Add disclaimer to signal #432
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#432
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
As you know, signal requires you to use your phone number in order to use it, but in some countries(like mine), phone numbers are tied to specific people. For example, here, you have to give your id number and use your fingerprint in order to get a phone number, even for prepaid ones! (dunno how it is for other countries).
That is why, at least in my case, using signal pretty much defeats the whole privacy thing.
Please excude my paranoia :P
Thanks, and you can use a foreign service https://infosec-handbook.eu/blog/signal-myths/#m2
@zeroweb91
Although, you have to use a phone number to register and for verification, you can use a disposable number.
There are many free disposable number services or it is possible to create your own.
@zeroweb91 The good Lord Where you live. Korea, Chinese. I recommended use https://github.com/siacs/Conversations this had OMEMO encrypted y you can use any xmpp service that suits your needs for example https://conversations.im/compliance/ https://en.wikipedia.org/wiki/XMPP
@hachiman29
There are dozens of discussions where people compare XMPP with Signal, mostly Conversations vs. Signal.
While Signal requires an arbitrary phone number and officially allows you to choose any phone number you like (you must only be able to verify that you can access it), Conversations (or XMPP clients in general) requires an XMPP account on an arbitrary XMPP server.
At first glance, XMPP might look more privacy-friendly due to no phone numbers involved. However, XMPP servers store tons of metadata and personal data like your contact list, group memberships etc. unencrypted. You have to fully trust at least your XMPP administrator (and other as well if you chat with people on other servers) that he/she don't access your data or logs your server usage.
The next problem is that OMEMO still isn't widespread and barely supported by XMPP clients. For instance, some clients only allow you to use OMEMO in 1-to-1 chats, making it impossible to securely chat in groups.
There are even more downsides of XMPP like unencrypted fallback, no consistent security level of servers, the recent removal of widespread OTR encryption in Conversations (yes, there is Conversations Legacy now!) and Gajim etc.
In a nutshell, if you aren't in full control of all XMPP servers involved and secured your server configuration, you shouldn't use XMPP.
Back to topic:
As mentioned by @Shifterovich and officially by Signal, you don't have to use your private phone number for Signal. Buy another SIM card or online VoIP number, use it only for Signal registration and set a Registration Lock PIN.
@Shifterovich this was implemented in #436, but it seems to be gone?
No idea why. Anyway, the warning should be implemented by a label, similar to Riot.
@zeroweb91
You're not paranoid in this case. It's quite sensible to oppose obligatory phone registration:
(PDF)
adding a phone number is bad for anonymity, not privacy, signal never claimed to be anonymous.
anonymity is not part of its threat model. closing issue.