This is fantastic! I also love that there is the QR code generator. It'll make connecting easier.
I hope moving forward we can have multiple usernames and profiles. This would greatly increase privacy since we may have different identities in different social groups. Even on HN a lot of us have multiple personas. I find one of the big challenges is actually handling these different identities as most software only assumes you have one. Though it seems to be common on social media like twitter or instagram. But bitwarden still doesn't know how to differentiate microsoft logins lol
Edit: I'd love in the future to also see things like self destructing or one time links. I don't think these should be hard to implement, especially if one can have multiple usernames. Certainly a limit like 3 would be fine with the numbers, right? Personally I wouldn't be upset if multiple names became a premium feature but I'd strongly prefer if it wasn't. I get that signal still needs money (https://news.ycombinator.com/item?id=39446053)
> But bitwarden still doesn't know how to differentiate microsoft logins
To be fair to Bitwarden even Microsoft doesn't know how to differentiate between multiple Microsoft logins. As of at least a year ago, you can technically have different logins with the same username/email identifier, and different login prompts will behave differently.
Also nice to mention that some of those are connected and some are not. For example I have a personal account (that I did not create but appeared magically at some point; it behaves as totally separate), a work account (main work tenant) and three guest work tenants that share the password, but don't share the 2fa. For some apps you chose the tenant, but not for all.
Oh yeah it was more a joke than anything. Microsoft is just creating such a shitty environment. I can be logging in from my company portal where they know the identifier yet I still have to add @company.com. I mean I got one for my job, for my university, for conferences (CMT), and I swear I'm forgetting 30 others that I only use once in a blue moon.
They also are real shady with yubikeys. You can't set them as default but you can set "security key." So the process ends up being it assuming you want to use Hello (which breaks my Outlook... wtf), clicking use another device, security key, clicking next, then finally typing in your credentials. The next part makes me real suspicious since all the other dialogues go to the next page without clicking next. Why just this page? It's some weird dark pattern bs.
I'd call it malicious, but I think maliciousness requires intent. A chicken running around with its head cut off isn't really malicious if it runs into you.
indeed, with an incoming Teams meeting invite, it should be determinable from the sender's context which account should work on the meeting. Instead there is 2 minutes of waiting, and what seems like pot luck with the account.
Telegram has had all of these features for a while… too bad it isn't as secure as signal or it'd be perfect, since it's also written in a real GUI toolkit and present in distribution repositories.
I do wonder how telegram and signal are planning to finance it long term. Telegram is adding absurd paid features like exclusive animations, which won't earn nearly enough to cover the costs.
I wonder where signal is about keeping the servers up, since they hate federation so much.
Telegram and Signal solves very different types of privacy issues.
Telegram is good, as you mention, to be relatively private in groups/chats/channels without a need to expose neither your phone nor even a nickname (unless you live in autocratic countries — will come to this later).
But it comes with costs. First, their p2p communication is not e2e encrypted by default. Not to say that all comments/group chats are not encrypted too, unlike let’s say WA.
Second, Telegram API. It gives too much information. You can do a lot with it: read history, track changes of usernames, etc. For example, it is quite easy to obtain an internal user ID and there are black market services and databases where they promise to connect that ID with phone number if that account ever had privacy settings switched off in the past.
Claimed that they kind of scrape all accounts and pair ID for those where privacy settings set poorly. Even if you change it later — your internal ID and that scrape will state forever.
Third, Telegram was funded by Russian government since Durov had issues with SEC. He raised money from different Russian state-owned banks like VTB, issued bonds which are traded in Saint-Petersburg stock exchange, and even take some money directly from Russian government though a Qatar proxy-company. Not to say, that there are cases when TG was involved in criminal charges against people (the most famous one is story with Ryanair plane being forced to land in Minsk to arrest Lukashenko’s critique) and it was never directly addressed and explained by company how exactly those people was caught and how company protect against “SIM card replacement” cases (Signal at least inform me everytime my peer logged to new device).
Selecting between Signal with AFAIK no known cases of charges in dictatorship countries like Russia, funded by non-profitable charity, and TG without default e2e encryption, public API and Russian-state funding, is quite obvious for me.
Don’t worry, telegram is now gatekeeping certain privacy settings behind the premium subscription like it’s 2003.
They also make it difficult to hide your pseudo identity from your phone contacts. I’ve had all the “discover contacts” settings turned off, and simply reinstalling the app caused people to be given my username without my consent. Settings somehow magically switched themselves back on and I couldn’t turn them off until after the damage was done.
There was no confirmation prompt. Pretty sure this happened to me more than once.
Telegram isn't a messaging service. It's a social network with a messenger UI. Quite ingenious, if you'd ask me, but a social network and a private messenger can't really be reconciled into a single product.
I don't want to be too dismissive of Matrix, but I also see these types of comments as understanding what problem Signal is actually addressing: security for the masses. There's no way I'm getting my grandma on Matrix and you're delusional if you think she can setup a server. But it isn't hard to get my grandma on Signal and that's a much better security feature than federation or even not having phone numbers. If I want extreme security, you're right that there are better tools. But my threat model isn't trying to avoid nation state actors, it's mostly about avoiding mass surveillance, surveillance capitalism, and probably most importantly: sending a message to the gov to fuck off with all this spying. At the end of the day, there's no other app that's even close to fulfilling those needs.
I didn't realize my comment rose to the top. When I had written this I had also written this comment[0] which was the grandchild of the top comment at the time. It has a bit more details on my thoughts/reservations of federation. tldr is mostly about avoiding centralization. This remains an open problem and I think it is far too easily dismissed. But federation isn't solving the problems people want it to if it's federated like email and web browsers. That's just mostly centralization with all the headaches of federation.
