I hope moving forward we can have multiple usernames and profiles. This would greatly increase privacy since we may have different identities in different social groups. Even on HN a lot of us have multiple personas. I find one of the big challenges is actually handling these different identities as most software only assumes you have one. Though it seems to be common on social media like twitter or instagram. But bitwarden still doesn't know how to differentiate microsoft logins lol

Edit: I'd love in the future to also see things like self destructing or one time links. I don't think these should be hard to implement, especially if one can have multiple usernames. Certainly a limit like 3 would be fine with the numbers, right? Personally I wouldn't be upset if multiple names became a premium feature but I'd strongly prefer if it wasn't. I get that signal still needs money (https://news.ycombinator.com/item?id=39446053)

To be fair to Bitwarden even Microsoft doesn't know how to differentiate between multiple Microsoft logins. As of at least a year ago, you can technically have different logins with the same username/email identifier, and different login prompts will behave differently.

They also are real shady with yubikeys. You can't set them as default but you can set "security key." So the process ends up being it assuming you want to use Hello (which breaks my Outlook... wtf), clicking use another device, security key, clicking next, then finally typing in your credentials. The next part makes me real suspicious since all the other dialogues go to the next page without clicking next. Why just this page? It's some weird dark pattern bs.

I'd call it malicious, but I think maliciousness requires intent. A chicken running around with its head cut off isn't really malicious if it runs into you.

I’d call them bugs, but they’ve been reported and didn’t get fixed.

I do wonder how telegram and signal are planning to finance it long term. Telegram is adding absurd paid features like exclusive animations, which won't earn nearly enough to cover the costs.

I wonder where signal is about keeping the servers up, since they hate federation so much.

Telegram is good, as you mention, to be relatively private in groups/chats/channels without a need to expose neither your phone nor even a nickname (unless you live in autocratic countries — will come to this later).

But it comes with costs. First, their p2p communication is not e2e encrypted by default. Not to say that all comments/group chats are not encrypted too, unlike let’s say WA.

Second, Telegram API. It gives too much information. You can do a lot with it: read history, track changes of usernames, etc. For example, it is quite easy to obtain an internal user ID and there are black market services and databases where they promise to connect that ID with phone number if that account ever had privacy settings switched off in the past.

Claimed that they kind of scrape all accounts and pair ID for those where privacy settings set poorly. Even if you change it later — your internal ID and that scrape will state forever.

Third, Telegram was funded by Russian government since Durov had issues with SEC. He raised money from different Russian state-owned banks like VTB, issued bonds which are traded in Saint-Petersburg stock exchange, and even take some money directly from Russian government though a Qatar proxy-company. Not to say, that there are cases when TG was involved in criminal charges against people (the most famous one is story with Ryanair plane being forced to land in Minsk to arrest Lukashenko’s critique) and it was never directly addressed and explained by company how exactly those people was caught and how company protect against “SIM card replacement” cases (Signal at least inform me everytime my peer logged to new device).

Selecting between Signal with AFAIK no known cases of charges in dictatorship countries like Russia, funded by non-profitable charity, and TG without default e2e encryption, public API and Russian-state funding, is quite obvious for me.

https://en.wikipedia.org/wiki/Blocking_of_Telegram_in_Russia

When war started, and Russia banned a lot of services like FB, they created list of communication platforms they have questions about loyalty and cooperation with Russian government. TG was not on that list and through the whole war the only issue was about Telegraph — supplementary platform to publish long notes. AFAIK there was 0 questions or criticisms to TG in those 2 years.

As for me, it says a lot

But then “SEC-incident” happened. He and his brother wanted to build TON and fund it by kind of ICO (without naming it ICO). SEC decides enough is enough and blocked launch of TON with charging Durov for selling unregistered securities.

At the end, issue was settled, Durov returned all money and settle the deal with SEC, but it shrinks his finance by a lot and he ran out of money for TG.

Then he was seen in Russia and issued bonds for $1 bln. According to Russian financial press [1], bonds were underwritten by Russian banks closely affiliated with government or directly stated-owned (all of them are in sanctions list now), and even some money was invested by Russian Fund of Direct Investments [2]. Last summer he again issued bonds for TG for $270 mln. You can buy TG bonds at SPB stock exchange where they were listed 2 weeks after the issuing [3].

