Signal To Move Away From Using Phone Numbers as User IDs

Secure instant messaging app Signal launched this week a new feature called "Signal PINs" which the company says will help users migrate account data between devices. From a report: Signal says that in the long run, this new feature is the base and the first step towards moving away from using phone numbers as profile IDs. The new Signal profile PIN feature is already live and available for all Signal users. The feature can be enabled in the Signal Settings section, under Privacy, and the Signal PIN option. Once enabled, users will be asked to create a PIN code that will be associated with their account. The PIN can be anything from a four-digit number to a long alpha-numerical string.

Mine's gonna be....

[cayenne8]

1....2....3...4...........5

Re:

[lgw]

This is awesome though. I use Signal a lot - but the point is to decouple my calling and texting from a specific phone, which doesn't work if Signal ties everything to a phone number. I want to be able to send and receive calls and texts from more than one phone without the people on the other side caring about that. My identity is me, not my phone.

Re:

[nospam007]

" My identity is me, not my phone."

If somebody stands behind you when entering the pin, it's your Ex-identity.

Re:

[lgw]

If somebody stands behind you when entering the pin, it's your Ex-identity.

Um, OK? Is that a real problem in your life? Did you buy from a furniture company that said "we stand behind every sale" only to find out they were being literal?

Re: Mine's gonna be....

[BAReFO0t]

Wait, where do people not stare at you like "go away!", when you keep standing close to them or staring at the keypad they are supposed to enter their PIN into?

Do you also not bother if somebody behind you might see your phone display on public transport? (Remember, much more common outside of rhe US.)

Cause then it's just you, dude, and we think you are a risk and won't entrust anything private to you.

Re:

[nospam007]

"Wait, where do people not stare at you like "go away!", when you keep standing close to them or staring at the keypad they are supposed to enter their PIN into?"

No, that guy way behind has a phone, with a gazillion cameras and a 100 times zoom and filming your hand, he's not texting his girlfriend.

Re:

[JfTbUwZbCa2T]

Decoupling is fine. Implementation by forcibly uploading user's contacts, history, logs, etc. to the cloud is NOT okay.

Re:

[lgw]

The two things are unrelated. Don't yell at Signal for good decisions because they made bad decisions elsewhere, or they'll never learn anything. If you don't like the cloud, use a different product, one that's actually security focused. Demand your money back!

Re:

[tricorn]

You aren't required to give it access to your contacts.

I agree that it would be nice to let it use your contacts without also doing the Contact discovery, but even if it does, they do a pretty good job of matching contacts without revealing them.

You contacts aren't being uploaded!

[BAReFO0t]

They are hashed locally! Only the hashes are uploaded. Which is necessary in any case, since otherwise, who would the server send the message to? There is no way around some from of (anonymous) ID, unless you want a direct connection, which equals exposing your IP to the other side, and your connection to everyone in-between.

The only way to improve on this, is to use a mix (like TOR) for direct connections. And ephemeral session IDs, if you want to stay anonymous to the other side of the communication too.
A

Re:

[antdude]

https://www.youtube.com/watch?... [youtube.com] :P

Re:

[cayenne8]

LOL....

Glad someone got it....

Re:

[antdude]

It's a classic and a meme! :D

Signal is getting a ton of flak

[systemd-anonymousd]

If you're out of the loop, the Signal devs rolled out a mandatory feature and are getting a ton of flak for it. People aren't upset about usernames, they're upset that Signal now requires you to enter a PIN and then uploads your data to their cloud service, encrypted with that PIN. You can't opt out and there's a giant nag screen until you give in and set a PIN. The app is also incredibly opaque about why you need this and what it's going to be used for in the future. So far it's being used to upload your contacts, contact history, list of chats, and associated metadata.


The community is voicing their feedback here, so far without any dev response: https://community.signalusers.... [signalusers.org]

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[systemd-anonymousd]

The PIN is at least a four-digit numeric encryption key that protects your data. I.e., when a three-letter-agency serves Signal with a warrant to hand over a backup of their server, the data you've been forced to upload to Signal will withstand a brute force attack for 0.25 seconds. Because of their architecture a PIN is apparently required to support usernames, a much requested feature, but I don't know why.

