this post was submitted on 08 Oct 2025

18 points (72.5% liked)

Privacy

42381 readers

443 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

If it ask for your phone number its not private. (lemmy.ml)

submitted 20 hours ago by lunatique@lemmy.ml to c/privacy@lemmy.ml

34 comments fedilink hide all child comments

Nowadays, a majority of apps require you to sign up with your email or even worse your phone number. If you have a phone number attached to your name, meaning you went to a cell service/phone provider, and you gave them your ID, then no matter what app you use, no matter how private it says it is, it is not private. There is NO exception to this. Your identity is instantly tied to that account.

Signal is not private. I recommend Simplex or another peer to peer onion messaging app. They don't require email or phone number. So as long as you protect your IP you are anonymous

top 34 comments

sorted by: hot top controversial new old

[–] 1XEVW3Y07@reddthat.com 1 points 15 minutes ago

I am a huge fan of SimpleX and their removal of user IDs. I think it's a brilliant solution, and wish that SimpleX was recommended more than Signal.

[–] dragospirvu75@lemmy.ml 1 points 46 minutes ago

Yes, phone number should be optional for easy contact discovery, not mandatory. As Threema. You have to provide your ID when buying a sim card.

[–] airikr@lemmy.ml 5 points 2 hours ago (1 children)

Thank you! Finally someone that also sees Signal as privacy invasing!

[–] Suburbanl3g3nd@lemmings.world 0 points 1 hour ago

Don't need an ID to buy a burner phone/number

[–] hereforawhile@lemmy.ml 2 points 1 hour ago

People dont realize that you may as well hand over your social security number when you pass out your phone number.

[–] irmadlad@lemmy.world 13 points 13 hours ago (1 children)

So, late to the party. Me Skuzi. This comment is more targeted towards your responses to user comments, but I would extend that to your entire thesis. So I decided to make an entirely new comment.

Honest questions/comments to follow:

Yes, the US govt can 'compel' a organization such as Signal to allow them to monitor/intercept encrypted messages, The government can even 'compel' a citizen to disclose their encryption key. The cost of non compliance varies from contempt of court to short term incarceration. United States v. Fricosu et al.

However, Signal would only shrug and hand them metadata. Even Signal can't decipher your messages. There are other services unrelated to Signal that operate thusly, such as VPNs, that absolutely do not keep logs and run in RAM only. Some of those VPNs have been raided and servers confiscated by multiple governments with nothing to show for their efforts. If I recall correctly mega.nz and other storage facilities operate along the same lines.

As to the requirement for a phone number, yes they do require a phone number. However, unless they've changed something recently, you can use a free or paid for, burner phone number for verification. The caveat is that if you ever have to recover your account or future verification, you may or may not have access to that number if you used a free service. So, that might be a consideration.

Also, some free services might not work while others will. If signing up for a paid account, burnerapp.com for instance, will allow you to sign up via their website, however you can't use a VPN. WiFi can be acquired at any coffee shop. If you prefer more private methods of payment for these services, there are those that accept crypto.

So, there are 'options.' You just might have to jump through a few hoops to get there.

Secondly, Signal is open source, no? The whole shebang including the protocol is open source. Where might 'they' be putting the backdoor to intercept encrypted messages? I can tell you this, the day the world finds out that the US govt has successfully cracked strong encryption ciphers, is the day you are going to see a lot of movement on this planet. From billion dollar corporations, private entities, governments, and even ne'er-do-wells on Signal.

I'm no 'fanboy', tho there is a lot to be a fan of. I'm not getting any kickbacks, compensation, or monetary advancements. If I need to be schooled, please do share.

Signal does plan to add a paid for service as well as their free service.

[–] hereforawhile@lemmy.ml 2 points 1 hour ago

AES256 was broken the day it was released change my mind.

[–] SteleTrovilo@beehaw.org 2 points 10 hours ago (1 children)

Be specific: what does Signal divilge about me to outsiders besides "I have used Signal"?

[–] lunatique@lemmy.ml 2 points 43 minutes ago (2 children)

Signal over the past few years has been exposed for having flaws in its security integrity. Even the president's current administration has had a leak issue by using the platform, Signal.

Once again, they ask for your phone number. Anything they ask for your phone number, if your phone number is tied to your identity, can easily be revealed to reveal who you are.

[–] SteleTrovilo@beehaw.org 1 points 13 minutes ago

The leak from the administration was because Pete Hegseth included a journalist in a discussion about sensitive war plans. Trying to blame that on Signal is deceptive on your part.

If you are saying that Signal does not offer anonymity then you are right. Anyone I message on there knows it's me. But Signal is still keeping my messages safe from monitoring and third-party surveillance, to the best of my knowledge.

[–] yogthos@lemmy.ml 1 points 17 minutes ago

This is the core of the issue, and it's wild how many people don't get it.