Surprisingly (repeating my comment below), around same time, Russian govt withdrew all their claims to Telegram and started to use as the official communication channel.

Not to say that other “transformations” happened like Duriv publicly denounce US declaring it is a “police state” [4]

All links in Russian, sorry:

[1] https://www.rbc.ru/finances/15/03/2021/604f11019a79478034130... [2] https://www.bbc.com/russian/news-56501991.amp [3] https://www.forbes.ru/finansy-i-investicii/424665-shirokiy-k... [4] https://te.legra.ph/7-prichin-ne-pereezzhat-v-Kremnievuyu-do...

Take for example France vs Russia. In the 2022 election, Macron managed to get just ~30% of the voters that wanted him as President. In the second round where only two options remained, only 58%.

Without any serious opposition (with the murder of Boris Nemtsov and jailing/deregistration of Alexei Navalny), the 2018 was again a landslide for Putin with 76.69% of the vote.

There are of course other easy ways to tell, but this serves as a pretty easy heuristic.

This is, of course, a gross simplification, of everything that makes up a democracy. For example, the US is at best a flawed democracy because of all the lobbying, money and gerrymandering (and things like the Electoral College).

Disclaimer: Not American, I'm a Kiwi, so outsiders view of US politics.

My bet is that they have a chance for democracy only when Russia becomes a set of little independent states. As Russia in a nutshell, is just a Muscovy that occupied other sovereign states. It was exactly like they’re trying it with Ukraine currently, again. Again, as the previous one was in 1918, when Russia ‘incorporated’ other states, what we know as ussr.

They also make it difficult to hide your pseudo identity from your phone contacts. I’ve had all the “discover contacts” settings turned off, and simply reinstalling the app caused people to be given my username without my consent. Settings somehow magically switched themselves back on and I couldn’t turn them off until after the damage was done.

There was no confirmation prompt. Pretty sure this happened to me more than once.

Please don’t ever compare Telegram with Signal.

Such as?

> now you can’t restrict who can send you a message unless you have a premium.

And before that you just weren't able to restrict that at all, there was no such feature. They didn't remove this feature for free users - it never existed. They just added it right now only for paid users.

> premium users can bypass non-premium users privacy setting “last seen and online”

That is absolutely not what the feature is. If you hide YOUR OWN last seen time, you won't be able to see last seen time of other users, even when they have it public. Now, premium users will be able to see public last seen times of other people if they hide their own. But they obviously still can't see last seen time of people who set it to private, that would've been very dumb.

As someone who for some time created and moderated fairly popular chat (200+ people) for anti-war Russians, I have very long and complicated history of relationship with this service and have a lot of different grey-zone stories where it is hard to understand whether it is a mistake from users and whether it is a leak from the service.

Hence I have a little low expectation and overreact on their recent changes

I generally agree with you that Durov makes a lot of incredibly stupid decisions. I think pretty much everyone in the "Telegram community" (eg. channel administrators, bot/client developers, etc.) would agree that the changes Telegram is introducing are often bad.

The issue, though, is that there isn't any alternative right now - Telegram is the best messenger out there in terms of general usage. So while I do hate what they're doing sometimes, I still use the product and even pay for Telegram Premium. It's bad enough to be mildly annoying, but not bar enough to actually make people leave the platform.

Edit: just as I was writing this, Telegram introduced a new feature. I'm not sure if I love it or hate it to be honest, it's a smart way for them to save money, but it is pretty weird: https://t.me/tginfo/3942

Restricting of incoming messages existed (cloned from Facebook as usual).

Restricting of "last seen and online" existed in third-party clients. Later on VK started to actively destroy this functionality, by moving manual "is online" management from designated API into all data-fetching APIs.

Not to mention that VK and Telegram are now actively fighting with third-party clients. In which world they would not fight Ninjagram/AyuGram/Plus Messenger/other forks, which allow to add multiple accounts, hide online/reading (to some extent), show message editing history and so on?

