99
Is Signal messaging really private? (lemmy.ml)
submitted 1 day ago by harfang@slrpnk.net to c/privacy@lemmy.ml
105 comments fedilink hide all child comments

As Signal get your phone number. Can we considerate this application as private ? What's your thoughts about it ? I'm also using SimpleX, ElementX, Threema, but not much people using it...

Cheers

top 50 comments
sorted by: hot top controversial new old
[-] SusanoStyle@lemmy.ml 1 points 50 minutes ago

Since we are on the topic of signal.. im not tech saviie but i have read lots of blogs and people about how secure is the signal protocol. My question is .. how can i be sure that the protocol is implemented as the open source code shows? Please correct me if im wrong but from what i read on their website the apk they provide has the capability to update itself at anytime. So what stops them to change how it works with an update? is it posible to build the apk yourself and stop the ability to update?

[-] Core_of_Arden@lemmy.ml 1 points 1 hour ago

https://github.com/signalapp/Signal-Android/issues/8974

[-] MrSulu@lemmy.ml 17 points 10 hours ago

Right now, for the wider population, it it a heaven sent option compared to Whatsapp, FB messenger etc. Break those bonds first and keep the wheel turning.

[-] sifar@lemmy.ml 8 points 10 hours ago

With the phone number, no; and since there's no Signal usage without a phone number, well…. Also, I think somewhere on their website (or some place) they talked about burner phones as if it's a universal phenomena.

Signal has felt "out of place" to me. Odd. It doesn't fit in, doesn't make sense if I think a bit farther about it.

I hope something decentralised comes out of Signal protocol minus the need for a phone number.

[-] sqgl@sh.itjust.works 4 points 5 hours ago

SimpleX uses Signal tech AFAIK but without requiring phone number or email address.

[-] daniskarma@lemmy.dbzer0.com 3 points 6 hours ago

You are talking about session. Session is a signal fork, and you don't need phone number. But there is some concerns about its security as, in order to properly work, it removed some signal features, I'm not qualified enough to understand if it's truly a security risk or not. But the option to use it is there.

[-] deprecateddino@lemmy.world 2 points 4 hours ago

I used it for a couple years, but came back to signal because I had so many issues with media sharing.

[-] ganymede@lemmy.ml 11 points 12 hours ago* (last edited 12 hours ago)

Imo signal protocol is mostly fairly robust, signal service itself is about the best middle ground available to get the general public off bigtech slop.

It compares favorably against whatsapp while providing comparable UX/onboarding/rendevous, which is pretty essential to get your non-tech friends/family out of meta's evil clutches.

Just the sheer number of people signal's helped to protect from eg. meta, you gotta give praise for that.

It is lacking in core features which would bring it to the next level of privacy, anonymity and safety. But it's not exactly trivial to provide ALL of the above in one package while retaining accessibility to the general public.

Personally, I'd be happier if signal began to offer these additional features as options, maybe behind a consent checkbox like "yes i know what i'm doing (if someone asked you to enable this mode & you're only doing it because they told you to, STOP NOW -> ok -> NO REALLY, STOP NOW IF YOU ARE BEING ASKED TO ENABLE THIS BY ANYONE -> ok -> alright, here ya go...)".

[-] irotsoma 14 points 13 hours ago

Secure and private or anonymous are very different things and nearly impossible to do both at the same time and still make it user friendly. Signal is secure, not fully private or anonymous.

[-] Sims@lemmy.ml 6 points 13 hours ago

No, and they are supported by US gov (last check), so no good can come of that.

[-] harfang@slrpnk.net 2 points 10 hours ago

Do you've reference about it ?

[-] notarobot@lemmy.zip 1 points 6 hours ago

Even if it is, I don't think we should give the government the power to tell us what to not use. Otherwise they just pick any good projects, throw money at it, leak the data, and people jump to a less secure. Trust the code and nothing more

[-] jve@lemmy.world 4 points 9 hours ago

Quick googling comes up with only people refuting this claim.

Sure, we had signal gate, but the way that was received should make it pretty clear that it’s not supported for official use.

[-] sqgl@sh.itjust.works 3 points 5 hours ago

Not supported for official use because it leaves no trace for the formal record. Not because Signal is insecure.

[-] Core_of_Arden@lemmy.ml 3 points 11 hours ago

Signal has a backdoor - like many other apps. It's private in most situations but not for all... The backdoor is there, and as such, it will never be as secure and private as it could, or should, be...