And to anyone complaining about lack of federation, what's stopping you from running your own Signal server? Sure, it won't connect to the official channel, but is that a roadblock? Even Matrix started with one server. This is a serious question, is there something preventing this? Because if the major problem with Signal is lack of federation, I don't see why this is not solvable building off of Signal and not needing to create a completely different program. Who knows, if it becomes successful why wouldn't Signal allow a bridge or why can't apps like Molly allow access to both the official and federated networks?
> Note that even once these features reach everyone, both you and the people you are chatting with on Signal will need to be using the most updated version of the app to take advantage of them.
> Each version of the Signal app expires after about 90 days, after which people on the older version will need to update to the latest version of Signal. This means that in about 90 days, your phone number privacy settings will be honored by everyone using an official Signal app.
Which is also an example of a challenge for open ecosystems where everyone can create apps.
I understand that it doesn't outweigh the benefits to everyone, but it is a valid reason.
The apps and most of the backend are open source too, not just the protocol.
The important distinction is that it's not decentralized like XMPP or email, which is a conscious decision: it would become very difficult to change it to add new features and they'd be left behind by closed-source competitors (see: XMPP).
> My understanding is that Signal (the app) is private, not anonymous, centralized, and closed.
You are right about that.
There used to be an open source build called LibreSignal
Moxie Marlinspike made clear [1]: You may inspect the code. You are even allowed to compile it. You are not allowed to connect your self compiled client to our message servers. We are not interested in a federated protocol. Make sure your fork creates its own bubble that does not overlap with Open Wisper Systems. Stop using the name Signal.
It's not [attempting to be an open ecosystem]. Their ToS used to forbid using third party clients. I don't think this has changed. They haven't banned anyone for using third party clients (to the best of my knowledge), but they're openly against an open ecosystem.
It's private, centralised and the network is closed (e.g.: non-federated), but the source code is public and open source. I think that for the server implementation they do code dumps every once in a while, rather than continuously keep it public.
I wish it were more obvious that Signal expires its apps every 90 days.
My mom couldn't receive signal calls on the backup phone I gave her. I had disabled auto-updates since apps break UI sometimes and she gets confused by things moving around.
When I visited, I opened the signal app and was told I had to update.
I have been bitten by this in the past. At least now they give warnings in-app that the app will expire soon. But if you don't use the app regularly, you wouldn't even know. Also, I'm not aware of any other apps that die in this way, so it's not like people are in the habit of periodically checking the app to make sure they're still on a version that can receive incoming messages.
It's patently unforgivable that a message would not be delivered because the client is out of date.
The Signal team is incredibly clueless and arrogant toward its userbase. It seems to simply not have occurred to them that many people rarely/never have wifi, may not be on AC power when they are on wifi which means the phone may not check for / apply updates, etc.
In the US, cellular is often expensive and slow.
In underdeveloped countries where software like Signal could be really important, all this is even more true.
We get shit crammed down our throats to protect the most obscure edge cases for the smallest percentage of the most vulnerable users - such as not being able to sync messages between devices - but then they pull shit like this which has a huge impact for people in rural areas and underdeveloped countries?
This is a common, but terrible argument. Anyone can (mis)use, make, or weaponise technology given enough time and funding. Following this reasoning to its logical extreme, nobody should ever do anything.
The problem something like this solves is to raise the bar somewhat and discourage a fraction of those who would.
I like the idea, but they should have called it something else instead of ‚usename‘. Maybe ‚connection string‘ or ‚discovery phrase‘. Right now they have to explain at length in what ways it’s different from regular usernames.
European quotation marks commonly have the left one down low and the right one up high. The same applies for single quotes. But using comma-backtick is deeply unorthodox.
To give a definite answer to the discussion below - it seems Czech, Slovak, German, Slovenian and Croatian sometimes use this format. Here an authoritative source: the EU publications office:
HellDivers 2 LFG rn is all about sharing Friendcodes... you can get a ton of them on discord or reddit... but then you end up haveing a "friendcode" cybermentally-distributed DNS system for them over time.
Six degrees will still exist.
(funny weird thing is that with HD2's server issues due too demand, one way to harvest this would be to create a fake LFG host game and have tons and tons of accounts bang against your HellDiver-Pot - and get whatever you can scrape from that?
---
OK - I actually went down this hole the other daty... you look at the reddit thread on helldrivers for LFG - or the discord...
So on reddit, you just put .json at end of thread - DL the entire thread as json, now you have reddit id, location, play style, etc, details AND their friendcode on HD2...
but since they can individually generate random friend codes on any game/system that allows such... you have a breadcrump (with enough attention span to just correlate all the shared info between these friend codes and data received...
still - even with random friend codes - six degrees is still available, easily.??
---
I deeply hope they do a Tech Talk on the post-mortem of this lauch success spiral - its fascinating....
But one thing I am really interested in, this is based on the Autodesk Engine, I know they co-dev-dog-fooded, but I hadnt really known of this engine at all... what little I do know, is that - its amazing...
But I'd really like to know more about the arch and overall traffic flows etc of this game.
Its beautiful see "problems" like this explode in like ~2 weeks.
What do internet traffic graphs look like since growth, per carrier?
My reaction to the article was that they're using a lot of words to explain this change. That suggested to me that maybe they aren't being completely candid.
I've never used Signal, because (a) I don't want to rely on a smartphone, and (b) I don't want to use my phone-number as my ID, because it's traceable. I can't work out from the TFA verbiage whether this change addresses my concerns or not. That in itself is concerning, to me.
They also missed the opportunity, like many times they have done over the years, to actually make it something rather like 'Hide My Number' in true sense, after spending years sitting on this feature. That would have been the true case of "caring for privacy". This is just a lazy (too lazy!) copy from Telegram (however, with one good thing -- getting rid of username vanity)
Unfortunately, spam exists and phone verification is one of the least-bad-way to ensure that the user is a real person (there are other options, but it really is one that has many advantages).
