Jan Wildeboer 😷:krulorange:
#Signal #Lifehack. When you register as new user, Signal asks you to provide "a" phone number where it can send a confirmation code to finalise the setup.
Know that it asks for "a" phone number that can receive messages. It doesn't have to be YOUR phone number. This is not a new feature, it has always been like that. I registered my Signal account using the phone number of a prepaid SIM in a cheap burner phone. I have never used that number since.
Jan Wildeboer 😷:krulorange:
The only thing Signal stores about you is
- When did you register your account (UNIX timestamp)
- When was the last time your account contacted a Signal server (UNIX Timestamp)
That's it. That's all Signal can produce about you when they are forced to by authorities. There is no history, no call log, no data beyond that.
Jan Wildeboer 😷:krulorange:
@martin I guess you have never used Signal? That's not how any of this works. Even if you get my phone number, you cannot take over my account. And even if you can create a new account with that number and somehow would know my contacts and send them messages, they will show up as a new contact and a big warning that the security code has changed.
Martin
Jan Wildeboer 😷:krulorange:
@haayman When you register with Signal, you can allow it to have access to your contacts. It will then create hashes of your contacts based on their phone number. These hashes do not allow to trace back said phone number. Now if one of your contacts registers with signal, his phone number will be hashed again and a match will occur. Thus Signal can now tell you that one of your contacts is also using Signal.
Arjen Haayman
@jwildeboer how then is it possible Signal can message me one of my contacts has a Signal account now? I don't assume every new account is broadcast all over the world so every phone can check their contact list?
Jan Wildeboer 😷:krulorange:
@martin No. My signal account won't be disabled when the phone number used for registering gets disabled or reused. Proof: my Signal works since years on currently three devices with completely different phone numbers and the original number has been disabled around 5 years ago.
Martin
BeauBoboBonobo
@jwildeboer
Thank you for this moment of laughter.
That's why the French authorities have arrested one of the founders of Signal...
Jan Wildeboer 😷:krulorange:
@BeauBoboBonobo The French authorities arrested one of the founders from *Telegram*, not Signal. Please don't spread misinformation. https://www.theguardian.com/technology/article/2024/aug/27/what-does-the-telegram-founders-arrest-mean-for-the-regulation-of-social-media-companies-pavel-durov
Jan Wildeboer 😷:krulorange:
@martin In my case: I cannot be discovered by phone number, as I have disabled that option in the Signal privacy settings. I can be added using my Signal username only, which I happily give to people that ask friendly but I don't publish it anywhere. Seems to work just fine.
Martin
Jan Wildeboer 😷:krulorange:
@michael Wow. Wild ad hominem attacks and accusations out of nowhere just to dismiss my arguments? Welcome to my blocklist.
Michael Vera
@jwildeboer I disagree with the assertion that Signal only stores this minimal information. While the platform may not retain message logs, it still associates accounts with phone numbers, which inherently ties users to their broader network connections. Even if Signal itself doesn’t store these associations, the phone number link can’t be dismissed as irrelevant.
Does Signal pay you to try to share this misinformation? Or the NSA?
Jan Wildeboer 😷:krulorange:
@haayman Thing with Signal is: you do not HAVE to share your contact with the App. And when you do, you can be assured (as long as you trust Signal to have implemented what they have described) that no real phone numbers from your contacts are stored anywhere in their systems.
I decided from the start to NOT share my contacts with Signal and only connect with people I know. A little bit paranoid, I admit, but works GoodEnough for me and my risk calculation. @moehrenfeld
Arjen Haayman
@moehrenfeld I get how it works. My point is, there are more data stored then implied. I don't mind, but "no data beyond that" is not true. And I know some people didn't really like it that their contact lists were sent to Signal, although I understand from @jwildeboer that this is optional now.
Anyways, we're good
Sebastian
@haayman @jwildeboer They don’t store data about YOU. You can find an explanation how they match phone numbers without storing the actual numbers on their website.
Arjen Haayman
@jwildeboer so it does store more than was mentioned before. I'm not saying that it's not safe, but it's the second time this week that i saw mentioned how little Signal stores, which is simply not true
Jan Wildeboer 😷:krulorange:
@ErikvanStraten And that is perfectly fine with me, as long as they use Signal for sharing what they don't think they need to hide ;)
Erik van Straten
@jwildeboer : unfortunately, most people believe that they have nothing to hide.
Jan Wildeboer 😷:krulorange:
@ujay68 If you mean the number of accounts per phone number, it is one. If you mean the number of devices allowed to use the same account, I honestly don't know and can only tell you that I have 6 devices using the same Signal account right now.
Also: the phone number is only needed to create the account. The devices using said account can have different phone numbers.
John Ulrik
@jwildeboer Do you happen to know whether they limit the number of accounts that you can create with ONE phone number? Google does that: I once tried to register a couple of private team accounts under one number, and they blocked it after around five accounts or so.
Erik van Straten
@ptesarik : thank you, but Jan and I are definitely aware of that!
We'd wish that the majority of people using the internet would understand that privacy is about risks. I don't know about Jan, but often I feel like I'm talking to walls.
In fact, the problem is *that* big, that some people stop listening if they hear the word "privacy". It's for child abusers and other criminals, those using TOR and VPN's.
