All they'd learn that way is that that phone number has a Signal account, when it was registered, and when it was last active. In other words, it doesn't tell them whether it's part of a given Signal group. (See https://signal.org/bigbrother/.)
They publicly publish these requests. You can see how little information is provided — just a phone number and two unix timestamps IIRC.
https://signal.org/bigbrother/
I might be misremembering or mixing memories but i remember something about them only storing the hash of the number.
So the FBI cant ask what phone number is tied to an account, but if a specific phone number was tied to the specific account? (As in, Signal gets the number, runs it through their hash algorythm and compares that hash to the saved one)
But my memory is very very bad, so like i said, i might be wrong
It would be absolutely trivial for the FBI to hash every single assigned phone number and check which one matches. Hashing only provides any anonymity if the source domain is too large to be enumerable.
You don't even need to think about how the hashing scheme and salt is set up. If Signal can check if a phone number matches the hash in any reasonable amount of time (which is the whole point of keeping a hash in the first place) then the FBI can just do that for all phone numbers with very realistic compute resources once they get Signal to cough up the details of the algorithm and magic numbers used.
If the Signal Messaging LLC is compromised, then "updates", e.g., spyware, can be remotely installed on every Signal user's computer, assuming every Signal user allows "automatic updates". I don't think Signal has a setting to turn off updates
Not only does one have to worry about other Signal users being compromised, one also has to worry about a third party being compromised: the Signal Messaaging LLC
They aren't allowed to tell you by law, and courts work with prosecution to keep implementation details away from the public, and investigators will engage in parallel construction to obfuscate the sources of evidence. That's just on the normal law enforcement side.
Once you get into the national security side, the secrecy is even higher.
"Carrying this speculation a step further, it is possible that the available tools have been compromised either in individual instances or en masse. Even where security products are open-source, adequate security evaluations are difficult to conduct initially and difficult to maintain as the products evolve. Typical users upgrade their software when upgrades or packages are offered, without even thinking of the possibility that they may have been targeted for a Trojan horse."
Whitfield Diffie and Susan Landau, Privacy on the Line: The Politics of Wiretapping and Encryption (MIT Press: Cambridge, 2007), 372
You can't sign up without one, and it being an option means people who are in danger won't do it.
Also, if someone's phone is confiscated, and you're in their Signal chats and their address book, it doesn't matter if you're hiding your number on Signal.
It's better to just not require such identifying information at all.
That's true for any system where you have contacts linked. Same thing happens when you have names and avatars.
If you don't want to link your contacts... don't link your contacts...
But this doesn't have the result that the GP claimed. The whole network doesn't unravel because in big groups like these one number doesn't have all the other contacts in their system.
For people that need it:
| Settings
|- Chat
| |- Share Contacts with iOS/Android <--- (Turn off)
|- Privacy
| |- Phone Number
| | |- Who Can See My Number
| | | |- Everybody
| | | |- Nobody <----
| | |- Who Can Find Me By Number
| | | |- Everybody
| | | |- Nobody <----
| |- App Security
| | |- Hide Screen in App Switcher <---- Turn on
| | |- Screen Lock <---- Turn on
| |- Advanced
| | |- Always Relay Calls <-----
If you are extra concerned, turn on disappearing messages. This is highly suggested for any group chats like the ones being discussed. You should also disable read receipts and typing indicators.
I would imagine that the issue that people have here isn't so much that you can hide from other users, but whether or not you can hide your information from the company behind Signal. I'd assume that if you can't hide from the company, then you can't hide from the US government. We know that you can extract messages from a compromised phone because they aren't encrypted at rest. Which I guess would mean that even if you have disappearing messages and similar, your messages could proably still be extracted from a group chat with a comprimised user in it.
If we go full tinfoil, then do you really trust Apple and Google to keep your Signal keys on your device safe from the US government?
