would be easy af for a state actor to send u a zero day SMS to take over your phone.
Two problema with this logic
do you think a state actor needs to leak the phone number from signal to find out your number?
0-click SMS exploits are possibile, but extremely rare and extremely expensive. Someone with such an exploit won’t burn it for random Joe.
Edit: In any case, if your security depends on malicious actors not discovering your phone number, a generally public piece of information, your have no security to begin with.
there are a lot of privacy messengers out there that dont use numbers and dont have a spam problem.
Because they have not users either. You are talking about niches in a niche segment of a niche market.
Using a phone number that is used only for account creation is a non-issue overblown by a lot of people. Your phone number is likely in the contact list of tens or hundreds of people, already comfortably associated with your name and conveniently shared with many applications that your contacts use.
The association between phone number and identity is something that telco companies can already (and do) provide to authorities.
The only bit of metadata that is added is that “person X uses signal” which in itself is an irrelevant piece of data.
In any case, if your security depends on malicious actors not discovering your phone number, a generally public piece of information, your have no security to begin with.
I am taking the time to remove my info from the various aggregators, and it is scary the kind of detailed info that exists out there just as public information.
As you say, if you are worried about a phone number being tied to your identity, it’s already public information.
But that assumes the Signal identity is the same as your IRL identity. Makes not just anonymity (which is often important for safety just as much as privacy!), but multiacc arbitrarily harder. I can’t imagine using the same chat account for my online gaming buddies and for my real family!
What you said is exactly the point of preventing spam.
Having a real identity attached to a signal identity is the point to prevent spam. There is functionally no difference between your multiaccount and a spammer with 6000 accounts.
I can’t imagine using the samw chat account for my online gaming buddies and for my real family!
I can’t really see why, but if that’s the case, signal is not the application for you, I suppose.
Well, it depends how you define different “things”. In your example you are talking with people. It doesn’t matter with whom or about what, and the service is a meta-service in this sense. You might not want to use the same email for the gambling site and for your school newsletter, but talking with people - information that says private - using a program that identifies you with a number is not the same thing.
There is no option to set a different handle and avatar for different groups of people tho, and I don’t remember if the username shows if you get discovered by number. Also, this was just an example - usually you’d have more than two groups you’d want to isolate.
Can you elaborate what would you want to achieve? Are you trying to hide your identity from your interlocutors (e.g., gambling buddies), so that they wouldn’t know you are John Doe?
Two problema with this logic
Edit: In any case, if your security depends on malicious actors not discovering your phone number, a generally public piece of information, your have no security to begin with.
Because they have not users either. You are talking about niches in a niche segment of a niche market.
Using a phone number that is used only for account creation is a non-issue overblown by a lot of people. Your phone number is likely in the contact list of tens or hundreds of people, already comfortably associated with your name and conveniently shared with many applications that your contacts use. The association between phone number and identity is something that telco companies can already (and do) provide to authorities. The only bit of metadata that is added is that “person X uses signal” which in itself is an irrelevant piece of data.
I am taking the time to remove my info from the various aggregators, and it is scary the kind of detailed info that exists out there just as public information.
As you say, if you are worried about a phone number being tied to your identity, it’s already public information.
But that assumes the Signal identity is the same as your IRL identity. Makes not just anonymity (which is often important for safety just as much as privacy!), but multiacc arbitrarily harder. I can’t imagine using the same chat account for my online gaming buddies and for my real family!
What you said is exactly the point of preventing spam. Having a real identity attached to a signal identity is the point to prevent spam. There is functionally no difference between your multiaccount and a spammer with 6000 accounts.
I can’t really see why, but if that’s the case, signal is not the application for you, I suppose.
Yeah, but I’d say separating your identities you use for different things is a very basic measure a lot of people would want to use.
Well, it depends how you define different “things”. In your example you are talking with people. It doesn’t matter with whom or about what, and the service is a meta-service in this sense. You might not want to use the same email for the gambling site and for your school newsletter, but talking with people - information that says private - using a program that identifies you with a number is not the same thing.
Couldn’t you use a signal username with the gaming buddies, and your real name / number with the people that already know it?
I don’t use signal much, but I convinced 1 person. They didn’t give me their number but gave me a username instead.
There is no option to set a different handle and avatar for different groups of people tho, and I don’t remember if the username shows if you get discovered by number. Also, this was just an example - usually you’d have more than two groups you’d want to isolate.
Gotcha, so you can have two “identities” at a time. I guess this is for spam prevention.
Afaik the username does not show if you are added by number
Can you elaborate what would you want to achieve? Are you trying to hide your identity from your interlocutors (e.g., gambling buddies), so that they wouldn’t know you are John Doe?
a) yes, exactly this and b) where tf did you take “gambling” here?
Sorry, one person above made the example of the “gaming” buddies, I assumed it was gambling and it was a good use case for an example.
I see anyway, it indeed seems this is not a use-case for signal.