[-] Evil_Shrubbery@thelemmy.club 12 points 9 hours ago* (last edited 9 hours ago)

Can you point it out so we can close it asap?
https://github.com/signalapp
(Iirc it's up to date?)

Thx!

(I'm critical of Signal, but "in this economy" is the best I can hope to switch my friends to.)

[-] Core_of_Arden@lemmy.ml 3 points 1 hour ago
[-] Evil_Shrubbery@thelemmy.club 3 points 1 hour ago

I don't understand this & need some explanations (I've heard about the dev, it's just USA stuff, much like Telegram mentioned Russian). Where exactly are the backdoors/the encryption compromised?

[-] herseycokguzelolacak@lemmy.ml 2 points 9 hours ago

The biggest security issue in Signal is the requirement for phone numbers and SIM cards. This basically forces all Signal users to identify themselves, and makes Signal highly vulnerable to government spying.

Can I get the ETA for fixing this?

[-] notarobot@lemmy.zip 6 points 5 hours ago

Requiring a Sim is not a backdoor and does not enable "spying". I does allow knowing who is on the platform, who talks to who, when, and probably some more metadata issues. But its not a backdoor

[-] Evil_Shrubbery@thelemmy.club 4 points 8 hours ago* (last edited 1 hour ago)

~~Afaik you don't need a phone number for Signal (a "username" can substitute it, a few years back they added it).~~ edit: you still do

(Also the phone number & IP was the security risk, not the messages, afaik.)

This however was a debate about a supposed backdoor (I otherwise agree about Signal & its USA basedness, I just remain glad it exists despite it ~~many~~few blemishes).

[-] notarobot@lemmy.zip 4 points 6 hours ago

You need a number to register, but not to comunicate

[-] herseycokguzelolacak@lemmy.ml 2 points 6 hours ago

try to get a Signal account without a phone number. let me know if it works (hint: it won't work).

[-] rumba@lemmy.zip 4 points 7 hours ago

I tried to make a new account for my child recently. You need a number. It wouldn't even work as a first signup on a wifi only tablet.

I tried to uninstall on my phone, set him up a new acct with a VoIP number then move the account to his tablet. It constantly failed when I uninstalled and put my account back on my phone.

You can only use one cellphone. Of you switch between two, it has to deactivate on the other.

Then you can have 4 or 5 other devices but that acct is tied to an activated cell phone and it gets screwy if you change that phone.

[-] deprecateddino@lemmy.world 4 points 3 hours ago

Molly (fork of Signal) allows you to use multiple phones https://github.com/mollyim/mollyim-android

[-] Evil_Shrubbery@thelemmy.club 2 points 5 hours ago* (last edited 59 minutes ago)

So those posts they implemented this were lies (meaning I obv didn't read attentively enough)?

Sad :(.

[-] rumba@lemmy.zip 3 points 2 hours ago

They implemented usernames to identify people so we could stop using numbers to find each other.

They still use numbers (cell and possibly device/network ids) they say to identify and secure (or so they say).

The idea is without access to your cell phone, nobody's going to get access to decrypt your data.

[-] Evil_Shrubbery@thelemmy.club 2 points 1 hour ago

Yeah, no, I get & like that, I just somehow specifically (obviously mis-)remember that they did away with phone number as a prerequisite for creating an account (everything still the same, just that the account can't be reset).

:(

[-] silasmariner@programming.dev 3 points 8 hours ago

Does it really? Iirc, you can determine: when the account was made, and when the last message was sent. This doesn't sound 'highly vulnerable' to me... Doesn't permit inspection of metadata e.g. contacts, so as vulnerabilities go it's pretty weak sauce

[-] herseycokguzelolacak@lemmy.ml 1 points 6 hours ago

A phone number uniquely identifies a person because in most of the world you need a government ID to get a phone number or a SIM card.

Which means that if one account is compromised, then everyone that person talked to is also compromised. You know what they talked with whom. It's an incredible security risk that Signal devs refuse to acknowledge or fix.

[-] silasmariner@programming.dev 10 points 11 hours ago

What are you referring to? I've read many security breakdowns of signal and nobody who knows what they're talking about has ever mentioned a back door

load more comments
view more: next ›
this post was submitted on 08 Sep 2025
99 points (100.0% liked)

Privacy

41573 readers
1366 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz