this post was submitted on 23 Nov 2025
4 points (60.0% liked)

Privacy

2941 readers
187 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
4
Signal knows who you’re talking to – Sane Security Guy (sanesecurityguy.com)
submitted 4 days ago by cm0002@lemmy.zip to c/privacy@programming.dev
16 comments fedilink hide all child comments
top 16 comments
sorted by: hot top controversial new old
[–] wildbus8979@sh.itjust.works 18 points 4 days ago* (last edited 4 days ago) (1 children)

Kinda of a poor write up. I have my issues with this but signal doesn't really use phone numbers internally, it uses hashes of phone numbers. It's not as straight forward as this article makes it seem, and this is readily available information that the author could have found.

[–] gtr@programming.dev 6 points 3 days ago (1 children)

Hashing doesn't really do anything because there are too few possible phone numbers. Easy to bruteforce. See the researchers who enumerated the WhatsApp users database recently via the internet...

[–] IceFoxX@lemmy.world 1 points 3 days ago* (last edited 3 days ago)

Hold up. They also have profile pictures and other stuff. So Meta offered the option to create a global phone book, but also to create a phone book of children worldwide + a timeline of profile pictures. Meta's statement was that it wasn't a big deal because it was public data... So Meta's pedos dream phone book is something else entirely.

[–] gtr@programming.dev 6 points 3 days ago (1 children)

In addition to that, in most European countries you have to register with your ID in oder to get a mobile phone number. So its provably end-to-end related to your identity.

I prefer apps that require no phone number. Like Threema, SimpleX, Session, Status, XMPP, or Tox.

[–] IceFoxX@lemmy.world 3 points 3 days ago

The main advantage of Signal was the SMS integration, which meant you no longer had to use the SMS app itself. In addition, SMS messages were displayed like a chat. That's why it needed to be linked to your cell phone number, but since they're no longer allowed to offer that anyway, they could have done a clean sweep of existing accounts and adapted the entire login process.

[–] staircase@programming.dev 9 points 4 days ago* (last edited 4 days ago) (1 children)

My vague memory is that Signal doesn't keep that information, so it couldn't be subpeona'd, indeed they've been asked for it before and declined to share.

BUT IT'S MOOT IF YOUR MESSAGES ARE VIEWED by sender or receiver ON ANDROID, WINDOWS OR IOS. Those operating systems can just view everything you type regardless.

[–] gtr@programming.dev 2 points 3 days ago (2 children)

How does signal match your contacts based on their phone number then?

[–] ReversalHatchery@beehaw.org 2 points 3 days ago (1 children)

by having you trust intel instead of themselves: https://signal.org/blog/private-contact-discovery/

[–] gtr@programming.dev 1 points 2 days ago

Oh but that's still better than I expected.

[–] staircase@programming.dev 1 points 3 days ago

Hence "vague memory". I don't know.

[–] onlinepersona@programming.dev 6 points 4 days ago (1 children)

Should've known this was going to be an ad for SimpleX. They have a hard-on for anti-Signal content. It's nearly as laughable as GrapheneOS's hate for anything not GrapheneOS.

[–] gtr@programming.dev 2 points 3 days ago (1 children)

SimpleX is good tho.

[–] onlinepersona@programming.dev 1 points 3 days ago* (last edited 2 days ago) (1 children)

Sure, if you like Nazis

[–] gtr@programming.dev 1 points 2 days ago

Sorry what?

[–] Kolanaki@pawb.social 6 points 4 days ago

I would hope so. It's facilitating us talking; it kinda has to know who I am trying to talk to.

[–] IceFoxX@lemmy.world 1 points 4 days ago

Well use some p2p messenger with tox protocoll