“Super secure” messaging app leaks everyone's phone number

Also, average Joe is not using proxy to hide the IP-address of their device so they leak their identity to the server anyway. Signal is not keeping those logs so that helps.

Messaging apps cater to different needs, sometimes you need only content-privacy. It's not a secret you're married to your partner and you talk daily, but the topics of the conversation aren't public information.

When you need to hide who you are and who you talk to (say Russian dissident group, or sexual minorities in fundamentalist countries), you might want to use Tor-exclusive messaging tools like Cwtch. But that comes at a near-unavoidable issue of no offline-messaging, meaning you'll have to have a schedule when to meet online.

Signal's centralized architecture has upsides and downsides, but what matters ultimately is, (a) are you doing what you can in the architectural limitations of the platform (strong privacy-by-design provides more features at same security level), and (b), are you communicating the threat model to the users so they can make informed decision whether the applications fits their threat model.

Should have deleted my account instead of just removing the app, because it turns out the difference between using signal and using SMS is obscured for most phones, and when people thought they were texting me they weren't. I was just out of contact for a long time as people kept sending me the wrong kind of messages. I suppose one could argue protecting contact/identity is not a real goal for e2e encryption, but what I see is a "privacy oriented" service that's clearly way too interested in bootstrapping a user base with network effects and shouldn't be trusted.

We know from subpoenas that signal only holds the user phone number, creation timestamp, and last login timestamp. That’s it.

It’s a compromise meant to propagate the network, and it has a high degree of utility to most users. There are also plenty of apps that are de-facto anonymous and private. Signal is de facto non-anonymous but private, though using a personally identifiable token is not a hard requirement and is trivial to avoid. (A phone number of some kind is needed once for registration only)

Meanwhile, Matrix for now does support hashed contact lookup, although few clients implement it given the privacy considerations at https://spec.matrix.org/unstable/identity-service-api/#secur...

The data Signal has is: 1) registration time for a given phone number, 2) knowledge of daily login (24hr resolution). That's it. That's the metadata.

They do not have information on who is communicating with who, when messages are sent, if messages are sent, how many, the size, or any of that. Importantly, they do not have an identity (your name) associated with the account nor does that show for contacts (not even the phone number needs be shared).

Signal is designed to be safe from Signal itself.

Yes, it sucks that there is the phone number connected to the account, but you can probably understand that there's a reason authorities don't frequently send Signal data requests; because the information isn't very useful. So even if you have a phone number associated with a government ID (not required in America) they really can only show that you have an account and potentially that the account is active.

Like the sibling comment says, there's always a trade-off. You can't have a system that has no metadata, but you can have one that minimizes it. Signal needs to balance usability and minimize bots while maximizing privacy and security. Phone numbers are a barrier to entry for bots, preventing unlimited or trivial account generation. It has downsides but upsides too. One big upside is that if Signal gets compromised then there's can be no reconstruction of the chat history or metadata. IMO, it's a good enough solution for 99.9% of people. If you need privacy and security from nation state actors who are directly targeting you then it's maybe not the best solution (at least not out of the box) but otherwise I can't see a situation where it is a problem.

FWIW, Signal does look to be moving away from phone numbers. They have usernames now. I'd expect it to take time to completely get away though considering they're a small team and need to move from the existing infrastructure to that new one. It's definitely not an easy task (and I think people frequently underestimate the difficulty of security, as quoted in the article lol. And as suggested by the op: it's all edge cases)

https://signal.org/bigbrother/

Simplex was a decent option but they're going down the crypto rabbit hole and their project lead is...not someone who should be trusted by anyone in the crosshairs right now.

Phreeli [https://www.phreeli.com/] allows you to get a cell number with just a zip code. They use ZKP (Zero Knowledge Proofs) for payment tracking.

My Signal number is a Google Voice number that has nothing to do with any mobile phone. The Google account has advanced protection turned on so you can’t port it or get the SMSes without a hardware login token.

