Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday February 27, @10:47AM   Printer-friendly
from the they-still-get-your-digits dept.

Signal now lets you keep your phone number private with the launch of usernames:

Signal is launching usernames, the company announced today. Up until now, you have had to give someone your phone number to chat with them on Signal. Now you can create a unique username that you can use instead. Usernames are currently launching in beta and will be rolling out to all users in the coming weeks. Signal still requires a phone number when registering for the app.

As end-to-end encrypted messaging apps go, Signal stands apart as one with the strongest security and privacy features. By allowing users to now keep their phone numbers private, Signal is closing one of the few loopholes that could allow hacker's access to a victim's messages — where hackers hijack the phone number at the phone carrier level used to register with Signal.

Usernames in Signal do not function like usernames on social media platforms, the company says. For example, Signal usernames are not logins or handles that you'll be known by in the app. Instead, they're just a quick way to connect with someone on the app without sharing your phone number.

If you create a username, your profile name will still display whatever you set it to, and won't show your username. People you message on the app also can't see or find your username unless you have shared it with them. If someone wants to talk to you on the app, they will need to know your exact username because Signal doesn't provide a searchable directory of usernames like X and Instagram do. Or, you have the option to generate a QR code or link that directs people to your username.

Once you create a username, your phone number will no longer be visible in Signal to anyone running the latest version of the app if they don't already have it saved in their contacts. When you message people either directly or in group chats, your phone number won't show up, as users will only see your profile name and image. However, if you still want people to see your phone number when you message them, you can change the default setting in your "Phone Number" settings.

To create a username, go into your "Profile" settings. From there, choose a unique username that has two or more numbers at the end of it. You can change your username as often as you want, and you also have the choice to delete your username altogether if you don't want one anymore. The company says it created usernames to be easily changeable so that you can choose to make a specific username for things like a conference or a group trip, and then change it once it's over.

To start chatting with someone via their username, you need to open the "New Chat" screen in the app and type in their username.

Signal is also introducing a new privacy setting that will let you control who can find you on the app with your phone number. Up until now, anyone who had your phone number, whether they got it on social media or a business card, has been able to find you on Signal. Now you can restrict this by going into your settings and navigating to the "Who can find me by my number" setting and selecting "Nobody."

If you select the "Everybody" option, this means that anyone who has your phone number can type it into Signal and send you a message request, which you can of course reject or block.

I don't trust Signal:

Occasionally when Signal is in the press and getting a lot of favorable discussion, I feel the need to step into various forums, IRC channels, and so on, and explain why I don't trust Signal. Let's do a blog post instead.

Off the bat, let me explain that I expect a tool which claims to be secure to actually be secure. I don't view "but that makes it harder for the average person" as an acceptable excuse. If Edward Snowden and Bruce Schneier are going to spout the virtues of the app, I expect it to actually be secure when it matters - when vulnerable people using it to encrypt sensitive communications are targeted by smart and powerful adversaries.

Making promises about security without explaining the tradeoffs you made in order to appeal to the average user is unethical. Tradeoffs are necessary - but self-serving tradeoffs are not, and it's your responsibility to clearly explain the drawbacks and advantages of the tradeoffs you make. If you make broad and inaccurate statements about your communications product being "secure", then when the political prisoners who believed you are being tortured and hanged, it's on you. The stakes are serious. Let me explain why I don't think Signal takes them seriously.

It is worth a read, but remember that it is only his personal viewpoint.


Original Submission

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Insightful) by cykros on Tuesday February 27, @11:43AM

    by cykros (989) on Tuesday February 27, @11:43AM (#1346471)

    Signal went from being a great way to have secure SMS options and replace your existing SMS app to being just another encrypted messaging tool when they disabled the option to send regular SMS.

    If I wanted to just use it to send the equivalent of encrypted instant messages, I'd be using pidgin + OTR. And, you know, NOT letting Google or Apple push potentially toxic updates to the app because Moxie refuses to publish in third party app stores.

    Thanks, but no thanks dude.

  • (Score: 5, Interesting) by Thexalon on Tuesday February 27, @12:38PM

    by Thexalon (636) on Tuesday February 27, @12:38PM (#1346473)

    This kind of information is always private to anyone without a subpoena or search warrant or "national security letter" or access to any of the systems Signal depends on to successfully send the message, you mean.

    There have been many many attempts to set up allegedly-secure messaging systems. When the guys with guns and official government authority come knocking, you'll quickly learn that those systems aren't secure at all.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
  • (Score: 2) by darkfeline on Wednesday February 28, @04:26AM

    by darkfeline (1030) on Wednesday February 28, @04:26AM (#1346597) Homepage

    If you think the average user is capable of understanding tradeoffs and explanations, you have your head too far out of reality.

    --
    Join the SDF Public Access UNIX System today!
(1)