Re:

[Xylantiel]

Signal PINs were already being used to prevent someone else from swiping your phone number's receipt privileges on Signal's message delivery service. That context makes sense because it is possible to limit the number of tries. But using them alone as an encryption key makes no sense for the reason you say. Also, why would they need to store your contact data on their servers if it is fully encrypted? Currently the way you sync this info to a desktop client is via a picture of a QR code, which, I think,

Re:

[JfTbUwZbCa2T]

Not just this, but "to make sure you don't forget your PIN" Signal will nag you periodically to enter your PIN whether you want to or not. It cannot be disabled. A more jaded person than I might think the nag will be used to sneak in features users don't want in a way defensible in court. "They entered their PIN your honor. How can they say they didn't want the feature when they clearly took action to permit it?"

Re:

[systemd-anonymousd]

And it's mandatory, with no opt-out. You're forced to upload your data to their servers when it worked just fine before.

Moxie Marlinspike should change his name to Proxie Marlinspike

Re:

[egyas]

Does the data that is uploaded include the conversations and history themselves?

Re:

[systemd-anonymousd]

Not at this point, though, but that's a planned feature according to their blog.

Re:

[Lynchenstein]

Not at this point, though, but that's a planned feature according to their blog.

Good to know and that's a real cause for concern.

Re:

[egyas]

Indeed. We need a good, end-to-end encrypted app that does not share any more info than is necessary to operate. No cloud storage of contacts, history, etc. You move phones? No easy "restore from the cloud" options. Just document the manual restoration process, and let people decide if that's within their skill-set.

Maybe I'm being naive on the technical necessities of the way this app works, but what NEED is there to store things meta-data, contacts, message history,. etc. Especially on their own clou

What a hell took them so long?

[LowerThanZero]

... and why did they think phone number was a good idea to begin with?

Re:

[John.Banister]

A friend tried to get me to use Signal, and I found that I couldn't use it without making it my default text messaging app. The requirement suggests a fairly strong link between the app and the phone number. I convinced my friend to, in my case, go with Telegram instead.

Re: What a hell took them so long?

[mr.morbo]

That's false. It asks if you'd like it to be the default, and it's clear you don't need to.

Re:

[John.Banister]

It could have been a personal problem. I didn't put much time into it. But, I remember wanting to use it without changing my default texting app and not seeing that option, so what was "clear" to you wasn't to me. But that's fine. Telegram is doing a good job, and my friend likes the stickers.

PIN in Messaging app? Have I heard that before?

[williamyf]

Blackberry Signal PIN

cue Lawsuit in 5...4...3...2...

No thanks on storing my contacts in the cloud

[dw5772]

I'd prefer not to store my contacts on Signal's servers. Doing so creates a little dossier on me that is only as secure as Signal's encryption. Even if the encryption is solid, good encryption today may not be tomorrow.

I've been ignoring the "CREATE PIN" dialog for weeks now. Hopefully this is equivalent to opting out.

Please choose another PIN

[dremon]

"Your PIN is already taken by user d.trump, please choose another PIN".

Enabled?

[JfTbUwZbCa2T]

It's mandatory. Users who don't want it are being forced to create one or face a full-screen nag that can't be dismissed. Creating a PIN grants Signal the permission to store your contact list and other information in the cloud.

Re: Enabled?

[mr.morbo]

I hadn't read their blog when it started asking me. They always had a local pin to protect the app so it seemed normal.

I'm thinking it's a bit smarmy. They made a lot of noise about having zero knowledge about users then they go on to set up a system which uploads your contact list to them, protected by a 4 digit PIN (pin is the default, how many will choose 4 digits like 0000 just to shut it up?

Warrant canary, much?

Wire

[MinkeyBrines]

Just use Wire Messenger, instead. No phone number required. Open source. Self-hosting capable.