To cut it short they use Intel SGX to create a "trusted environment" (trusted by the app/user) in which the run the contact discovery.

In that trusted environment you then run algorithms similar to other messengers (i.e. you still need to rate limit them as it's possible to iterate _all_ phone numbers which exist).

If working as intended, this is better then what alternatives provide as it doesn't just protect phone numbers from 3rd parties but also from the data center operator and to some degree even signal itself.

But it's not perfect. You can use side channel attacks against Intel SGX and Signal most likely can sneak in ways for them to access things by changing the code, sure people might find this but it's still viable.

In the end what matters is driving up the cost of attacks to a point where they aren't worth in all cases (as in either not worth in general or in there being easier attack vectors e.g. against your phone which also gives them what they want, either way it should be suited for systematic mass surveillance of everyone or even just sub groups like politicians, journalists and similar).

Signal provides content-privacy by design with E2EE. Signal provide metadata-privacy by policy, i.e. they choose to not collect data or mine information from it. If you need metadata-privacy by design, you're better off with purpose-built tools like Cwtch, Ricochet Refresh, OnionShare, or perhaps Briar.

https://github.com/signalapp/Signal-Server

https://xkcd.com/2350/

Also, Telegram is not private.

1. It's not E2EE by default

2. It's not E2EE for groups on any platfrom

3. It's not E2EE 1:1 on desktop clients forcing you to downgrade from secret chats to insecure chats

4. It's collecting 100% of your metadata, including

* who you talk to, when, how much, what type of data you exchange,

* your IP-address which sort of defeats the purpose of having no phone number, and

* when you enable secret chats

Telegram is also not transparent about its funding, about who develops it, and who has access to the plaintexts stored on their server (meaning, anyone with a zero day or two).

Journalists who went to look for Telegram's office in Dubay found out no-one in the neighboring office had ever seen Telegram staff enter the space https://www.youtube.com/watch?v=Pg8mWJUM7x4

Telegram was built with blood-money from VKontakte, and Durov has been marketed as living in exile, when in reality he has visited Russia on average once every 2.4 months since the exile began, and strangely Durov has not had his underwear poisoned and windows have been kind to him despite supposedly betraying Putin's interests.

tl;dr Telegram reeks of FSB/SVR honeypot.

But the way it's phrased and worded... at best, it's the kind of really bad typo that shows rank incompetence; at worst, it's outright fabrication that is actively lying about the credentials; and what I think most likely, it's obfuscation that's relying on credentialism to impart an imprimatur of credibility that is wholly undeserved (i.e. "I got an unrelated degree at Stanford, but it's Stanford and how could anyone who goes there be bad at CS?").

It's not laziness. It's populism rejecting what they consider elitism, which includes expertise and experience.

If you reject the best and only easy option from the outset because you don’t want actual healthcare, then yeah… whatever remains is going to be “hard”.

What the US has right now is a complex entrenched system of financial middlemen that refuse to abandon their rent seeking. They provide only(!) financial “services” and will fight actual healthcare tooth and nail.

Trump wasn’t strong enough — or simply didn’t care enough — to fight these people.

https://crnkovic.dev/testing-converso/

https://www.theregister.com/2023/05/17/converso_e2ee_app/

https://play.google.com/store/apps/details?id=com.freedomcha...

I suppose I'm falling for the trolling right now.

EDIT: I assumed, perhaps wrongly, that OP was referring to individual "Africans and Indians" from the US. I suppose it does make some sense if we are talking about organised action from foreign powers.

Did it? Mentioning MAGA is smear? The app's intended audience is pretty clear.

But where I really disagree is promoting whataboutism. Anyone is free to submit stories about the foibles of the left or right, but what we don't need dualing whatabouts for every issue raised.

If it took me a month to patch a data leak vulnerability on a web app, I'd resign, and probably retire... That's an embarrassing timeline, and the people involved should feel bad.

It's on the site. and If you don't think I'm in the security industry, LOL