Privacy @lemmy.dbzer0.com Sunshine (she/her) @lemmy.ca 4d ago

Signal is the No. 1 downloaded app in the Netherlands. But why?

techcrunch.com Signal is the No. 1 downloaded app in the Netherlands. But why? | TechCrunch

Privacy-focused messaging app Signal has been flying high in the Dutch app stores this past month, sitting in pole-position for much of it.

137

You're viewing a single thread.

137 comments

Fuck signal. No "privacy" focused messenger should need a phone number to register...at that point u basically handing the agencys meta data on a platter
- privacy != anonymity
  
  nitpicking
  
  No, that is an important distinction. People have different threat models. For most people, privacy without anonymity may suffice (i.e. I don’t mind that you know it’s me, I just don’t want you to see what I’m sending). For others (i.e. journalists, whistleblowers, more privacy-centric individuals), anonymity may be equally important.
  
  Exactly. And requiring a phone number enables convenience features like:
  
  account recovery
  
  find contacts
  
  be found by other people
  
  Once you have an account, you can disable the phone number and use Hawks usernames instead (can be changed at will) of disable discovery entirely.
  
  It's a pretty reasonable limitation IMO.
  
  "Account recovery", yeah but by whom?
  
  "Find contacts", dont you know who u wana talk with?
  
  "be found by other people" ????
  
  yeah but by whom?
  
  Whoever controls the number. This is fine for 90% of people who hold on to their number, especially since no data is leaked unless you are sent messages after changing your number. But that's the same for SMS, so it's not a downgrade from that.
  
  dont you know who u wana talk with?
  
  Yes, but most aren't on signal yet. When they do join, it's nice for them to know you're on it too so your communication can default to that.
  
  You can disable discovery (I do).
- I know it's not the best, but it is great when you want someone to shift from other popular proprietary app like WhatsApp.
  
  Replacing one phone number based system with another may not be a wise choise.
  
  Wrong again. Please research before you start shouting.
  
  WhatsApp uses the Signal protocol. The difference is, it being owned by Meta, it also logs all the metadata it can alongside your real phone number.
  
  Signal messenger uses the Signal protocol. Contrary to WhatsApp, it does not store any metadata. Your phone number is used by the Signal protocol merely as a cryptographic hash. That means, it's impossible to know who is communicating with whom.
  
  It is not replacing "one system" with "another system". It essence, signal is WhatsApp, but with all the added spying features stripped, none added.
  
  Wise, maybe not. Pragmatic, yes.
  
  Pragmatism got us here. Maybe its time for people to start giving fucks, or like just dont communicate with me.
  
  I suspect most people will take the latter option. Enjoy your "victory".
- Don't let perfect be the enemy of good. Getting people off of proprietary stuff is the first step. Whatever else is the next step.
  
  Anti Commercial-AI license
  
  Why are you licensing your comment?
  
  https://lemmy.world/comment/9850401
  
  https://lemmy.world/comment/9805932
  
  But why do you want to license it at all? It's normally not licensed. When AI vendors break the law they don't care about licenses. Fuck, look at meta.
  
  Hmm, did you read the links I posted?
  
  Sure, what meta did is fucked up, but they are being sued. Just because someone ignores the law, does that mean that we should just stop doing something?
  
  Anti Commercial-AI license
  
  Yes, it did not answer my question. Legally you don't have to do anything to make it so corporations legally can't use this for AI unless you signed away your rights and if you signed away your rights you can't change the license back with a notice. So what's it actually for?
  
  I should probably write a blog post about it. Basically it's there to possibly get commercial LLMs in trouble for scraping licensed stuff. LLMs have been tricked into revealing their training data and gotten in trouble for that. There are also ongoing lawsuits due to those revelations. Maybe the most notable is the one against ~~Github's~~ Microsoft's CoPilot for spitting out licensed (GPL and also copyrighted from private repos) code.
  
  Whether the lawsuits will be successful or not is yet to be determined (Japan already considers nearly everything fair game for training AIs and machine learning). Whether they will have an impact if they are successful is also unknown. It just costs me a key-stroke (and the occasional response to a friendly question like yours), so I do it 🤷 Once all my hope is lost, I might stop.
  
  From another answer. I highlighted the important part, which explains why the explicit link to the license text instead of it being implicit.
  
  Anti Commercial-AI license
  
  I see, so it's just a 🤞 maybe this will be useful in court later thing.
  
  Yep! You got it 👍 It probably won't, but it costs me all of a few milliseconds to a few seconds. I'm a cynic, but not a defeatist.
  
