Privacy

37765 readers

665 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

183

Why does Signal want a phone number to register if it's supposedly privacy first? (programming.dev)

submitted 2 days ago by 0101100101@programming.dev to c/privacy@lemmy.ml

264 comments fedilink hide all child comments

I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message "hi " could be displayed was baulked at.

Why does signal want a phone number to register? Is there a better alternative?

you are viewing a single comment's thread
view the rest of the comments

[–] sonalder@lemmy.ml 8 points 2 days ago (4 children)

No but it's e2ee.

[+] coconut@programming.dev 1 points 1 day ago (3 children)

[deleted]

[–] sonalder@lemmy.ml 2 points 14 hours ago (2 children)

End-to-end encryption have been designed so that a "middleman" such as Signal can't read your conversation. Signal goes even further by encrypting metadata protecting other information such as who you're talking too and at what time (some technical and targeted attack could however determined these).

In asymetrical cryptography we tend to assume that what we call middleman is a third-party placed between the two peers during the public key exchanges (such as handshake). Signal is indeed a middleman on the infrastructure level but the software has been designed to protect you from middlemen having access to the raw, unencrypted data.

That say if you don't verify your peer's public key it's not impossible that someone has done a man-in-the-middle attack and that you're sending message to him and he's rerouting them to your peer, etc... However this is unrealistic for the average person.

So even if it's not a p2p infrastructure but some centralized servers we can assume that there is no middleman thanks to e2ee.

[–] coconut@programming.dev 1 points 4 hours ago (1 children)

You can't just write three paragraphs (that contain half-truth, half-misinformation) about how Signal is the middleman and then conclude "you can assume there's no middleman". You can't assume that. Signal is the middleman. There's no arguments to be made against this. Signal doesn't claim they aren't the middleman either.

[–] sonalder@lemmy.ml 1 points 1 hour ago

I am referring at man-in-the-middle attacks