The real problem with cellphones is that a lot of privacy-threatening issues are literally one fat finger away. And clearly, that's a feature, not a bug. That's why I prefer to work and message on my laptop anyway.

but again, Telegram has been, in many practical ways, much more privacy-oriented than all the other messengers, exactly because you don't have to share your phone number to participate in groups and chats.

While waiting to have it perfect you don't have it good either.

Having said that if you leave the country I am pretty sure that sim card and number would be deactivated after a few months if not connected. I am not sure how fast a number can be reused.

https://signal.org/blog/signal-is-expensive/

For me, there’s two big reasons for this:

Signal chats are E2E at all times, while Telegram is only E2E when you explicitly create a “secret chat” with whoever you’re conversing with. I don’t fault Telegram too much for this, because they still provide the option to use E2E for everything, but Signal gets brownie points in my book because they just do it by default without getting in the way of the User.

Secondly, as far as I know, Telegram uses their own in house encryption techniques as opposed to industry standards. I am not at all knowledgeable about encryption or cryptography— I only know what’s required of me in my job (basically the bare minimum), and so I don’t actually know whether this is anything of serious concern. It could very well be that Telegram’s encryption techniques are just as effective as the established norms, but I do see the general consensus trending towards “roll your own encryption = bad, use established norms = good”, which is primarily what I am basing my opinion on here.

To further detract from my own point, it actually seems like Telegram might be using “established norms” for encryption nowadays anyways [1], although I couldn’t really tell from the brief description I read on Wikipedia.

Overall, I think Telegram is perceived as being less secure than Signal primarily because of the reputation Telegram has for implementing their own in house encryption techniques, even if they don’t use those techniques anymore— their name has become associated with their known history of using ad hoc encryption.

[1]: https://en.m.wikipedia.org/wiki/Telegram_(software)#Architec...

I use Matrix with e2e encryption, and my chats are synced just fine.

I didn't realize my comment rose to the top. When I had written this I had also written this comment[0] which was the grandchild of the top comment at the time. It has a bit more details on my thoughts/reservations of federation. tldr is mostly about avoiding centralization. This remains an open problem and I think it is far too easily dismissed. But federation isn't solving the problems people want it to if it's federated like email and web browsers. That's just mostly centralization with all the headaches of federation.

And to anyone complaining about lack of federation, what's stopping you from running your own Signal server? Sure, it won't connect to the official channel, but is that a roadblock? Even Matrix started with one server. This is a serious question, is there something preventing this? Because if the major problem with Signal is lack of federation, I don't see why this is not solvable building off of Signal and not needing to create a completely different program. Who knows, if it becomes successful why wouldn't Signal allow a bridge or why can't apps like Molly allow access to both the official and federated networks?

[0] https://news.ycombinator.com/item?id=39446183

Why ? Have you tried ?

My reaction to the article was that they're using a lot of words to explain this change. That suggested to me that maybe they aren't being completely candid.

I've never used Signal, because (a) I don't want to rely on a smartphone, and (b) I don't want to use my phone-number as my ID, because it's traceable. I can't work out from the TFA verbiage whether this change addresses my concerns or not. That in itself is concerning, to me.

https://op.europa.eu/en/web/eu-vocabularies/formex/physical-...

The French use « », Italians use ‘regular’ “quotes”, etc.

Strangely enough, this is the first time I see your style of quote, in two decades on the Internet.

Wouldn't say it's "common", because IIRC that's only the case in Germany and Austria.

,comma-backtick` whereas I wrote ,comma-apostrophe'

I copy pasted both btw. You see them both as '? I see GP as having ` and me having '

https://en.wikipedia.org/wiki/Backtick

I'm pointing out that nsxwolf was wrong to ask about comma-backtick, because tcmb used comma-apostrophe.

This matches the German convention described on https://en.wikipedia.org/wiki/Quotation_mark#German.

tcmb: ‚usename‘

nsxwolf: ,comma-backtick`

stavros: ‚comma-apostrophe‘

godelski: ,comma-apostrophe'

Though while copy pasting I see tcmb and stavros as having the same character which is different from the longer character you pasted. Seems my clipboard doesn't like that character. I also seem to have crashed OSX's emoji and symbol tray. No longer pops up if I press the button (bottom left) or select from firefox but got it back by opening safari.