  Anti Commercial-AI license
- You know that your phone number is never saved anywhere? Signal only uses a cryptographic hash of your phone number.
- at that point u basically handing the agencys meta data on a platter
  
  Can you explain what you mean? I'm not sure I understand how that would work.
  
  Well in many nation you can only get a phone number by showing ID, hence the number itself isnt anonymized. So if there is a legal request to signal they hand over the number and u already de anonymized. If you dont use your own number you have to relock signal every week (manual) so the number cant be used for account takeover....why is that lock even on a timer? That just sounds like a trap.
  
  But lets assume u used your own number, and it gets found out. With that number it would be easy af for a state actor to send u a zero day SMS to take over your phone...there are so many reasons why a phone number is just bad to use as a identifier in a privacy focused app. The technical hurdles to allow account creation without phone number or like just to have number as optional, are very low. The official reason for the numbers is spam protection....but there are a lot of privacy messengers out there that dont use numbers and dont have a spam problem.
  
  would be easy af for a state actor to send u a zero day SMS to take over your phone.
  
  Two problema with this logic
  
  do you think a state actor needs to leak the phone number from signal to find out your number?
  
  0-click SMS exploits are possibile, but extremely rare and extremely expensive. Someone with such an exploit won't burn it for random Joe.
  
  Edit: In any case, if your security depends on malicious actors not discovering your phone number, a generally public piece of information, your have no security to begin with.
  
  there are a lot of privacy messengers out there that dont use numbers and dont have a spam problem.
  
  Because they have not users either. You are talking about niches in a niche segment of a niche market.
  
  Using a phone number that is used only for account creation is a non-issue overblown by a lot of people. Your phone number is likely in the contact list of tens or hundreds of people, already comfortably associated with your name and conveniently shared with many applications that your contacts use. The association between phone number and identity is something that telco companies can already (and do) provide to authorities. The only bit of metadata that is added is that "person X uses signal" which in itself is an irrelevant piece of data.
  
  In any case, if your security depends on malicious actors not discovering your phone number, a generally public piece of information, your have no security to begin with.
  
  I am taking the time to remove my info from the various aggregators, and it is scary the kind of detailed info that exists out there just as public information.
  
  As you say, if you are worried about a phone number being tied to your identity, it's already public information.
  
  But that assumes the Signal identity is the same as your IRL identity. Makes not just anonymity (which is often important for safety just as much as privacy!), but multiacc arbitrarily harder. I can't imagine using the same chat account for my online gaming buddies and for my real family!
  
  What you said is exactly the point of preventing spam. Having a real identity attached to a signal identity is the point to prevent spam. There is functionally no difference between your multiaccount and a spammer with 6000 accounts.
  
  I can't imagine using the samw chat account for my online gaming buddies and for my real family!
  
  I can't really see why, but if that's the case, signal is not the application for you, I suppose.
  
  Couldn't you use a signal username with the gaming buddies, and your real name / number with the people that already know it?
  
  I don't use signal much, but I convinced 1 person. They didn't give me their number but gave me a username instead.
  
  There is no option to set a different handle and avatar for different groups of people tho, and I don't remember if the username shows if you get discovered by number. Also, this was just an example - usually you'd have more than two groups you'd want to isolate.
  
  Gotcha, so you can have two "identities" at a time. I guess this is for spam prevention.
  
  Afaik the username does not show if you are added by number
  
  Can you elaborate what would you want to achieve? Are you trying to hide your identity from your interlocutors (e.g., gambling buddies), so that they wouldn't know you are John Doe?
  
  a) yes, exactly this and b) where tf did you take "gambling" here?
  
  Sorry, one person above made the example of the "gaming" buddies, I assumed it was gambling and it was a good use case for an example.
  
  I see anyway, it indeed seems this is not a use-case for signal.
  
  Yeah, but I'd say separating your identities you use for different things is a very basic measure a lot of people would want to use.
  
  Well, it depends how you define different "things". In your example you are talking with people. It doesn't matter with whom or about what, and the service is a meta-service in this sense. You might not want to use the same email for the gambling site and for your school newsletter, but talking with people - information that says private - using a program that identifies you with a number is not the same thing.
- Jmp.chat is worth being aware of
  
  Also you're a wackadoo
  
  Yeah lets use the phone number of a middle man to sign up...sure u wont forget to relock the number every week so they dont get the power for account take over since they manage your number.
  
  So no disagreement on the wackadoo part.
  
  Tbh I hope you're doing something cool with this paranoia. Like I want to see news articles about you secretly fighting evil, not sitting at home playing pirated video games.
- Errybody hatin' your logic but your logic is just that: paranoid and for no shortage of good reason and those are my dice.
  
  Session
  
  GPG

137 comments