I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
So, you’re going to get two schools of thought on this, and one of them is wrong. Horrendously wrong. For perspective, I was a certified CEHv7, so take that for what its worth.
There’s a saying in security circles “security through obscurity isn’t security,” which is a saying from the 1850s and people continually attempt to apply the logic to today’s standards and it’s–frankly stupid–but just plain silly. It generally means that if you hide the key to your house under the floor mat, there’s no point to having the lock, because it doesn’t lend you any real security and that if you release the schematics to security protocols and/or devices (like locks), it makes them less secure. And in this specific context, it makes sense and is an accurate statement. Lots of people will make the argument that F/OSS is more secure because it’s openly available and many will make the argument that it’s less secure. But each argument is moot because it deals with software development and not your private data. lol.
When you apply the same logic to technology and private data it breaks down tremendously. This is the information age. With a persons phone number I can very likely find their home address or their general location. Registered cell phones will forever carry with them the city in which they were activated. So if I have your phone number, and know your name is John Smith, I can look up your number and see where it was activated. It’ll tell me “Dallas, Texas” and now I’m not just looking for John Smith, I’m looking for John Smith in Dallas, Texas. With successive breakdowns like this I will eventually find your home address or at the very least your neighborhood.
The supposition made by Signal (and anyone who defends this model) is that generally anyone with your private number is supposed to have it and even if they do, there’s not much they can do with it. But that’s so incredibly wrong it’s not even funny in 2025.
I’ve seen a great number of people in this thread post things like “privacy isn’t anonymity and anonymity isn’t security,” which frankly I find gobstopping hilarious from a community that will break their neck to suggest everyone run VPNs to protect their online identity as a way to protect yourself from fingerprinting and ad tracking.
It frankly amazes me. Protecting your data, including your phone number is the same as protecting your home address and your private data through redirection from a VPN. I don’t think many in this community would argue against using a VPN. But why they feel you should shotgun your phone number all over the internet is fucking stupid, IMO, or that you should only use a secure messaging protocol to speak to people you know, and not people you don’t know. It’s all just so…stupid.
They’ll then continue to say that you should only use Signal to talk to people you know because “that’s what its for!” as if protecting yourself via encryption from compete fucking strangers has no value all of a sudden. lol
You have to be very careful in this community because there are a significant number of armchair experts which simply parrot the things that they’ve read from others ad-nauseam without actually thinking about the basis of what they’re saying.
OK. That’s my rant. I’m ready for your downvote.
The only thing I’ll tack onto this is that with the introduction of Signal usernames, you still have to give Signal your number to verify that at least on some level, you probably are a real person. As someone with 5 different phone numbers, probably doesn’t stop spam as much as they’d hoped, but more than they feared, but at least now you don’t have to give that Craigslist guy who uses Signal your phone number, just your username. Is that the best method? I dunno, but but it is something.
I was unaware of this change, and it’s perfectly acceptable. No one has any ground to lambast Signal for requiring phone numbers to get an account. I think that’s a perfectly reasonable spam mitigation technique. The issue is having to shotgun your phone number to every Howard and Susan that you want to use Signal to communicate with.
This was honestly the only thing holding me back from actually using Signal. I’ll likely register for an account now.
If you are even remotely involved in any activist type of things, you certainly don’t want this US government honeypot have your phone-number and device id.
At least in theory, this is mitigated. The signal activation server sees your phone number, yes. If you use Signal, the threat model doesn’t protect you from someone with privileged network or server access learning that you use Signal (just like someone with privileged network access can learn you use tor, or a vpn, etc).
But the signal servers do not get to see the content of your group messages, nor the metadata about your groups and contacts. Sealed sender keeps that private: https://signal.org/blog/sealed-sender/
You would obviously want to join those groups with a user Id rather than your phone number, or a malicious member could out you. It’s not the best truly anonymous chat platform, but protection from your specific threat model is thought through.
edit: be sure to go to Settings > Privacy > Phone Number. By default anyone who already has your phone number can see you use signal (used for contact discovery, this makes sense to me for all typical uses of Signal), and in a separate setting, contacts and groups can see your phone number. You will absolutely want to un-check that one if you follow my suggestion above.
There are some mitigations in place, yes, but Sealed Sender on a centralized platform is snake-oil as someone with server access can easily do a timing attack and discover who communicated with whom.
That a timing attack could be successful is not a given. It’s a possibility, yes, but there is very likely sufficient mixing happening to make that unrealistic or unreliable. An individual doesn’t create much traffic, and thousands are using the server constantly. Calling it a honeypot or claiming the phone number and device is are available is a stretch.
Timing attacks can work in tor when you are lucky enough to own both the entrance and exit node for an individual because very few people will be using both, and web traffic from an individual is relatively heavy and constant to allow for correlation.
A timing attack is extremely realistic when you control one of the end devices which is a common scenario if a person gets arrested or their device compromised. This way you can then identify who the contacts are and with the phone number you can easily get the real name and movement patterns.