Your phone number is metadata. And people who think metadata is "just" data or that cross-referencing is some kind of sci-fi nonsense, are fundamentally misunderstanding how modern surveillance works.

By requiring phone numbers, Signal, despite its good encryption, inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.

Being able to map out who talks to whom is incredibly valuable. A three-letter agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a "person of interest" for any reason, they instantly have your entire social circle mapped out.

Worse, the act of seeking out encrypted communication is itself a red flag. It's a perfect filter: "Show me everyone paranoid enough to use crypto." You're basically raising your hand.

So, in a twisted way, Signal being a tool for private conversations, makes it a perfect machine for mapping associations and identifying targets. The fact that it operates using a centralized server located in the US should worry people far more than it seems to.

The kicker is that thanks to gag orders, companies are legally forbidden from telling you if the feds come knocking for this data. So even if Signal's intentions are pure, we'd never know how the data it collects is being used. The potential for abuse is baked right into the phone-number requirement.

[–] shaytan@lemmy.dbzer0.com 33 points 20 hours ago (3 children)

Signal is private, what you should differentiate is being anonymous or not. Using your usual phone number is NOT Anonymous but is PRIVATE, as in the content of your messages being only available to you and the person you're talking to

The way you get a phone number depends on you too, so you can be very much be Anonymous even if signal requires a phone number.

[–] eldavi@lemmy.ml 3 points 12 hours ago

the phone number drives me nut since mine changes every few months; everyone i know has my voip number that gets everything forwarded to each new number.

[+] corvus@lemmy.ml -11 points 18 hours ago* (last edited 18 hours ago) (2 children)

You are very naive if you think that a company located un the US can provide an encrypted messaging service that can be used by anyone including terrorists, druglords and US enemies without the government being able to access the messages. Lavabit was a famous case and had to shutdown because its founder rejected to comply with an order from the US government to grant access to information. If you are using centralized communication service located in the US forget about privacy.

”Lavabit is believed to be the first technology firm that has chosen to suspend or shut down its operation rather than comply with an order from the United States government to reveal information or grant access to information.[3] Silent Circle, an encrypted email, mobile video and voice service provider, followed the example of Lavabit by discontinuing its encrypted email services.[25] Citing the impossibility of being able to maintain the confidentiality of its customers' emails should it be served with government orders, Silent Circle permanently erased the encryption keys that allowed access to emails stored or transmitted by its service.[26]"

"Levison (founder) explained he was under a gag order and that he was legally unable to explain to the public why he ended the service.[21]"

[–] QuazarOmega@lemy.lol 15 points 17 hours ago

Since when is encryption dependent on the service's jurisdiction? When Signal has got subpoenaed it has always been incapable of providing data that involves the content of the conversation https://signal.org/bigbrother/

The app is also open source with reproducible builds (and you can use Molly instead, if you prefer) and when the clients of an end-to-end encrypted system are sound, that is all that matters to secure the content of the communication.
Audits are also performed as listed here https://community.signalusers.org/t/overview-of-third-party-security-audits/13243

I don't understand where this doomerism comes from tbh, (online) privacy will cease to exist when either maths does or it becomes globally illegal to use encryption and the government's intrusion is really so pervasive that they constantly know what you're doing. Luckily we don't yet live in that world, though the pressure is real and we are the first that have to fight for this basic human right

[–] dasgewisseextra@sh.itjust.works 0 points 18 hours ago (1 children)

https://en.wikipedia.org/wiki/Tor_(network)#History

[–] corvus@lemmy.ml -1 points 16 hours ago* (last edited 16 hours ago) (2 children)

Since when is encryption dependent on the service’s jurisdiction?

The US has a law that applies to any US company operating within its borders: it is illegal to tell your users that the US government has asked your company to spy on their behalf. This is called a key disclosure law, and the US's version of it, called National Security Letters, underwent an expansion with the PATRIOT act; by 2013, President Obama’s Intelligence Review Group reported issuing on average, nearly 60 NSLs every day.

Companies that don't comply with this law are forced to shut themselves down, or remain open, and grant access to user communications to the US government. The Signal foundation is a US domiciled company and must comply with this law without being able to disclose that they have been issued an NSL letter.

Luckily we don’t yet live in that world

Comply with the government order of granting access to messages or shut down implies that we are already in that world, long ago. What makes you think that what happened to Lavavit and Silent Circle would not happen to Signal? Only wishfull thinking can make you think that, evidence tells you otherwise.

[–] Mensh123@lemmy.world 1 points 1 hour ago

Signal is free and open-source. It cannot be denied that basically everything, including minor details like usernames, is end-to-end encrypted and kept secure. The Signal protocol has been proven to be secure by many independent experts and thus it is mathematically impossible for Signal to gain access to your sensitive information (except for your phone number, obviously).

