• Ganbat@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      2
      ·
      3 months ago

      It’s bad for privacy no matter how you sell it. Unless you have a good amount of disposable income to buy up burner numbers all the time, a phone number tends to be incredibly identifying. So if a government agency comes along saying “Hey, we know this account sent this message and you have to give us everything you have about this account,” for the average person, it doesn’t end up being that different than having given them your full id.

      • calamityjanitor@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        3 months ago

        Another aspect is the social graph. It’s targeted for normies to easily switch to.

        Very few people want to install a communication app, open the compose screen for the first time, and be met by an empty list of who they can communicate with.

        https://signal.org/blog/private-contact-discovery/

        By using phone numbers, you can message your friends without needing to have them all register usernames and tell them to you. It also means Signal doesn’t need to keep a copy of your contact list on their servers, everyone has their local contact list.

        This means private messages for loads of people, their goal.

        Hey, we know this account sent this message and you have to give us everything you have about this account

        It’s a bit backwards, since your account is your phone number, the agency would be asking “give us everything you have from this number”. They’ve already IDed you at that point.

        • Ganbat@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          2
          ·
          3 months ago

          Yep, at that point they’re just fishing for more which, hey, why wouldn’t they.

          It’s a give and take for sure, requiring a real phone number makes it harder for automated spam bots to use the service, but at the same time, it puts the weight of true privacy on the shoulders and wallets of the users, and in a lesser way, incentives the use of less than reputable services, should a user want to truly keep their activities private.

          And yeah, there’s an argument to be made for keeping crime at bay, but that also comes with risks itself. If there was some way to keep truly egregious use at bay while not risking a $10,000 fine on someone for downloading an episode of Ms. Marvel, I think that would be great.

        • Ganbat@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          3
          ·
          edit-2
          3 months ago

          Says right there in the subpoena “You are required to provide all information tied to the following phone numbers.” This means that the phone number requirement has already created a leak of private information in this instance, Signal simply couldn’t add more to it.

          Additionally, that was posted in 2021. Since then, Signal has introduced usernames to “keep your phone number private.” Good for your average Joe Blow, but should another subpoena be submitted, now stating “You are required to provide all information tied to the following usernames,” this time they will have something to give, being the user’s phone number, which can then be used to tie any use of Signal they already have proof of back to the individual.

          Yeah, it’s great that they don’t log what you send, but that doesn’t help if they get proof in any other way. The fact is, because of the phone number requirement, anything you ever send on Signal can easily be tied back to you should it get out, and that subpoena alone is proof that it does.

            • Ganbat@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              4
              ·
              3 months ago

              Please, use some critical thinking here.

              What information? The gov already had the phone number. They needed it to make the request.

              Yes. That’s the leak. A phone number can bridge the gap between your messages and your identity.

              Notice the lack of any usernames provided.

              You literally changed what I said to fit your narrative. Should a government agency already have access to a message and username, and make a legally valid request for the phone number associated with that username, Signal will be required by law to provide it, as it’s already know and proven that they have access to it. The subpoena you provided shows that they already have the phone numbers, so it is moot to this point.

              If they’re getting evidence outside of Signal, that’s outside the scope of this discussion.

              No, it’s not, that was literally the point of the discussion to begin with, you are the one trying to change it.

              …no. It can’t.

              Do you not know how phone numbers work? Generally if you go through a reputable provider, you’re going to be required to give at least your name. Additionally, even if you don’t give them your address, your location can pretty easily be extrapolated from things like the area codes and areas in which the phone number has been used. A warrant/subpoena is all it would take, and since that phone number is already tied to any messages they may have, that ties them directly to your identity.

              It’s proof that it doesn’t.

              This one barely even warrants a response. You’re either being plain obtuse or are genuinely failing to think critically about this, so I’ll break it down for you. They wouldn’t be serving a warrant to or subpoenaing Signal if they didn’t know the accounts in question were involved in something, which at minimum strongly implies that they already have some evidence of these users’ use of the service. Additionally, the fact that they’re subpoenaing so many at once implies they were in some kind of group on Signal.

              Let’s try a hypothetical. Let’s say we have downtrodden citizens A-F, who are using Signal to talk about Bad Government. Now, let’s say someone from BG joins their group undercover and records those messages. Well, now BG wants to punish those poor DCs. If the undercover bad guy already has their phone numbers, job done, they can go find them. If not, all BG has to do is make a legal request for those phone numbers as associated with the usernames, which they do have. That would leave Signal with the choice of complying and directly harming these individuals, or becoming effectively a criminal entity within this territory.

              Now, as for you, you have deflected, misquoted, misrepresented, and employed willful ignorance in this debate, and I will broker no further time for bad actors. Goodbye.

              • Eheran@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                3 months ago

                What a joke. Writes a bad faith(?) 3 page reply, talks shit about the other person and then says he does not reply anymore. Mate, you either reply or you do not. Shouting you opinion and then sticking fingers in your ears is absurd.

                • Ganbat@lemmy.dbzer0.com
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  3
                  ·
                  3 months ago

                  What’s it like to be a clown? Brother, I did not write the bad faith reply here, I was responding to it, as I am now doing once again with you. And as I said, I don’t make time for bad actors who like to run around falsifying information and lying about the contents of my own previous responses, which is why I blocked them, and which is why I’m now blocking you.

                  Get a life.

    • 0x0
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      Signal requires that as well. Their privacy is definitely not bullshit.

      These two sentences are contradictory.