Jan Wildeboer 😷:krulorange:
@ErikvanStraten IMHO: The mission we developers have is to create solutions that allow people that don't care nor understand the implications of technology to still be safe by default. When we developers expose our users to risks they simply are not aware of, that's on us. We must do better. @ptesarik
Petr Tesarik
@jwildeboer @ErikvanStraten Arguing that you don't care about the right to privacy because you have nothing to hide is like saying you don't care about free speech because you have nothing to say.
Jan Wildeboer 😷:krulorange:
@sn IMHO you shouldn’t have backups. Chats are ephemeral to me. Anything stored beyond a few days is an additional risk should someone be able to get hold of its content.
sn 🐦⬛
@jwildeboer the problem with signal on iOS us that it won't ket you make a backup of your signal chats. If your phone is lost, so are your chats. It sucks.
babble_endanger
@jwildeboer Actually I think Signal also stores the groups server-side https://github.com/signalapp/storage-service/blob/b05957bf87c27429681ed1bc1f591e5e78b9c5cd/src/main/java/org/signal/storageservice/storage/GroupsTable.java
Jan Wildeboer 😷:krulorange:
@babble_endanger See https://support.signal.org/hc/en-us/articles/360007319331-Group-chats "A Signal group is built on top of the private group system technology. The Signal service has no record of your group memberships, group titles, group avatars, or group attributes." More details on the private group system at https://signal.org/blog/signal-private-group-system/
Jan Wildeboer 😷:krulorange:
@babble_endanger If you want to dive *really* deep, here's the paper that describes the cryptographic details etc: https://eprint.iacr.org/2019/1416
feld
Jan Wildeboer 😷:krulorange:
@kobold No.
Kobold
@jwildeboer Did you try on a landline?
Jan Wildeboer 😷:krulorange:
@feld At the time I registered my Signal account (2014), you could get them almost everywhere in Germany. That changed 2017, so 3 years later. How to do that today? I wouldn't know.
Jan Wildeboer 😷:krulorange:
@babble_endanger This is why I gave you links to the description on how the system works. The TL;DR is that they store group information in a way that not even they can find out who is in which group. Once th group members themselves can.
babble_endanger
@jwildeboer I'm mostly wondering, if there's no groups in the server database, what that file does. I can't read Java well
Jan Wildeboer 😷:krulorange:
@babble_endanger Server side storage of encrypted, zero knowledge information, that even when you get access to a full dump of the database content does not allow you to reconstruct who is member of which group, as explained in the documents and papers I gave you links to.
babble_endanger
@jwildeboer Sure but those don't seem to have links into the code. I'm not wondering about the cryptography, I'm wondering why there's a file that mentions BigTable and groups, which looks to be server-side storage of groups
Jan Wildeboer 😷:krulorange:
@babble_endanger Feel free to read that as "do not store *reproducible* data". When forced by a subpoena to produce data about an account, Signal cn only deliver the two data points mentioned. Beyond that not even they can access the user specific data that may be in their systems. By design.
babble_endanger
@jwildeboer Contrary to what was said earlier that they do not store the data at all
babble_endanger
@jwildeboer Thanks for explaining! So #Signal actually does store that information, but it's encrypted, so they don't hand it over in subpoenas. Intriguing
Jan Wildeboer 😷:krulorange:
@sn Digitalm sovereignty also means the freedom to decide what data NOT to store. As family we have decided to use Signal, fully aware of what that means.
sn 🐦⬛
@jwildeboer maybe if your chats with your dead parents were stuck in Signal, you'd think differently. That's just one example of many.
Digital #sovereignty means letting users do what they want with their data instead of dictating.
Jan Wildeboer 😷:krulorange:
@powersource Well, it's the only information they give when subpoenaed and thus far it seems the judicial system accepts that they can't get more.
Powersource
@jwildeboer that is all that is stored on their disks sure, but it is naive to pretend like that's the only useful thing that could come from their servers
Jan Wildeboer 😷:krulorange:
@powersource Do they? Or are you just trying to point at *possible* risks that are not very practical? FTR: If you feel that this is a real risk, you can connect to/setup a Signal proxy to further dilute the correlations. https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support
Powersource
@jwildeboer if the NSA can monitor all traffic going in and out (they can) then they don't need a subpoena
Jan Wildeboer 😷:krulorange:
@powersource First: I don't believe that they are doing this. And second: It doesn't change the fact that most other messengers out there are far less secure and leak far more metadata. So from a normal user perspective, Signal is still the most "secure by default" messenger out there. But sure, that's my personal opinion that some will disagree with for various reasons.
Powersource
@jwildeboer I would be incredibly surprised if they don't.
Also, proxies don't solve the problem and even if they did, it's an incredibly obscure option, leaving basically every other user exposed.
Jan Wildeboer 😷:krulorange:
@bohwaz @powersource I never said Signal is perfect. But I do say it’s one of the far better things we have to communicate without being too much of a hassle while still delivering very good security.
BohwaZ
@powersource
It would be easy as well as signal is using aws, Google, cloudflare and azure. They also use twilio for SMS messages I think. All those companies could easily collaborate and provide information on which IP address is talking to signal servers and when. So be careful of your threat model. This could be used to confirm suspects are talking to each other for example. Even sealed sender is not always useful. Signal is a good solution but it has limitations.
@jwildeboer
Tobias Hellgren
@jwildeboer So there's no centralized exchange of encryption keys?
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.