Given that Signal does not have access (by design) to much information about their users when they use the service, they can't really fight spam once accounts are created. You could do spam detection on the client and privacy-preserving voting in order to ban spammers, but the UX would be very poor and that opens a whole new can of worms.
This reasoning doesn't make sense to me. A spammer can make an account, but how would they contact me if they don't know my account handle?
Even if that leaks, the handle should be changeable, and the spam issue could be completely mitigated by having a tab for first time "message requests" separate from the normal inbox.
I can't take a private messenger seriously when they require an identifier that's linked to your government-issued ID in many parts of the world.
They're resilient to spam, but often impossible to recover.
I had a spare SIM card that friends and family use when visiting from abroad. It's been unused for 90 days and has been deactivated. The number is lost, and irrecoverable. A friend had created a (second) Signal account with this number and can no longer log into new devices.
As a more mundane example: If I accidentally drop my phone into a river, the SIM is gone forever, and so is that line.
Sure, you can have a contract line which allows recovery. Depending on where you live, these can be several times more expensive than a regular pre-paid line.
Apart from Spam, phone number is also one of the few unique identifiers, which is valuable to, among other things, to ID you cross-channel and show you ads.
It is easy to create a new email, but not so easy to create and keep a new phone-number.
I've been a Signal beta tester on iOS for as long as I remember, knowing that they were going to introduce usernames, and I wanted to get my (relatively common) name as my username. Now they finally introduced it, but they require it to end in at least 2 digits "a choice intended to help keep usernames egalitarian and minimize spoofing".
Edit: this is not actually a serious problem for me, don't worry! Rather, I think it's funny. And honestly I kind of like having the numbers required, it's a good idea. It does remove a lot of the vanity from usernames.
It's a brilliant design choice. At first I was like "What?" and now the more I think about it, the more I realize it is an absolute genius move.
People need to get trained out of (even informally) assuming they can identify someone because their username looks familiar, and this is a great way to do it.
> more or less completely eliminates “vanity names” and the “value”
With notable exceptions, i’m sure, being username69 and username420 and a few others (a similar phenomenon happened in magic the gathering, when they introduced limited edition 500 print runs of cards with the serial number stamped on them, and the only ones you can really sell or command a good price for are 1, 69, 420 and 500)
I can't wait to talk to elonmusk420! I'm sure it'll be the real Elon. His online antics are such anyone with that username will instantly trigger Poe's Law. Getting rid of phone numbers as identifiers is a good idea but I think it would be better to just assign user IDs or generate hashes based on user inputs or something.
> generate hashes based on user inputs or something.
Because friend codes were so popular on Nintendo.
Hey add me real quick, my id is 12716472-83647281746-8172649! Or use the hash code, 0x28A56ED9! Super easy to remember, way better than giantrobot22 or vel0city66.
Usernames are only used for the initial connection, so "getting" a username doesn't really gain you anything other than the "username" you give to people who don't already have you as a contact: "a username is not the profile name that’s displayed in chats, it’s not a permanent handle, and not visible to the people you are chatting with in Signal"
I'd settle for full sync of chats between my own devices. If I can sync between my laptop and my phone, that's sufficient, since I already back up my laptop.
I don't want backups for IM. I don't want my counter-parties to have backups for e2e encrypted IM. I don't want IM to last. Why record every conversation on your permanent record? It's nuts.
For me, having a searchable record of everything said defeats the whole purpose if IM and e2e encryption. I'm sure the NSA like it.
The lack of any kind of backup/export for iOS is the main thing keeping me from recommending Signal.
Sadly, from what I’ve seen in similar threads online, it seems the devs are opposed to backups in principle (they believe that chats should be ephemeral and backing up is antithetical to this).
I‘ll take it. Even offline backups would be an improvement.
For people worried about having not consented to other peoples backup. They could implement ephemeral-only chats, or backup-excluded chats where both parties have to agree to changes.
If I understand correctly it’ll still not be possible to create an account without entering a phone number?
For me this is a requirement to call a service a private service because in Germany at least every phone number is connected with a persons identity. To get a phone number you need to connect it to an identity using a identity card
Here in Thailand it's the same but phone numbers get recycled and expire very aggressively. I just got a new phone number and I can login to many platforms of some 20 year old guy who really likes pc gaming.
Phone numbers should have NEVER became an ID. Incredibly hypocritical of Signal to claim "privacy focus" when the lowest layer of the system is literally the least secure identification method we have.
I had two SIM cards dedicated to online crap - one for important stuff like banking, another for social media and such.
both have expired after ≈ 3 months of inactivity, when my 2 week trip unexpectedly took 4 months. those SIM cards weren't physically inserted into my phone - I used to do that once a month to call someone and get billed a few cents so it would remain active, until that trip.
there's no way to get those phone numbers back and it's been an enormous pain the dick. I hate this fucking system, but I hate the fact that fucking everything requires a phone number even more.
in Germany at least every phone number is connected with a persons identity. To get a phone number you need to connect it to an identity using a identity card
Personally, I am totally baffled by this.
Due in large part to C3's positive influence, Germany is at the forefront of privacy issues and legislation on so many areas, except for this one, which ends up turning into a massive backdoor in the whole edifice. Okay, we can't ask for a copy of your identification card... we'll just use a telephone number or SIM code or something trivially tied back to your IMSI (like an app store account or IMEI) instead. Because of the absurd 2017 law, these are equivalent to your government ID card.
I really don't understand why Germans put up with this while simultaneously pushing so hard for positive changes in every other aspect of online privacy. Especially when so many other developed Western countries do not tie SIM cards to identities: Netherlands, Denmark, Finland, Iceland, Ireland, US, UK, Canada, and many many others.
It's like a giant `sudo gimme-your-identity` backdoor in all the other data collection protections. And nobody seems to care about closing the backdoor.