Fuck man, I do not envy you people working on ligatures. Or timezones. I'm always impressed by these random rabbitholes and complexities in things that always look very simple. It's beautiful in a weird way.

Everybody's arguing, then finally all is revealed, and I learned a ton of stuff along the way about German quotation marks and the subtle difference between backticks and opening curly quotes, and low quotation marks and commas, in the Verdana font!

(If this had been a serif font with actual curly quotes the differences would have been much more obvious...)

Six degrees will still exist.

(funny weird thing is that with HD2's server issues due too demand, one way to harvest this would be to create a fake LFG host game and have tons and tons of accounts bang against your HellDiver-Pot - and get whatever you can scrape from that?

---

OK - I actually went down this hole the other daty... you look at the reddit thread on helldrivers for LFG - or the discord...

So on reddit, you just put .json at end of thread - DL the entire thread as json, now you have reddit id, location, play style, etc, details AND their friendcode on HD2... but since they can individually generate random friend codes on any game/system that allows such... you have a breadcrump (with enough attention span to just correlate all the shared info between these friend codes and data received...

still - even with random friend codes - six degrees is still available, easily.??

---

I deeply hope they do a Tech Talk on the post-mortem of this lauch success spiral - its fascinating....

But one thing I am really interested in, this is based on the Autodesk Engine, I know they co-dev-dog-fooded, but I hadnt really known of this engine at all... what little I do know, is that - its amazing...

But I'd really like to know more about the arch and overall traffic flows etc of this game.

Its beautiful see "problems" like this explode in like ~2 weeks.

What do internet traffic graphs look like since growth, per carrier?

They're currently at 394,686 players on steam alone - not including Playstation players. The servers are doing their best right now.

I apologize for not asking a clearer question. I was actually just interested in buying the game, but only if it has public matchmaking built-in for finding anonymous pick-up groups, instead of needing an external Discord server to swap friend codes on.

.>..x###.////3~~E`~,~X>>----- XXNXN x0x

then I know that youre solardev.. and we can be friends in future

(but this model is exploitable in ways, which is premise of many threads here)

The former C++ programmer in me wants to call them "user pointers" but that would just confuse people who haven't learned pointers.

> Each version of the Signal app expires after about 90 days, after which people on the older version will need to update to the latest version of Signal. This means that in about 90 days, your phone number privacy settings will be honored by everyone using an official Signal app.

Which is also an example of a challenge for open ecosystems where everyone can create apps.

I understand that it doesn't outweigh the benefits to everyone, but it is a valid reason.

My understanding is that Signal (the app) is private, not anonymous, centralized, and closed.

The underlying protocol is open and could be used for an open ecosystem, but I didn't think Signal aspired to do that.

The important distinction is that it's not decentralized like XMPP or email, which is a conscious decision: it would become very difficult to change it to add new features and they'd be left behind by closed-source competitors (see: XMPP).

XMPP is underrated. A lot of people are imagining Pidgen in 2011, but the protocol has been extended, the actively developed clients are good, and it avoids the heavier parts of Matrix (both client and server side.) I wouldn't be surprised if Slack's replacement when Salesforce inevitably fucks it up will be XMPP based rather than Matrix.

https://github.com/signalapp/Signal-Android https://github.com/signalapp/Signal-Server

There are forks like Session which doesn't require a phone number to sign up

https://github.com/oxen-io/session-android

The status of open source, privacy respecting messaging apps looks really healthy to me, compared to where we've been over the past 30+ years (thinking starting with ICQ.) Signal was a big leap toward getting average people using much more secure messaging, although it is pretty clear even most 'tech' people don't grasp what is going on or why it is important to be able to use e2ee separate from a combined client+server provider.

But yes, it's also very hard. The bitcoin protocol didn't start out that way. It took a lot of knocks and bruises to get to the point they could upgrade all the servers in the federation.

Interestingly, the method bitcoin came up with allows protocol changes to fail, meaning the bulk of the federation never takes them up. Everyone gets a vote, and it only succeeds if the bulk of the federation upgrades. Perhaps from Moxie's point of view that's unacceptable, as it means he is no longer the dictator of the protocol.

