lund, a senior technologist at Signal. The move is yet another piece of the Signal ethos to keep as little data on hand as it can, lest the authorities try to intrude on the company. Whittaker explained, "We don't want to be forced to enumerate a directory of usernames." [...]

If Signal receives a subpoena demanding that they hand over all account data related to a user with a specific username that is currently active at the time that Signal looks it up, they would be able to link it to an account. That means Signal would turn over that user's phone number, along with the account creation date and the last connection date. Whittaker stressed that this is "a pretty narrow pipeline that is guarded viciously by ACLU lawyers," just to obtain a phone number based on a username. Signal, though, can't confirm how long a given username has been in use, how many other accounts have used it in the past, or anything else about it. If the Signal user briefly used a username and then deleted it, Signal wouldn't even be able to confirm that it was ever in use to begin with, much less which accounts had used it before.

In short, if you're worried about Signal handing over your phone number to law enforcement based on your username, you should only set a username when you want someone to contact you, and then delete it afterward. And each time, always set a different username. Likewise, if you want someone to contact you securely, you can send them your Signal link, and, as soon as they make contact, you can reset the link. If Signal receives a subpoena based on a link that was already reset, it will be impossible for them to look up which account it was associated with. If the subpoena demands that Signal turn over account information based on a phone number, rather than a username, Signal could be forced to hand over the cryptographic hash of the account's username, if a username is set. It would be difficult, however, for law enforcement to learn the actual username itself based on its hash. If they already suspect a username, they could use the hash to confirm that it's real. Otherwise, they would have to guess the username using password cracking techniques like dictionary attacks or rainbow tables.

This discussion has been archived. No new comments can be posted.

Signal's New Usernames Help Keep Cops Out of Your Data

Comments Filter:
  • Next... (Score:2, Interesting)

    by markdavis ( 642305 )

    So, now how to you set up an account without a phone number? If the system is IP based, there should be no need for a phone number. You should be able to use an Email address.

    What? They don't do that? Why not? They don't believe in non-phone communications? They want to sell the number?

    • Re:Next... (Score:4, Informative)

      by HoleShot ( 1884318 ) on Tuesday March 05, 2024 @09:48PM (#64293130)

      They still use your phone number to valid your account. But your username is all other people see. Their is some other exceptions like if the other person in your conversation has your number in their contact list. You can change your username anytime, which will disconnect your phone number from the old username. If you want to be anonymous then you just follow a certain method using signal, If you don't care, then it's a different method. Bottom line is, you choose if someone can see your number.

      • Re: (Score:3, Interesting)

        by markdavis ( 642305 )

        >"They still use your phone number to valid your account."

        Right. But why can't that be done via Email instead?

        • Re:Next... (Score:5, Informative)

          by bradley13 ( 1118935 ) on Wednesday March 06, 2024 @03:07AM (#64293556) Homepage

          "They still use your phone number to valid your account."

          Right. But why can't that be done via Email instead?

          They use your phone number in an attempt to reduce spam and bots. You can register a zillion throw-away email addresses, but it is slightly harder with phone numbers. No system is perfect, of course.

          • >"They use your phone number in an attempt to reduce spam and bots. You can register a zillion throw-away email addresses"

            I think there are many ways Email could be used and still throttle/limit spammers/bots. Delays, multiple challenges, content filters, blacklist filters, IP monitoring, activity monitoring, referrals, domain reputation, etc.

            • I lot of that involves spying on what users are saying/doing, and keeping records of what they have said/done in the past - things Signal seem to want to try and avoid.

        • by AmiMoJo ( 196126 )

          It's trivial to generate new email accounts for free. They want there to be a cost to creating a Signal account (you must acquire a new phone number) to limit the amount of spam.

      • by pjt33 ( 739471 )

        But your username is all other people see. Their is some other exceptions like if the other person in your conversation has your number in their contact list.

        How does that exception work? There are sufficiently few distinct phone numbers that it's possible to brute force hash them all, so to avoid leaking the phone number to the end user it would seem that the client has to upload its entire contact list to the server.

  • by Anonymous Coward on Tuesday March 05, 2024 @09:49PM (#64293132)

    "As far as we're aware, we're the only messaging platform that now has support for usernames that doesn't know everyone's usernames by default,"
    They must not have looked very hard, I'd like to introduce them to Jami. https://jami.net/ [jami.net] P2P messaging, no servers, centralized or otherwise.

    • They meant "only relevant messaging system" and hope that list includes Signal itself, not fringe works that have 3 users. Not offence, but that's what's up. Sadly.
  • From,

    In the case of Apple, modifying the app to their liking prior to distributing on the store to the end user?

    • by GuB-42 ( 2483988 )

      On Apple, I don't think much can be done, but on Android, Signal is supposed to have reproducible builds, so you can see if what you get from the store matches the source code. And once you have done that, disable auto-updates. I don't know if anyone does that though, of if it works at all.

  • by backslashdot ( 95548 ) on Wednesday March 06, 2024 @01:45AM (#64293454)

    Nothing_to_see_here_feds ?

  • A tiny bit of plausible deniability that you might not have been the owner of the username is rarely going to be enough when on balance it's still almost certainly you.

  • ..., a Florida man who runs Deelz on Weelz, will be happy!

    This will improve the reliability of meth distribution & retail no end!
  • I bet that eventually we will find out that Signal is ran by one of the intelligence agencies. They do everything they can to give the 'image' of being completely private, while also collecting and verifying your phone number to link to your account. The phone system of course being something completely controlled by and monitored by the government.

    If you were going to create a super private messaging platform, at what point would you be collecting phone numbers from users?

    • by flink ( 18449 )

      Signal is open source. Both the Android client and the server are written in Java, which is dead easy to decompile and verify that it matches what is in git. If the client were escrowing private or session keys somewhere we would know. Assuming there is no shenanigans with keys going on, even if the NSA owns the servers, the best they could do is unmasking telephone numbers and doing traffic analysis. Which, given they already own the IP trunks and phone companies, they are able to do regardless.

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...