It wasn't always like this - the requirement to give your ID to get a SIM card, as you noted, was only introduced in 2017 (though it certainly feels way longer ago for me).
Anyways - why does nobody care?
Simple: most don't feel this being an issue.
Some may even say that they "don't have anything to hide" and there goes the erosion of privacy, bit by bit - by the time someone notices "ok, this may become a problem" - it'll be too late :(
On the flip side, SMS fraud is almost nonexistent from German mobile numbers, which is why scammers just send from other countries to German mobile phone owners. Mostly from France.
This is a fundamentally different problem for a fundamentally different audience.
If we take privacy issue, it can be divided into 3 segments:
* Privacy of user data. The basic level. When you use Google or Apple, they collect data. Even if you minimize all settings — data is still collected. This data is used to train models and models is used to sell ads, target you or do anything else you have no clue about (like reselling it to hundred of “partners”).
* Privacy against undesired identification. Next layer of privacy. When you want to have some personal life online without sharing much about you. Like Reddit, anonymous forums, or Telegram (to some degree).
* Privacy against governments. The ultimate boss of privacy. When you want to hide from all governments in the world your identity.
Signal was perfect at first layer strong but not perfect at 3rd layer (e2e encryption, no data collection to share nothing with governments who seek for data, good privacy settings, always tell you if your peer logged to new device to protect from cases when government operates with telecom companies and use sms password to make a new login), and almost non present at 2nd because they have no public features except group chats where you share your number.
Now they in one move close gaps at 2nd layer — you can hide phone number and stay fully anonymous, and strength their positions in 3rd layer, leaving the last piece open: government still will know that you have some Signal account.
As for me, this setup solves 99,999% cases for regular people in democratic and semi-democratic countries and address the most fundamental one: privacy of data and actions online.
Yes it is not perfect but barrier for government to spy on me is that high that I reasonably can believe that in most cases you should never be worried about being spied, especially if you live in some places which are named not as Iran or Russia.
The only scenario, in my perspective, you can want to have a login without phone (with all sacrifices to spam accounts, quality of peers and usual troll fiesta in such places) is when you want to do something you don’t want ever be found in your current country.
But in this case, IMO, Signal is the last worry you usually have on your mind and there are a lot of specialized services and protocols to address your need.
1,2 and in part 3 were already fixed with the Signal FOSS fork back then, but Moxie and his army of lawyers decided to send out multiple cease and desist letters against those projects. Which, in return, makes Signal not open source, no matter what the claims are. If they don't hold up their end of the license and argue with their proprietary (and closed to use) infrastructure then I'd argue they are no better than Telegram or WhatsApp. Signal's backup problem is another story which might blow up my comment too much.
Because of your mentioned points I would never recommend Signal, and rather point to Briar as a messenger and group/broadcast platform. Currently, it's still a little painful to use and e.g. QR Codes would already help so much with easing up the connection and discovery/handshake process.
But it has huge potential as both a messenger and a federated and decentralized platform.
Just use Wire (wire.com). True end to end encrypted multi device messenger, open source, federated and based on MLS. All you need is an email address, no phone number required. And based in Europe. They allow building your own clients (with some stipulations) and seem to solve everyone’s issues with signal here
I think it is a holdover from the Text Secure days. And like others say, it's a different problem.
But for solutions, can't you just buy a voip number? You just need it for registration and then can dump it. I'm sure you can buy one with cash or zcash if you're really paranoid.
While in the US I don't have to show my gov ID to get a phone number, I don't know anyone who buys a phone with cash except international students. So practically everyone is identifiable anyways. But I'm not sure this is a deal breaker since all I'm leaking is that I have registered a Signal account. AFAIK Signal only has logs of an account existing and last online with 24hr resolution (which avoids many collision deanonymization methods). Even paying with cash is hard as I'm probably caught on camera (but these usually get flushed).
So I'm legitimately curious, why is this a dealbreaker? It doesn't seem like a concern for the vast majority of people, and the problem Signal is solving is secure communication for the masses, not the most secure method possible with unbounded complexity. It's being as secure as possible while being similar in complexity to the average messenger.
> But for solutions, can't you just buy a voip number?
No, how would my uncle in the countryside of Vietnam do that? He doesn't have a credit card -- not many here do. He doesn't speak English -- can you find a website that sells voip numbers in Vietnamese? Buying a voip number from a provider in Vietnam has the same exact KYC requirements as buying a SIM, so it is still tied to your government ID and registered forever.
Also buying a VOIP for 1 month costs something like $10 from a quick Google. Average salaries are like $1.50/hour. Nobody is going to pay an entire day's salary to buy an VOIP number they throw for a month just so they can register anonymously for chat.
So, not you can't "just" buy a voip number unless you're a rich Westerner. But who needs privacy more? People in liberal democracies or people in places like Vietnam (literally an authoritarian country where people are routinely imprisoned for speaking against the government)?
> I don't know anyone who buys a phone with cash except international students.
Everyone buys a phone with cash here because few people have credit cards, since there is no such thing as "credit ratings" and it is easy for people to disappear from their debts. There are more people in Vietnam than any country in Europe. We all use smartphones and messenger apps here, too.
Why do you need a German phone number? Many countries let anyone have a phone number, with no proof of address or other identifying information. Just use one of those numbers instead. One example service is https://jmp.chat/ but there are many others.
This is not correct. Go to a phone booth, get Signal, never need the phone number again. Any phone will do. Get a phone number from a different country online and without identity check, who cares, you will never need it again.
Partially off-topic: I've always found this German requirement baffling. In the Netherlands you can just buy a SIM card at a supermarket and pay cash. No identity, nothing.
This is the case in most countries these days. There are very few places left where you can get a mobile phone number without identifying yourself at some point.
> ... but then Signal wouldn't have your phone number either. What they need it for is ... dubious if you ask me.
