Sheesh, the US is sure getting scary. Well, it's a good thing it would be impossible to trace Signal to someone via metadata like a phone number, right?

DJ Putler@lemmy.ml · edit-2 16 hours ago

Sheesh, the US is sure getting scary. Well, it's a good thing it would be impossible to trace Signal to someone via metadata like a phone number, right?

floquant@lemmy.dbzer0.com · 5 hours ago

All your phone number provides is that you have ever used signal? Not what tower you’re connected to and therefore approximate realtime location? Your full identity via your telco? Social graph and history of your calls and texts?

I’m not saying it’s their fault or that they are volunteering any information, but that’s how it is for any US-based corporation (doesn’t matter if it’s a nonprofit, any legal entity that can be subpoenaed)

jabberwock@lemmy.dbzer0.com · 26 minutes ago

This is fundamentally not how Signal works, but you are generally correct in that a phone number has been shown to provide a lot of context for a person (or a device, at least). But Signal (the app) only uses a phone number for initial verification of an account. You have a lot of options to break that association with you - use a landline and get a call verification code, use a VoIP number (assuming you trust the provider), use a burner SIM, etc.

Once you have an account, you can choose to identify yourself on the network solely via username so the registration number is not presented to other users. The Signal protocol itself is well-audited and generally secure.

If your issue is with Signal the American company, use an open source fork like Molly with your own UnifiedPush instance. Then you’re only trusting them with transport of your encrypted messages, which again have shown to be secure at least in public audits.

xthexder@l.sw0.com · 4 hours ago

The government already has access to every phone number in existence. They can already track every phone to figure out who attended a protest or whatever. Filtering down to “all phone numbers who’ve ever connected to Signal” doesn’t exactly narrow anything down. They don’t have any metadata about who you were chatting with.

SpookyBogMonster@lemmy.ml · 4 hours ago

The government already has access to every phone number in existence

They used to publish them in big books, even

☂️-@lemmy.ml · edit-2 3 minutes ago

government already has access to every phone number in existence

that’s precisely why you should not trust services that require it as private. phone number = identification.

plus apparently your government considers you a terrorist if you do.

rumba@lemmy.zip · 3 hours ago

If the only data surfacable from Signal is the phone number, not the crypto conversation, they didn’t source you on signal and get your number, they got your number through other means and used it to prove you use signal.

They can’t see the conversation to contents to supoena the number to id.