This is like the ideal setup for law inforcement, and it is well documented that honeypot “encrypted” messengers have been set up for similar purposes before. Signal was probably not explicitly set up for that, but the FBI for sure has an internal informant that could run those timing attacts.
Spam accounts are clearly the biggest factor for not letting anyone just sign up with an email. Although getting a new email without a phone verification is getting increasingly hard now.
Haven’t seen anyone link this here so I’ll link it myself
https://dessalines.github.io/essays/why_not_signal.html
Some things are outdated, like how you had to give others your phone number (although it’s still necessary for signup) but most of these still hold up
It’s private but it’s not anonymous. they know who is talking to who, but not what they are talking about.
That’s not exactly true. See Sealed sender: https://signal.org/blog/sealed-sender/
Privacy: they know who you are but they don’t know what are you doing/when are you doing. Anonymity: they don’t know who you are.
I assume ease of use and spam prevention.
I think Signal tries to be at least somewhat attractive to the average person who wants more privacy than just using WhatsApp or whatever. Making it easy to message existing contacts helps a lot with adoption.
To prevent spam and to allow people who already know each other’s number to easily contact over signal. If you want an anonymous account use an online sms activation service paid with monero, personally I recommend smspool.net .
Session is what you want. But you have to directly shares each others public keys to connect
I think you can use a pay phone to sign up.
Privacy is not necessarily anonymity. Signal uses a phone number to prevent spam and DDOS attacks on their network. Session doesn’t do this and got wrecked by DDOS attacks to the point where most of the major groups are pretty much dead.
Use Signal to talk to people you know. That’s what it’s for. You don’t use it for anonymous chats.
Because they’re building a private, not anonymous, instant messenger. They’ve been very open about this.
Our phone numbers are not private from them.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
Nothing “derailing” us. Not everyone has the same threat model. The messages are private and that’s what’s most important. Signal can only provide phone number and last connection time to the feds. If that’s too much information for you, then you’re not the target group and have a different threat model.
The messages are private and that’s what’s most important.
No, that isn’t true. WhatsApp has the same lies. Law enforcement connect communication between users at key times and use it as credible evidence. Why would drug exporter 1 be communicating with drug buyer 1 at the exact time the delivery arrives in the country? Law enforcement doesn’t need to know what was written.
What are you talking about? Are you saying sealed sender is a lie? If so, I want some proof.
They are referring to message metadata.
Even if they don’t show the content of messages, if they can show that phone number A is sending messages and getting replies to number B then that’s all the government needs.
For the purpose of operating our Services, you agree to our data practices as described in our Privacy Policy, as well as the transfer of your encrypted information and metadata to the United States and other countries where we have or use facilities, service providers or partners.
They store metadata, which is distinct from encrypted data.
Are you saying sealed sender is a lie?
https://signal.org/blog/sealed-sender/
When you send a traditional piece of physical mail, the outside of the package typically includes the address of both the sender and the recipient. The same basic components are present in a Signal message. The service can’t “see into” the encrypted package contents, but it uses the information written on the outside of the package to facilitate asynchronous message delivery between users.
They have a list of encrypted messages, who it’s from and who it’s to, based upon the sealed sender description. If you are using phone numbers then you are not anonymous, and a TLA agency can search known bad numbers even if Signal does not try to build that graph.
Did… Did you just read the problem they were trying to solve, and just, skip the solution?
No.
We have been exploring techniques to further reduce the amount of information that is accessible to the service, and the latest beta release includes changes designed to move Signal incrementally closer to the goal of hiding another piece of metadata: who is messaging whom.
They haven’t hidden it yet. It’s a goal.
The ONLY data Signal stores about you is your phone number, most recent registration time/date and most recent login time/date. They don’t know who you’re messaging or when you’re messaging them AFAIK.
You can see this for yourself at signal.org/bigbrother
I am really frustrated when this is brought up, since it only shows what they have been collecting so far, not what they’re capable of collecting. The government agencies can force them to do whatever modifications to the server AND to keep completely silent about it. I am still trying to understand whether Sealed Sender would protect from a server collecting and recording ALL the data it possibly can.
Spam prevention
And discovery.
It’s not an argument. Think about regular mobile numbers, are they preventing spams? No.
What kind of spam are you talking about
Scams, girls wanting to chat with you, incredible money opportunities…
I misread the comment you replied to originally (thought they were referring to bot spam prevention)… Signal doesn’t work like the phone network, you can’t necessarily just “call” or “text” a random person. There’s also additional verification before you can send messages sometimes.
deleted by creator
Are you seeing spam on signal? Do you even know why spam is possible on phone networks and what the difference is between phone networks and the internet?