Nonetheless, it is possible to design a protocol so it can be upgraded relatively quickly. Even if you don't do add "quick transition" features to a protocol transitions can still haven. IPv6 will replace IPv4. But as Moxie says, it's painfully slow.

Signal has consistently focused on helping /most/ users do what they want with the app without sacrificing security. This change - away from requiring phone numbers - helps plug one of the biggest criticisms, both on the security and product side. Nothing about their mission requires federation, so I respect that they haven't sacrificed their mission in order to do it.

My mom couldn't receive signal calls on the backup phone I gave her. I had disabled auto-updates since apps break UI sometimes and she gets confused by things moving around.

When I visited, I opened the signal app and was told I had to update.

The Signal team is incredibly clueless and arrogant toward its userbase. It seems to simply not have occurred to them that many people rarely/never have wifi, may not be on AC power when they are on wifi which means the phone may not check for / apply updates, etc.

In the US, cellular is often expensive and slow.

In underdeveloped countries where software like Signal could be really important, all this is even more true.

We get shit crammed down our throats to protect the most obscure edge cases for the smallest percentage of the most vulnerable users - such as not being able to sync messages between devices - but then they pull shit like this which has a huge impact for people in rural areas and underdeveloped countries?

Refusing to deliver is inconvenient.

That is inconsistent with the threat model of a messaging system!

Inherently, a messaging system will deliver a plaintext copy of the message to the recipient(s). Wouldn't be much of a messaging system otherwise.

Once you sent something and it was delivered in plaintext to the recipient, the information disclosure risk is completely out of your control (and out of control of the application in use). The recipient is free to leak it however they wish.

If you don't trust the recipient to keep it private, don't send it.

No need to continuously expire apps in the absence of a protocol breach.

I have no idea if that's what they're concerned about - they may just be being arseholes in this case - but from the outside it seems like a legit reason to build in the capability for app expiration.

I disagree, the worst thing that a messaging system that aims to be "private" can do is to actually not be private. Sending to a known-insecure client is a violation of, like, the one thing signal claims to do.

> If you don't trust the recipient to keep it private, don't send it.

My threat model is some combination of "third party actors who I don't trust" and "second parties who I trust but who are non-experts"[1]. I would like Signal to protect me from the first (by not delivering things to known-insecure clients that can be middlemanned or otherwise discovered) and the second, by having privacy-respecting and mistake-preventing defaults. Things like disappearing messages and such. Keeping my trusted-but-nonexpert peers from making mistakes that can harm either of us in the future is a key part of my threat model.

For example, disappearing messages prevent me from being harmed by my friend, who I trust to discuss things with, not having a lockscreen password and getting warrented by the police. An outdated or third party client that lets you keep them forever, even if well intentioned, can break that aspect of the threat model. And yes, a peer who is actually nefarious can still do that, but that's not my threat model. I think my friends aren't privacy-experts, I don't think they're feds.

[1]: This is, for example, the reason that I think PGP is not a good tool. Even if I do everything right, a well meaning peer who is using the PGP application can unintentionally leak my plaintext when they don't mean to, because of the tool's sharp edges.

Mint will sell you a plan for 5GB of data for $15/mo. Its not that expensive to have a basic cellular plan. And that's assuming you're not poor enough to have your cellular plan almost entirely subsidized. And also assuming you're pretty much never anywhere with wifi.

In the vast majority of markets in the US it'll take a minute or less to download, it'll probably take more time unpacking on your device and installing.

There's cheaper per-gig plans in the US. Visible has unlimited plans for $30/mo which is cheaper per-gig if you use a lot but more if you're using less than 5GB anyways. And if 200MB/yr currently seems like an expensive amount of data to you, you're probably already using less than 5GB a month.

The problem something like this solves is to raise the bar somewhat and discourage a fraction of those who would.

Done right, that fraction will be significant.

The conclusion isn't that Signal should be closed-source, it's that Signal's servers should not trust the clients not to be tampered with. So after 90 days, they will remove phone numbers from the protocol for users who have hidden them, breaking old clients, which is fine. What is the alternative solution you're thinking of?

I have not investigated this at all, but I have enough faith in Signal/Whisper Systems to be optimistic.