The reasons they need it aren't really that dubious to me: they want to create a service that actual people will actually use, not just weird privacy geeks who never gave up on PGP. Using phone numbers allows for the kind of user discovery that most people expect in 2024, and requiring them inserts a barrier to mass account creation that can keep spam accounts down to a manageable level (especially given the whole point is they can't do content-based spam-filtering in the way that makes email managable).
Personally, my understanding is they've always been trying to develop the maximally private usable chat app, which requires some compromises from the theoretically maximally private chat app.
The claim (which generally I'm inclined to believe) is that requiring a phone number drastically increases the cost to sending spam. That in turn drastically reduces the spam amount.
What they need it for is simply that it's the way the system has always worked, because Signal started life as an encrypted replacement for SMS. The point was that you could switch from the standard SMS app you were already using over to Signal (which was called "TextSecure" at the time) without having to change your habits, because sending messages to people's phone numbers was simply what people did then. There's nothing nefarious about it.
I could certainly point out the differences, but the fact that you yourself aren’t acknowledging them indicates to me that you’re throwing intellectual integrity out the window because this product doesn’t work in the way that you want it to work. Engineering is about tradeoffs, and not every company serves to build something that does exactly what YOU want it to. I prefer Signal the way it is. I understand the tradeoffs.
They are not usernames, so why do they call them that? They are more like disposable per-conversation identifiers.
"Usernames in Signal do not function like usernames on social media platforms. Signal usernames are not logins or handles that you’ll be known by on the app – they’re simply a quick way to connect without sharing a phone number."
Also, this is not finally the feature Signal users actually want - not having to sign up for Signal with a phone number and using a username instead.
This new "feature" does very little to make signal more secure or private.
It does, because instead of having to share your phone number to Signal + all your contacts, you can share it with Signal only. It is an improvement. It doesn't address the case where you are not willing to share your phone number to Signal, but it addresses the case where you tolerate it but would like to discuss with someone with whom you'd rather not share your number.
I hope it will allow creating groups without forcing members to have their phone numbers shared with everyone.
That was my first thought too. It's stupidly confusing to call something that acts nothing like a username a username. They clearly know that given the number of times they clarify how they work. Here's another:
> Note that a username is not the profile name that’s displayed in chats, it’s not a permanent handle, and not visible to the people you are chatting with in Signal. A username is simply a way to initiate contact on Signal without sharing your phone number.
It's absolutely a username. It can be changed arbitrarily whenever you like, and you'll probably in the future be able to have more than one name for the same underlying account, but it's still a username.
Other services do this too. For instance, you can sign up for some services with an email, and that's what you use to sign in, and you might be able to find other people by email if they let you, but you don't necessarily get shown someone's email on their profile, just the display name in their profile. And (in a well-designed service) you can change your email address at any time.
Because a regular person, being given not a number for something, is going to call it a username.
Later explaining "you can have multiple usernames" is easier then trying to undo that conception. People are familiar with it. Your username is how you identify yourself on the computer in every context when it's not obviously your phone number.
> Also, this is not finally the feature Signal users actually want - not having to sign up for Signal with a phone number and using a username instead.
Agreed. I don't own a phone of any kind, and would love to use Signal, but alas I can't because you need a telephone number, or a level 65 Necromancer to do the magic to sign up without it.
Is it? On Twitter and discord people see a different name than my username. Username tends to be more for connection and display name for identification. While I get the argument I don't see why this is a big deal.
Doesn't seem "disposable per-conversation" in my reading of the announcement. Seems like a permanent username that just doesn't get featured in the conversation.
>Your profile name remains whatever you set it to.
It's not really permanent - you can change it as much as you want. Once someone has established a connection with you via your username once, that connection will still exist even if you change your username.
Readit News
I hope moving forward we can have multiple usernames and profiles. This would greatly increase privacy since we may have different identities in different social groups. Even on HN a lot of us have multiple personas. I find one of the big challenges is actually handling these different identities as most software only assumes you have one. Though it seems to be common on social media like twitter or instagram. But bitwarden still doesn't know how to differentiate microsoft logins lol
Edit: I'd love in the future to also see things like self destructing or one time links. I don't think these should be hard to implement, especially if one can have multiple usernames. Certainly a limit like 3 would be fine with the numbers, right? Personally I wouldn't be upset if multiple names became a premium feature but I'd strongly prefer if it wasn't. I get that signal still needs money (https://news.ycombinator.com/item?id=39446053)
To be fair to Bitwarden even Microsoft doesn't know how to differentiate between multiple Microsoft logins. As of at least a year ago, you can technically have different logins with the same username/email identifier, and different login prompts will behave differently.
They also are real shady with yubikeys. You can't set them as default but you can set "security key." So the process ends up being it assuming you want to use Hello (which breaks my Outlook... wtf), clicking use another device, security key, clicking next, then finally typing in your credentials. The next part makes me real suspicious since all the other dialogues go to the next page without clicking next. Why just this page? It's some weird dark pattern bs.
I'd call it malicious, but I think maliciousness requires intent. A chicken running around with its head cut off isn't really malicious if it runs into you.
I’d call them bugs, but they’ve been reported and didn’t get fixed.
I do wonder how telegram and signal are planning to finance it long term. Telegram is adding absurd paid features like exclusive animations, which won't earn nearly enough to cover the costs.
I wonder where signal is about keeping the servers up, since they hate federation so much.
Telegram is good, as you mention, to be relatively private in groups/chats/channels without a need to expose neither your phone nor even a nickname (unless you live in autocratic countries — will come to this later).
But it comes with costs. First, their p2p communication is not e2e encrypted by default. Not to say that all comments/group chats are not encrypted too, unlike let’s say WA.
Second, Telegram API. It gives too much information. You can do a lot with it: read history, track changes of usernames, etc. For example, it is quite easy to obtain an internal user ID and there are black market services and databases where they promise to connect that ID with phone number if that account ever had privacy settings switched off in the past.