The point, I believe, wasn’t about spam but likely got derailed. It was probably about the phone number requirement being unnecessary. I’ll just add that even if it is, it’s a measure geared towards common users that often need to recover access to their accounts through means they’re already familiar with, as is a verification SMS. It’s not the safest nor the most private, but it’s easier to deal with for most people. Whoever wants something that doesn’t depend on a SIM or eSIM should try Briar and SimpleX. None of these will be a perfect solution for every single person though.
I don’t know what is spam for you, but when you get three message requests from three girls respectively named Tania, Clara and Ella that are contacting you about you carrier or your management skills, I call it spam.
The way that Signal integrates phone number is odd because it opens up the spam door. O understand why Signal use phone numbers this way (to make “normies” adopt Signal more easily like WhatsApp would do) but it not the best to kind of contaminate the network with the traditional cell network
Because Signal has a low user base. Why Spam on Signal, if you can reach everyone with an SMS?
deleted by creator
Privacy ≠ anonymity
Our phone numbers are not private from them.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
It’s libre software. Go host the server and change the clients to connect to your custom server and distribute to the users you need.
How? i wanted to do that but the client doesn’t let you use another server? Host file ?
Are you saying I have to literally rebuild and distribute my own client APK if I want to use my own server? There’s no “settings” in the existing client where you say what server you want to use, like every email client has? That sounds obnoxious.
If you don’t trust Signal to run an unmodified server without malicious modifications, then why would you trust their build of the APK?
To truly be safe from Signal’s influence you would need to audit the source code and build it yourself.
Personally I have no problem using Signal’s servers
To truly be safe from Signal’s influence you would need to audit the source code and build it yourself.
Usually I only install APK’s from F-Droid, which always builds its apps from source, rather than using the developer’s APK. I’m uncomfortable that Signal doesn’t seem to be on F-droid, and I’m in fact hesitant to install it from anywhere else. I’m not currently set up to build Android apps myself. I’m a fairly unsophisticated Android user.
Signal on Android has had reproducible builds for years now.
Sources: Github Readme, Official blog post
Thanks. I’m not a sophisticated Android user and so far have just stayed with installing stuff from F-droid. If the official build matches the F-droid build, that’s great. At some point I want to spend some time bringing up Android build tools, but I have too much other stuff going on right now.
You can use Obtainium and get it straight from Github.
I just checked and I installed Signal from F-Droid.
It says Repository: Guardian Project on the app page.
Interesting, I wonder why it’s not in the main F-droid repo. Thanks.
Agreed, escaping WhatsApp and Discord is the most important part.
edit: nvm i re-read what you wrote
i agree it does mostly fulfill the criteria for libre software. perhaps not in every way to the same spirit as other projects, but that is indeed a separate discussion.
h̶o̶w̶ ̶m̶a̶n̶y̶ ̶c̶o̶m̶m̶u̶n̶i̶t̶i̶e̶s̶ ̶a̶r̶e̶ ̶d̶o̶i̶n̶g̶ ̶t̶h̶a̶t̶ ̶r̶i̶g̶h̶t̶ ̶n̶o̶w̶?̶ ̶i̶ ̶s̶u̶s̶p̶e̶c̶t̶ ̶y̶o̶u̶ ̶m̶a̶y̶ ̶b̶e̶ ̶d̶r̶a̶s̶t̶i̶c̶a̶l̶l̶y̶ ̶u̶n̶d̶e̶r̶s̶t̶a̶t̶i̶n̶g̶ ̶t̶h̶e̶ ̶b̶a̶r̶r̶i̶e̶r̶s̶ ̶f̶o̶r̶ ̶t̶h̶a̶t̶.̶ ̶b̶u̶t̶ ̶w̶o̶u̶l̶d̶ ̶b̶e̶ ̶d̶e̶l̶i̶g̶h̶t̶e̶d̶ ̶t̶o̶ ̶b̶e̶ ̶p̶r̶o̶v̶e̶n̶ ̶w̶r̶o̶n̶g̶.̶.̶.̶
The barrier is that only you and your friends would be using that Fignal or Xignal or whatever home installation, and for that practically, for ease of use, it’s simpler to host Matrix which even a complete idiot can do.
deleted by creator
You could change it to use multiple servers but changing app is faster.
So, escaping WhatsApp and Discord, anti-libre software, is the most important part.
Everything is a balancing act. Privacy, anonymity, and security aren’t the same things. They’re sometimes, and in some aspects always, difficult to achieve without compromising one of the other two.
When you add in the goal of quick, easy setup to make the service useful in the first place. Doesn’t matter how good the service is at the trinity if nobody is willing to use it. Signal just errs on security first, privacy second, anonymity third.
Privacy ≠ Anonymity ≠ Security
Signal fills an incredibly important spot in a spectrum of privacy and usability where it’s extremely usable without sacrificing very much privacy. Sure, to the most concerned privacy enthusits it’s not the best, but it’s a hell of a lot easier to convince friends and family to use Signal than something like Matrix.