That is a fine decision to make for a security-minded app, but signal has always presented themselves as a full alternative to SMS and other messaging systems where availability is prioritized over confidentiality and integrity. It should really be made more clear so that users are making an informed decision. They could also do wonders for the user experience by having the app inform the user of the problem and how to remedy it.

Edit: this is not actually a serious problem for me, don't worry! Rather, I think it's funny. And honestly I kind of like having the numbers required, it's a good idea. It does remove a lot of the vanity from usernames.

People need to get trained out of (even informally) assuming they can identify someone because their username looks familiar, and this is a great way to do it.

Or tons of (mistaken) conversation requests?

... notes HN user jenny91

Because friend codes were so popular on Nintendo.

Hey add me real quick, my id is 12716472-83647281746-8172649! Or use the hash code, 0x28A56ED9! Super easy to remember, way better than giantrobot22 or vel0city66.

- if we don't have usernames we don't have to deal with obscene usernames, trademarked usernames, impersonation claims, and similar

- if we don't have usernames and our generated friend codes aren't guessable, we don't have to worry about people getting random unexpected friend requests from people they don't know

There's also the "weedlordbonerhitler69" issue. A user name that seemed hilarious at 16 likely seems less hilarious at 26.

If users were identified with a hash derived from an input user name you could type in "weedlordbonerhitler69" and what would be displayed is a hash on the client side. The contact add UI could simply return the UID for the input username. So you could give out the UID or username and another user could still add you.

They're not going to get mixed up typing it in from me verbally telling me the name. They're not going to get confused typing it in. And even then, validate the user after, that's another feature of signal is in person/out of band validation of the ends. So start the convo the verify through a channel you otherwise trust.

> There's also the "weedlordbonerhitler69" issue. A user name that seemed hilarious at 16 likely seems less hilarious at 26.

And with their setup you can change it at any time, so once again not really an issue.

Why is it so hard for Signal and Telegram to not require a phone number as an account identifier?

I don't need to verify anything by phone or even email. If I lose the password, the account is lost, so be it. I'll create a new one.

If I really want to, then I'll set up email/phone.

Given that Signal does not have access (by design) to much information about their users when they use the service, they can't really fight spam once accounts are created. You could do spam detection on the client and privacy-preserving voting in order to ban spammers, but the UX would be very poor and that opens a whole new can of worms.

I don't want backups for IM. I don't want my counter-parties to have backups for e2e encrypted IM. I don't want IM to last. Why record every conversation on your permanent record? It's nuts.

For me, having a searchable record of everything said defeats the whole purpose if IM and e2e encryption. I'm sure the NSA like it.

Reasonable people may differ on it.

That's not your choice to make.

I don't want to be randomly assaulted on the street, also not my choice to make. Doesn't make it ok imho.

The encryption key is in cleartext on desktop and the SQLite db is right next to it: ~/Library/Application Support/Signal/config.json

Sadly, from what I’ve seen in similar threads online, it seems the devs are opposed to backups in principle (they believe that chats should be ephemeral and backing up is antithetical to this).

"No one can read your chats, including you." — Signal

Still, I feel it's much more inconvenient than it really needs to be; the correct UX is a button press.

For me this is a requirement to call a service a private service because in Germany at least every phone number is connected with a persons identity. To get a phone number you need to connect it to an identity using a identity card

Phone numbers should have NEVER became an ID. Incredibly hypocritical of Signal to claim "privacy focus" when the lowest layer of the system is literally the least secure identification method we have.

I had two SIM cards dedicated to online crap - one for important stuff like banking, another for social media and such.

both have expired after ≈ 3 months of inactivity, when my 2 week trip unexpectedly took 4 months. those SIM cards weren't physically inserted into my phone - I used to do that once a month to call someone and get billed a few cents so it would remain active, until that trip.

there's no way to get those phone numbers back and it's been an enormous pain the dick. I hate this fucking system, but I hate the fact that fucking everything requires a phone number even more.

If we take privacy issue, it can be divided into 3 segments:

* Privacy of user data. The basic level. When you use Google or Apple, they collect data. Even if you minimize all settings — data is still collected. This data is used to train models and models is used to sell ads, target you or do anything else you have no clue about (like reselling it to hundred of “partners”).