It's probably not that bad, but I do know that we're having some serious discussions on Signal here in Europe because it's not necessarily the secure platform we used to think it was. Then again, our main issue is probably that we don't have a secure phone platform with a way to securely certify applications (speaking from a national safety, not personal privacy point of view).
Signal's messages are encrypted at rest though? Because Android and iOS are both full disk encrypted.
I do agree with that when you can't hide from the company, you can't hide from the US government either.
Regarding attacks, even if your current app is e2ee then this could be subverted by simply updating it to a newer version that isn't. Yet another is that when somebody gets full control over your phone, then no system will protect you as the device is functioning as intended (showing you the messages), it just doesn't know that it's no longer the owner of the phone reading them.
> Signal's messages are encrypted at rest though? Because Android and iOS are both full disk encrypted.
So just a point for people to be aware of, and that this isn't unique to Signal. Android and iOS can read your Signal messages under 1 of 2 conditions:
1) Toast notifications include messages
2) Keyboard
The first one is obvious as the OS has to see the message. So someone *with access to your phone* (already compromised) might be able to read messages (or at least partial) through this mechanism. Signal allows you to turn this off and if you're concerned, you should do so.
The second is less obvious and unfortunately with iOS I don't think there's a solution. Under Android, by default, Signal uses the incognito keyboard. Android promises not to use typing patterns for its learning but like Apple you ultimately have to trust them. But unlike Apple you can install 3rd party keyboards from Fdroid which are entirely local (some even have learning capabilities and plenty have local STT).
But again, neither of these are actual issues with Signal or any other E2EE app. The problem is the smartphone.
> I do agree with that when you can't hide from the company, you can't hide from the US government either.
Nitpick:
I don't think you can hide from targeted government surveillance. Or at least you have to go to some serious lengths to. But I do strongly believe that apps like Signal help you avoid dragnet operations and mass government surveillance. We should differentiate these types of things. I'm no doing anything nefarious so I'm not concerned with the former targeted surveillance (though I still dislike it in principle), but mass government surveillance is, in my view, a violation of my constitutional rights and everyone should take steps to fight against it.
Truth is, most mass surveillance can be avoided fairly easily: use an E2EE communication app like Signal (cross platform) or iMessage (security only with your Apple friends), install an ad blocker, set "do not track" in your browser, get a cookie destroyer (or use incognito/private), and disable tracking in each and every app (annoying...). This isn't a perfect defense from mass surveillance but it sure does get rid of like 80+% of it and that's a really good step in the right direction. There's no such thing as perfect privacy or perfect security, there's only speedbumps and walls. The intention is to make it hard and costly.
I nitpick because people do not differentiate these two and become apathetic. Acting as if it is pointless to make these changes. But mass surveillance (and surveillance capitalism) is where the disinformation campaigns and manipulation comes from. Unless you're some elite criminal then framing the conversation as "you can't hide from the government" is naive. Besides, I'm not trying to hide from the government. I have nothing to hide. But the checks and balances are that they have to have a reason to look. Get a warrant or GTFO. That's what making these types of changes is the equivalent of.
This is HN, so don't write as if this was Twitter. We don't need to be shallow. I'm not AI, so I mean this with all due respect and not just because an AI won't say this: you can fuck off.
> When the phone is taken from you, you'll not be typing them in anyway.
Your phone can be compromised without it being taken from you. You're smart enough to be able to figure that out :)
What better alternatives do we have? Not tying my account to a phone number, but rather saving thirteen words, is exactly the UX I've always desired. I don't even need privacy, but I hate losing things when I inevitably lose my phone number.
Bots can authenticate just as well as human users. Both bots and trolls are completely different set of issues that cannot easily be solved, regardless of your approach.
You will need to implement some very invasive issuing mechanism to ensure that only those with a pulse can procure new keys. Even then, keys will still be bought or stolen - as was the case with pre-Elon Twitter checkmarks.
In Europe some countries have ID cards which have a private key on it. If you report it stolen it goes into the revocation list and they issue a new ID card to you.
One phone gets compromised and the whole network is identified with their phone numbers.