To validate that a user is a person. The idea is to trust the phone companies that a person who happens to possess a phone number is actually a person.
I regularly work with industries that consume an ungodly amount of phone numbers, using prepaid SIM cards, and have them “preregistered” (registered by random people, or from sellers that ask random people to register the SIM, etc, there are plenty ways).
After that, as long as prepaid credit is added on the SIM often enough (about 20 bucks per year on average), the SIM will happily connect to phone networks. SIM cards and credit can easily be obtained for cash money, so the whole operation is as anonymous as money can be (given that you have the right considerations and care with IMEI numbers and when and where you turn your phone on).
I have myself used such a card to register my signal account without disclosing my identity, and it works to this day; but I didn’t put credit on it, because I got sidetracked, so now, I’m stuck with that number for as long as I keep my original phone.
Long story short, with a budget of 20 bucks a year per signal account, I could have as many signal profiles as desired. I don’t really call that a “protection”. 10 bucks initial fee (and then 20 bucks a year, including that initial 10 bucks fee) is a very ineffective barrier of entry against abuse: successful scam/spam/abuse campaigns can easily bring at least one order of magnitude more money than the initial cost with some pretty obvious basic care (not adding 100s of contacts immediately, etc).
The real solution here is, as always, not hand-holding users into obliviousness, and instead educate them and let them use their brain to determine if a contact request is legit or not. Past that point, if the protocol is designed properly, the communication should be relatively secure.
Signal is arguably doing too much here, and while I salute their intent, I also am pretty disappointed that they are relying on such a flawed method, which IHMO brings more harm than good (it absolutely breaks anonymity for power users), and advertise it as “worth it”.
I never said it was a good solution. There is no way to trust any validation that a user on the Internet is a person. But this way is cheap easy and most people aren’t gonna go through the effort of masking their identities.
Also one discrepancy in an audit of a phone number trusted user base sticks out enough for cops to make some progress.
People are putting too much thought into this. It’s discovery. Signal is a WhatsApp alternative. You switch from WhatsApp and want to know which of your contacts you can still talk to? No action necessary, you can do it right away.
I guess that’s true, but I’d prefer the phone number part being optional. If you don’t give it, you don’t get access to the easy migration or discovery features, but you get to hide your phone number.
You need some sort of verification that the person is a person. Phone number puts a layer between you and the service you are trying to use - the provider of the number. The provider holds your identity but only passes on a phone number.
Privacy and anonimity are different things. As long as nobody besides you and the indented destination(s) has access to the content of your communication, that communication maintains privacy, even if everyone sees that it’s you talking.
Also, and this is something I mention all the time, the only information this gives is that you use signal. Besides that, as soon as anybody else registered your phone in their contact list, your phone number is already known and associated with you considering that many apps (like all the meta ones) gain access to the contact list and the chance that anybody who has your phone number uses one of those is almost 100%.
App-accessible contact lists is the original sin of smartphones. As a result, a few powerful corporations know the social graph of entire countries. The handful of people who make efforts to stay anonymous be damned - they’re in the database too thanks to their friends. This one infuriating feature makes decent privacy all but impossible.
They do their best to use the number in ways no one but your contacts who use Signal can actually see what that number is, to be fair. And you’re still private either way. What a phone number breaks is anonymity, which is something they don’t explicitely claim to give you. (I think)
Why are phone numbers a requirement anyway
To validate that a user is a person. The idea is to trust the phone companies that a person who happens to possess a phone number is actually a person.
Unfortunately, in reality, this isn’t a thing.
I regularly work with industries that consume an ungodly amount of phone numbers, using prepaid SIM cards, and have them “preregistered” (registered by random people, or from sellers that ask random people to register the SIM, etc, there are plenty ways).
After that, as long as prepaid credit is added on the SIM often enough (about 20 bucks per year on average), the SIM will happily connect to phone networks. SIM cards and credit can easily be obtained for cash money, so the whole operation is as anonymous as money can be (given that you have the right considerations and care with IMEI numbers and when and where you turn your phone on).
I have myself used such a card to register my signal account without disclosing my identity, and it works to this day; but I didn’t put credit on it, because I got sidetracked, so now, I’m stuck with that number for as long as I keep my original phone.
Long story short, with a budget of 20 bucks a year per signal account, I could have as many signal profiles as desired. I don’t really call that a “protection”. 10 bucks initial fee (and then 20 bucks a year, including that initial 10 bucks fee) is a very ineffective barrier of entry against abuse: successful scam/spam/abuse campaigns can easily bring at least one order of magnitude more money than the initial cost with some pretty obvious basic care (not adding 100s of contacts immediately, etc).
The real solution here is, as always, not hand-holding users into obliviousness, and instead educate them and let them use their brain to determine if a contact request is legit or not. Past that point, if the protocol is designed properly, the communication should be relatively secure.
Signal is arguably doing too much here, and while I salute their intent, I also am pretty disappointed that they are relying on such a flawed method, which IHMO brings more harm than good (it absolutely breaks anonymity for power users), and advertise it as “worth it”.
I never said it was a good solution. There is no way to trust any validation that a user on the Internet is a person. But this way is cheap easy and most people aren’t gonna go through the effort of masking their identities.
Also one discrepancy in an audit of a phone number trusted user base sticks out enough for cops to make some progress.
expired
People are putting too much thought into this. It’s discovery. Signal is a WhatsApp alternative. You switch from WhatsApp and want to know which of your contacts you can still talk to? No action necessary, you can do it right away.
Simple as.
Try doing that without a phone number.
I guess that’s true, but I’d prefer the phone number part being optional. If you don’t give it, you don’t get access to the easy migration or discovery features, but you get to hide your phone number.
Edit: It’s not that I don’t trust them, either.
You need some sort of verification that the person is a person. Phone number puts a layer between you and the service you are trying to use - the provider of the number. The provider holds your identity but only passes on a phone number.
It’s definitely not ideal, but not bad
Some question to be honest. I cannot expect any privacy if I have to share my phone number.
Privacy and anonimity are different things. As long as nobody besides you and the indented destination(s) has access to the content of your communication, that communication maintains privacy, even if everyone sees that it’s you talking.
Also, and this is something I mention all the time, the only information this gives is that you use signal. Besides that, as soon as anybody else registered your phone in their contact list, your phone number is already known and associated with you considering that many apps (like all the meta ones) gain access to the contact list and the chance that anybody who has your phone number uses one of those is almost 100%.
App-accessible contact lists is the original sin of smartphones. As a result, a few powerful corporations know the social graph of entire countries. The handful of people who make efforts to stay anonymous be damned - they’re in the database too thanks to their friends. This one infuriating feature makes decent privacy all but impossible.
They do their best to use the number in ways no one but your contacts who use Signal can actually see what that number is, to be fair. And you’re still private either way. What a phone number breaks is anonymity, which is something they don’t explicitely claim to give you. (I think)