* Privacy against undesired identification. Next layer of privacy. When you want to have some personal life online without sharing much about you. Like Reddit, anonymous forums, or Telegram (to some degree).

* Privacy against governments. The ultimate boss of privacy. When you want to hide from all governments in the world your identity.

Signal was perfect at first layer strong but not perfect at 3rd layer (e2e encryption, no data collection to share nothing with governments who seek for data, good privacy settings, always tell you if your peer logged to new device to protect from cases when government operates with telecom companies and use sms password to make a new login), and almost non present at 2nd because they have no public features except group chats where you share your number.

Now they in one move close gaps at 2nd layer — you can hide phone number and stay fully anonymous, and strength their positions in 3rd layer, leaving the last piece open: government still will know that you have some Signal account.

As for me, this setup solves 99,999% cases for regular people in democratic and semi-democratic countries and address the most fundamental one: privacy of data and actions online.

Yes it is not perfect but barrier for government to spy on me is that high that I reasonably can believe that in most cases you should never be worried about being spied, especially if you live in some places which are named not as Iran or Russia.

The only scenario, in my perspective, you can want to have a login without phone (with all sacrifices to spam accounts, quality of peers and usual troll fiesta in such places) is when you want to do something you don’t want ever be found in your current country.

But in this case, IMO, Signal is the last worry you usually have on your mind and there are a lot of specialized services and protocols to address your need.

Because of your mentioned points I would never recommend Signal, and rather point to Briar as a messenger and group/broadcast platform. Currently, it's still a little painful to use and e.g. QR Codes would already help so much with easing up the connection and discovery/handshake process.

But it has huge potential as both a messenger and a federated and decentralized platform.

I use Signal because I am a "nothing to hide and I like to own my privacy as much as possible" type online person.

Signal == more peace of mind just generally in this online world we have.

Just to be safe here's a copy/paste with the details:

This has been true for many years now. At the time it caused a major uproar among the userbase (myself included) whose concerns were almost entirely ignored. Their misleading communication at the time caused a lot of confusion, but if you didn't know that Signal was collecting this data that should tell you everything you need to know about how trustworthy they are.

Here's some reading from the time of the change:

https://community.signalusers.org/t/proper-secure-value-secu...

https://community.signalusers.org/t/dont-want-pin-dont-want-...

https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin...

https://www.vice.com/en/article/pkyzek/signal-new-pin-featur...

Note that the "solution" of disabling pins mentioned at the end of that last article was later shown to not prevent the collection and storage of user data. It was just giving users a false sense of security. To this day there is no way to opt out of the data collection.

My personal feeling is that Signal is compromised and the fact that the very first sentence of their privacy policy is a lie and they refuse to update it to detail their new data collection is a big fat dead canary warning people to find a new solution for secured communication. Other very questionable Signal moves that make me wonder if it wasn't an effort to drive people away from the platform as loudly as they were allowed to include the killing off of one of the most popular features (the ability to get both secured messages and insecure SMS/MMS in the same app) and the introduction of weird crypto shit nobody was asking for.

This sounds like a bunch of bullshit.

Personally, I am totally baffled by this.

Due in large part to C3's positive influence, Germany is at the forefront of privacy issues and legislation on so many areas, except for this one, which ends up turning into a massive backdoor in the whole edifice. Okay, we can't ask for a copy of your identification card... we'll just use a telephone number or SIM code or something trivially tied back to your IMSI (like an app store account or IMEI) instead. Because of the absurd 2017 law, these are equivalent to your government ID card.

I really don't understand why Germans put up with this while simultaneously pushing so hard for positive changes in every other aspect of online privacy. Especially when so many other developed Western countries do not tie SIM cards to identities: Netherlands, Denmark, Finland, Iceland, Ireland, US, UK, Canada, and many many others.

It's like a giant `sudo gimme-your-identity` backdoor in all the other data collection protections. And nobody seems to care about closing the backdoor.

Anyways - why does nobody care?

Simple: most don't feel this being an issue.