Claimed that they kind of scrape all accounts and pair ID for those where privacy settings set poorly. Even if you change it later — your internal ID and that scrape will state forever.
Third, Telegram was funded by Russian government since Durov had issues with SEC. He raised money from different Russian state-owned banks like VTB, issued bonds which are traded in Saint-Petersburg stock exchange, and even take some money directly from Russian government though a Qatar proxy-company. Not to say, that there are cases when TG was involved in criminal charges against people (the most famous one is story with Ryanair plane being forced to land in Minsk to arrest Lukashenko’s critique) and it was never directly addressed and explained by company how exactly those people was caught and how company protect against “SIM card replacement” cases (Signal at least inform me everytime my peer logged to new device).
Selecting between Signal with AFAIK no known cases of charges in dictatorship countries like Russia, funded by non-profitable charity, and TG without default e2e encryption, public API and Russian-state funding, is quite obvious for me.
They also make it difficult to hide your pseudo identity from your phone contacts. I’ve had all the “discover contacts” settings turned off, and simply reinstalling the app caused people to be given my username without my consent. Settings somehow magically switched themselves back on and I couldn’t turn them off until after the damage was done.
There was no confirmation prompt. Pretty sure this happened to me more than once.
Please don’t ever compare Telegram with Signal.
https://signal.org/blog/signal-is-expensive/
Deleted Comment
I didn't realize my comment rose to the top. When I had written this I had also written this comment[0] which was the grandchild of the top comment at the time. It has a bit more details on my thoughts/reservations of federation. tldr is mostly about avoiding centralization. This remains an open problem and I think it is far too easily dismissed. But federation isn't solving the problems people want it to if it's federated like email and web browsers. That's just mostly centralization with all the headaches of federation.
And to anyone complaining about lack of federation, what's stopping you from running your own Signal server? Sure, it won't connect to the official channel, but is that a roadblock? Even Matrix started with one server. This is a serious question, is there something preventing this? Because if the major problem with Signal is lack of federation, I don't see why this is not solvable building off of Signal and not needing to create a completely different program. Who knows, if it becomes successful why wouldn't Signal allow a bridge or why can't apps like Molly allow access to both the official and federated networks?
[0] https://news.ycombinator.com/item?id=39446183
> Each version of the Signal app expires after about 90 days, after which people on the older version will need to update to the latest version of Signal. This means that in about 90 days, your phone number privacy settings will be honored by everyone using an official Signal app.
Which is also an example of a challenge for open ecosystems where everyone can create apps.
I understand that it doesn't outweigh the benefits to everyone, but it is a valid reason.
My understanding is that Signal (the app) is private, not anonymous, centralized, and closed.
The underlying protocol is open and could be used for an open ecosystem, but I didn't think Signal aspired to do that.
The important distinction is that it's not decentralized like XMPP or email, which is a conscious decision: it would become very difficult to change it to add new features and they'd be left behind by closed-source competitors (see: XMPP).
You are right about that. There used to be an open source build called LibreSignal
Moxie Marlinspike made clear [1]: You may inspect the code. You are even allowed to compile it. You are not allowed to connect your self compiled client to our message servers. We are not interested in a federated protocol. Make sure your fork creates its own bubble that does not overlap with Open Wisper Systems. Stop using the name Signal.
[1] https://github.com/LibreSignal/LibreSignal/issues/37#issueco...
https://github.com/signalapp/Signal-Androidhttps://github.com/signalapp/Signal-Server
There are forks like Session which doesn't require a phone number to sign up
https://github.com/oxen-io/session-android
It's private, centralised and the network is closed (e.g.: non-federated), but the source code is public and open source. I think that for the server implementation they do code dumps every once in a while, rather than continuously keep it public.
My mom couldn't receive signal calls on the backup phone I gave her. I had disabled auto-updates since apps break UI sometimes and she gets confused by things moving around.
When I visited, I opened the signal app and was told I had to update.
The Signal team is incredibly clueless and arrogant toward its userbase. It seems to simply not have occurred to them that many people rarely/never have wifi, may not be on AC power when they are on wifi which means the phone may not check for / apply updates, etc.
In the US, cellular is often expensive and slow.
In underdeveloped countries where software like Signal could be really important, all this is even more true.
We get shit crammed down our throats to protect the most obscure edge cases for the smallest percentage of the most vulnerable users - such as not being able to sync messages between devices - but then they pull shit like this which has a huge impact for people in rural areas and underdeveloped countries?
I have not investigated this at all, but I have enough faith in Signal/Whisper Systems to be optimistic.
The problem something like this solves is to raise the bar somewhat and discourage a fraction of those who would.
Done right, that fraction will be significant.
https://op.europa.eu/en/web/eu-vocabularies/formex/physical-...
Six degrees will still exist.
(funny weird thing is that with HD2's server issues due too demand, one way to harvest this would be to create a fake LFG host game and have tons and tons of accounts bang against your HellDiver-Pot - and get whatever you can scrape from that?
---
OK - I actually went down this hole the other daty... you look at the reddit thread on helldrivers for LFG - or the discord...
So on reddit, you just put .json at end of thread - DL the entire thread as json, now you have reddit id, location, play style, etc, details AND their friendcode on HD2... but since they can individually generate random friend codes on any game/system that allows such... you have a breadcrump (with enough attention span to just correlate all the shared info between these friend codes and data received...
still - even with random friend codes - six degrees is still available, easily.??
---
I deeply hope they do a Tech Talk on the post-mortem of this lauch success spiral - its fascinating....
But one thing I am really interested in, this is based on the Autodesk Engine, I know they co-dev-dog-fooded, but I hadnt really known of this engine at all... what little I do know, is that - its amazing...
But I'd really like to know more about the arch and overall traffic flows etc of this game.