Some may even say that they "don't have anything to hide" and there goes the erosion of privacy, bit by bit - by the time someone notices "ok, this may become a problem" - it'll be too late :(

Even if this is true, how does that benefit Germans?

Nobody's seriously talking about blocking all SMSes at the national border.

But for solutions, can't you just buy a voip number? You just need it for registration and then can dump it. I'm sure you can buy one with cash or zcash if you're really paranoid.

While in the US I don't have to show my gov ID to get a phone number, I don't know anyone who buys a phone with cash except international students. So practically everyone is identifiable anyways. But I'm not sure this is a deal breaker since all I'm leaking is that I have registered a Signal account. AFAIK Signal only has logs of an account existing and last online with 24hr resolution (which avoids many collision deanonymization methods). Even paying with cash is hard as I'm probably caught on camera (but these usually get flushed).

So I'm legitimately curious, why is this a dealbreaker? It doesn't seem like a concern for the vast majority of people, and the problem Signal is solving is secure communication for the masses, not the most secure method possible with unbounded complexity. It's being as secure as possible while being similar in complexity to the average messenger.

No, how would my uncle in the countryside of Vietnam do that? He doesn't have a credit card -- not many here do. He doesn't speak English -- can you find a website that sells voip numbers in Vietnamese? Buying a voip number from a provider in Vietnam has the same exact KYC requirements as buying a SIM, so it is still tied to your government ID and registered forever.

Also buying a VOIP for 1 month costs something like $10 from a quick Google. Average salaries are like $1.50/hour. Nobody is going to pay an entire day's salary to buy an VOIP number they throw for a month just so they can register anonymously for chat.

So, not you can't "just" buy a voip number unless you're a rich Westerner. But who needs privacy more? People in liberal democracies or people in places like Vietnam (literally an authoritarian country where people are routinely imprisoned for speaking against the government)?

> I don't know anyone who buys a phone with cash except international students.

Everyone buys a phone with cash here because few people have credit cards, since there is no such thing as "credit ratings" and it is easy for people to disappear from their debts. There are more people in Vietnam than any country in Europe. We all use smartphones and messenger apps here, too.

Your uncle in Vietnam has a smartphone, no internet, no number, and NEEDS the signal app? He might need solar, electricity and internet first.

I'd be curious if there is a study that has looked into the thresholds for different use cases at which spam account creation drops to negligible amounts and how much price vs anonymity vs difficulty factors into it.

The reasons they need it aren't really that dubious to me: they want to create a service that actual people will actually use, not just weird privacy geeks who never gave up on PGP. Using phone numbers allows for the kind of user discovery that most people expect in 2024, and requiring them inserts a barrier to mass account creation that can keep spam accounts down to a manageable level (especially given the whole point is they can't do content-based spam-filtering in the way that makes email managable).

Personally, my understanding is they've always been trying to develop the maximally private usable chat app, which requires some compromises from the theoretically maximally private chat app.

It's not a fair remark though, all it did was twist what I said into a inflammatory derailment.

The point is there are a lot of (usually technical) people who are too focused one aspect, but are missing the bigger picture. If you follow them, you'll probably get a communication app that only those people can/will use, which has deal breakers for mass-market adoption. And once that happens, those people probably won't use it either, since they want to communicate outside their group.

"not just weird privacy geeks who never gave up on PGP." is simply not conducive towards making your point. You can make your (otherwise solid) point and even win the argument on merit without this sort of thing.

Do people really expect to still exchange phone numbers ?

Fundamentally I don't want people to call me nor SMS me (that's for spam only), most messaging services will allow contact exchange through a QR code inside the app, and if everything else fail an email address will be the most stable fallback.

Yes. This is the norm in the US.

In many countries SMS was either crazy expensive, unreliable, wall gardened to death (can't message people on other carriers...) and had no traction in the first place.

Then phone calls are also crazy expensive: I'm looking at the phone plans right now and the main focus is the data amount. Phone call options are either to only allow for super short conversations for a flat fee (less than 5min per call, for a 25% increase in the monthly plan) or 30 min to an hour of phone call for double to triple the price of the plans.

Moving to an alternative is just the normal course given these incentives, and that's what people did in droves (looking at Japan for instance)