Its beautiful see "problems" like this explode in like ~2 weeks.
What do internet traffic graphs look like since growth, per carrier?
Its a code, inviting other people to speak to you.
My reaction to the article was that they're using a lot of words to explain this change. That suggested to me that maybe they aren't being completely candid.
I've never used Signal, because (a) I don't want to rely on a smartphone, and (b) I don't want to use my phone-number as my ID, because it's traceable. I can't work out from the TFA verbiage whether this change addresses my concerns or not. That in itself is concerning, to me.
Regarding (b), yeah that's still a bummer, though, depending on your country of residence, you can get throwaway SIM cards for free and use that.
Dead Comment
Why is it so hard for Signal and Telegram to not require a phone number as an account identifier?
I don't need to verify anything by phone or even email. If I lose the password, the account is lost, so be it. I'll create a new one.
If I really want to, then I'll set up email/phone.
Given that Signal does not have access (by design) to much information about their users when they use the service, they can't really fight spam once accounts are created. You could do spam detection on the client and privacy-preserving voting in order to ban spammers, but the UX would be very poor and that opens a whole new can of worms.
Even if that leaks, the handle should be changeable, and the spam issue could be completely mitigated by having a tab for first time "message requests" separate from the normal inbox.
I can't take a private messenger seriously when they require an identifier that's linked to your government-issued ID in many parts of the world.
I had a spare SIM card that friends and family use when visiting from abroad. It's been unused for 90 days and has been deactivated. The number is lost, and irrecoverable. A friend had created a (second) Signal account with this number and can no longer log into new devices.
As a more mundane example: If I accidentally drop my phone into a river, the SIM is gone forever, and so is that line.
Sure, you can have a contract line which allows recovery. Depending on where you live, these can be several times more expensive than a regular pre-paid line.
It is easy to create a new email, but not so easy to create and keep a new phone-number.
Edit: this is not actually a serious problem for me, don't worry! Rather, I think it's funny. And honestly I kind of like having the numbers required, it's a good idea. It does remove a lot of the vanity from usernames.
People need to get trained out of (even informally) assuming they can identify someone because their username looks familiar, and this is a great way to do it.
With notable exceptions, i’m sure, being username69 and username420 and a few others (a similar phenomenon happened in magic the gathering, when they introduced limited edition 500 print runs of cards with the serial number stamped on them, and the only ones you can really sell or command a good price for are 1, 69, 420 and 500)
Because friend codes were so popular on Nintendo.
Hey add me real quick, my id is 12716472-83647281746-8172649! Or use the hash code, 0x28A56ED9! Super easy to remember, way better than giantrobot22 or vel0city66.
Unless I got the wrong end of the stick, that's exactly what they are not doing.
Or tons of (mistaken) conversation requests?
... notes HN user jenny91
I don't want backups for IM. I don't want my counter-parties to have backups for e2e encrypted IM. I don't want IM to last. Why record every conversation on your permanent record? It's nuts.
For me, having a searchable record of everything said defeats the whole purpose if IM and e2e encryption. I'm sure the NSA like it.
Reasonable people may differ on it.
That's not your choice to make.
The encryption key is in cleartext on desktop and the SQLite db is right next to it: ~/Library/Application Support/Signal/config.json
Sadly, from what I’ve seen in similar threads online, it seems the devs are opposed to backups in principle (they believe that chats should be ephemeral and backing up is antithetical to this).
"No one can read your chats, including you." — Signal
For people worried about having not consented to other peoples backup. They could implement ephemeral-only chats, or backup-excluded chats where both parties have to agree to changes.
For me this is a requirement to call a service a private service because in Germany at least every phone number is connected with a persons identity. To get a phone number you need to connect it to an identity using a identity card
Phone numbers should have NEVER became an ID. Incredibly hypocritical of Signal to claim "privacy focus" when the lowest layer of the system is literally the least secure identification method we have.
I had two SIM cards dedicated to online crap - one for important stuff like banking, another for social media and such.
both have expired after ≈ 3 months of inactivity, when my 2 week trip unexpectedly took 4 months. those SIM cards weren't physically inserted into my phone - I used to do that once a month to call someone and get billed a few cents so it would remain active, until that trip.
there's no way to get those phone numbers back and it's been an enormous pain the dick. I hate this fucking system, but I hate the fact that fucking everything requires a phone number even more.
Personally, I am totally baffled by this.
Due in large part to C3's positive influence, Germany is at the forefront of privacy issues and legislation on so many areas, except for this one, which ends up turning into a massive backdoor in the whole edifice. Okay, we can't ask for a copy of your identification card... we'll just use a telephone number or SIM code or something trivially tied back to your IMSI (like an app store account or IMEI) instead. Because of the absurd 2017 law, these are equivalent to your government ID card.
I really don't understand why Germans put up with this while simultaneously pushing so hard for positive changes in every other aspect of online privacy. Especially when so many other developed Western countries do not tie SIM cards to identities: Netherlands, Denmark, Finland, Iceland, Ireland, US, UK, Canada, and many many others.
It's like a giant `sudo gimme-your-identity` backdoor in all the other data collection protections. And nobody seems to care about closing the backdoor.
Anyways - why does nobody care?
Simple: most don't feel this being an issue.
Some may even say that they "don't have anything to hide" and there goes the erosion of privacy, bit by bit - by the time someone notices "ok, this may become a problem" - it'll be too late :(
That's the entirely wrong cause and effect.
The obvious root cause are a world war and the DDR.
If we take privacy issue, it can be divided into 3 segments:
* Privacy of user data. The basic level. When you use Google or Apple, they collect data. Even if you minimize all settings — data is still collected. This data is used to train models and models is used to sell ads, target you or do anything else you have no clue about (like reselling it to hundred of “partners”).
* Privacy against undesired identification. Next layer of privacy. When you want to have some personal life online without sharing much about you. Like Reddit, anonymous forums, or Telegram (to some degree).
* Privacy against governments. The ultimate boss of privacy. When you want to hide from all governments in the world your identity.
Signal was perfect at first layer strong but not perfect at 3rd layer (e2e encryption, no data collection to share nothing with governments who seek for data, good privacy settings, always tell you if your peer logged to new device to protect from cases when government operates with telecom companies and use sms password to make a new login), and almost non present at 2nd because they have no public features except group chats where you share your number.
Now they in one move close gaps at 2nd layer — you can hide phone number and stay fully anonymous, and strength their positions in 3rd layer, leaving the last piece open: government still will know that you have some Signal account.
As for me, this setup solves 99,999% cases for regular people in democratic and semi-democratic countries and address the most fundamental one: privacy of data and actions online.
Yes it is not perfect but barrier for government to spy on me is that high that I reasonably can believe that in most cases you should never be worried about being spied, especially if you live in some places which are named not as Iran or Russia.
The only scenario, in my perspective, you can want to have a login without phone (with all sacrifices to spam accounts, quality of peers and usual troll fiesta in such places) is when you want to do something you don’t want ever be found in your current country.
But in this case, IMO, Signal is the last worry you usually have on your mind and there are a lot of specialized services and protocols to address your need.
Because of your mentioned points I would never recommend Signal, and rather point to Briar as a messenger and group/broadcast platform. Currently, it's still a little painful to use and e.g. QR Codes would already help so much with easing up the connection and discovery/handshake process.
But it has huge potential as both a messenger and a federated and decentralized platform.
I use Signal because I am a "nothing to hide and I like to own my privacy as much as possible" type online person.
Signal == more peace of mind just generally in this online world we have.
That isn't true anymore and hasn't been for years. Signal collects your data and keeps it forever in the cloud.
This sounds like a bunch of bullshit.
But for solutions, can't you just buy a voip number? You just need it for registration and then can dump it. I'm sure you can buy one with cash or zcash if you're really paranoid.
While in the US I don't have to show my gov ID to get a phone number, I don't know anyone who buys a phone with cash except international students. So practically everyone is identifiable anyways. But I'm not sure this is a deal breaker since all I'm leaking is that I have registered a Signal account. AFAIK Signal only has logs of an account existing and last online with 24hr resolution (which avoids many collision deanonymization methods). Even paying with cash is hard as I'm probably caught on camera (but these usually get flushed).
So I'm legitimately curious, why is this a dealbreaker? It doesn't seem like a concern for the vast majority of people, and the problem Signal is solving is secure communication for the masses, not the most secure method possible with unbounded complexity. It's being as secure as possible while being similar in complexity to the average messenger.
No, how would my uncle in the countryside of Vietnam do that? He doesn't have a credit card -- not many here do. He doesn't speak English -- can you find a website that sells voip numbers in Vietnamese? Buying a voip number from a provider in Vietnam has the same exact KYC requirements as buying a SIM, so it is still tied to your government ID and registered forever.
Also buying a VOIP for 1 month costs something like $10 from a quick Google. Average salaries are like $1.50/hour. Nobody is going to pay an entire day's salary to buy an VOIP number they throw for a month just so they can register anonymously for chat.
So, not you can't "just" buy a voip number unless you're a rich Westerner. But who needs privacy more? People in liberal democracies or people in places like Vietnam (literally an authoritarian country where people are routinely imprisoned for speaking against the government)?
> I don't know anyone who buys a phone with cash except international students.
Everyone buys a phone with cash here because few people have credit cards, since there is no such thing as "credit ratings" and it is easy for people to disappear from their debts. There are more people in Vietnam than any country in Europe. We all use smartphones and messenger apps here, too.
What if I lose my phone and want to login again on a new one. Don't they send a verification code to the number again?
Deleted Comment
The reasons they need it aren't really that dubious to me: they want to create a service that actual people will actually use, not just weird privacy geeks who never gave up on PGP. Using phone numbers allows for the kind of user discovery that most people expect in 2024, and requiring them inserts a barrier to mass account creation that can keep spam accounts down to a manageable level (especially given the whole point is they can't do content-based spam-filtering in the way that makes email managable).
Personally, my understanding is they've always been trying to develop the maximally private usable chat app, which requires some compromises from the theoretically maximally private chat app.
Dead Comment
"Usernames in Signal do not function like usernames on social media platforms. Signal usernames are not logins or handles that you’ll be known by on the app – they’re simply a quick way to connect without sharing a phone number."
Also, this is not finally the feature Signal users actually want - not having to sign up for Signal with a phone number and using a username instead.
This new "feature" does very little to make signal more secure or private.
I hope it will allow creating groups without forcing members to have their phone numbers shared with everyone.
> Note that a username is not the profile name that’s displayed in chats, it’s not a permanent handle, and not visible to the people you are chatting with in Signal. A username is simply a way to initiate contact on Signal without sharing your phone number.
Other services do this too. For instance, you can sign up for some services with an email, and that's what you use to sign in, and you might be able to find other people by email if they let you, but you don't necessarily get shown someone's email on their profile, just the display name in their profile. And (in a well-designed service) you can change your email address at any time.
Later explaining "you can have multiple usernames" is easier then trying to undo that conception. People are familiar with it. Your username is how you identify yourself on the computer in every context when it's not obviously your phone number.
Agreed. I don't own a phone of any kind, and would love to use Signal, but alas I can't because you need a telephone number, or a level 65 Necromancer to do the magic to sign up without it.
* Magic: https://www.techbout.com/use-signal-without-phone-number-sim...
Why are then not just random when you go to the share screen.
No real reason to let a person pick it
>Your profile name remains whatever you set it to.
Spam is indeed a hard problem to solve, but the issuance of phone numbers is not designed to be used as human identification.