A phone number alone just won't do much.

[–] PowerCrazy@lemmy.ml 8 points 12 hours ago* (last edited 12 hours ago) (1 children)

Ok government here are the messages i'm legally required to provide you.

U2FsdGVkX1/FEry+/NeyfmzA3icvpchwSo5qySzajv87f9PwhJyog+zS1Qv+j8bzYXG5sCLZMbFqUJn9Cp7RkVY79wuUArUaxE59LtdO0LKT+0+d220DxFVioHe8Vlaq

[–] corvus@lemmy.ml -2 points 10 hours ago* (last edited 10 hours ago) (1 children)

If it's so easy why Lavabit and Silent Circle had to shutdown?

[–] dysprosium@lemmy.dbzer0.com 4 points 10 hours ago (1 children)

Do you understand what encryption means? Genuine question.

If a company is compelled to spy on its users, it doesn't mean hack them. (although perhaps there are same edge cases where you have to wonder the exact definition of hacking)

[–] corvus@lemmy.ml 1 points 1 hour ago* (last edited 1 hour ago)

Obviously you are missing the point. Even Gmail is private if you are going to do the job of encrypting your messages by yourself, but that's irrelevant with what we are discussing here.

What we are discussing here is that if you are a company offering a service of encrypted communications located in the US, the government has all the power to force you to shut down if you don't give them access to what they want. And that's not speculation, they're actively doint it because they are backed by the law.

Why people are so naive thinking that the government are not going to do something to get what they want when the law is on their side, when sometimes they don't hesitate to do it even when it's blatantly illegal?

The only way to avoid surveillance is with free, open source and descentralized software. If there is a company in charge of running the software that's a vulnerability and, like the cases already mentioned, those in power are going to exploit it shutting the service down if the company doesn't comply.

It doesn't matter how much you like or trust the service, there's simply no reason why they wouldn't do it again when they already dit it successfuly. Why some people who care about privacy can't see this obvious fact is beyond my understanding.

[+] lunatique@lemmy.ml -9 points 20 hours ago (1 children)

People who actually care about privacy: the quality or state of being apart from company or observation (definition), wouldn't want a company knowing their phone number and thus identity tied to their phone number. Maybe you believe in a lower level of privacy than I do. That's fine but my post was for people who never thought about it but will care and those who should care.

[–] sidebro@lemmy.zip -4 points 19 hours ago (2 children)

Signal doesn't know your phone number, though. It's only used to identify other users in your contacts, and not a single thing about it is stored.

[–] shortwavesurfer@lemmy.zip 7 points 16 hours ago

That's not true. When asked to provide data, Signal is able to give your phone number and the last login time.

[–] lunatique@lemmy.ml 2 points 18 hours ago

Wow. You give them your phone number to sign up. They text you a confirmation code but they don't know your phone number. Magic

[–] autonomoususer@lemmy.world 2 points 14 hours ago

https://lemmy.world/post/35730511

[–] IncensedCedar@hexbear.net 3 points 18 hours ago (1 children)

You can also get a phone number in a number of ways without it being connected to your identity. You can use voip services or buy a phone and a SIM in cash. I still think this is a good think to point out for all the people who use signal or other services with a phone number directly connected to their identity.

[–] freedickpics@lemmy.ml 3 points 14 hours ago

Depends where you live. I'm in Australia and phone companies aren't allowed to activate a number without tying it to an ID. So criminals just use stolen IDs and regular people don't get privacy. Also YMMV but virtually every service that needs phone verification won't accept VoIP numbers anymore

[–] Prove_your_argument@piefed.social 1 points 18 hours ago (2 children)

lol try signing up for an email account today without tying a phone number to it or another established email account. It's incredibly difficult.

You might be able to create an account, but then all "3rd party services" (e.g. creating accounts on absolutely fucking anything) will be blocked and your account will be either restricted or forced to submit a kind of verification that doxes you to lift said block, probably.

I found a single sketchy provider that would take verifications from proton mail that allowed me to then create more accounts, but I had to try over a dozen mail providers before I found the obscure one that did not require any pre-existing accounts, phone numbers or identification documents to just create an email to simply sign up for any web forum, service or basically do anything most people do with email. Everything ends up linked to each other at some point.

There's just no privacy anymore. The ones who think there is are probably not as private as they really think they are today.

[–] freedickpics@lemmy.ml 2 points 14 hours ago

Tutamail is the only service I know of that still doesn't need anything but I don't expect it to last. Email providers that don't make you verify anything end up being used for spam and then websites just start blocking their domain from being used for account creation

[–] lunatique@lemmy.ml 2 points 17 hours ago (1 children)

Protonmail is highly accepted and tutamail didn't ask for my number or another email. You are in a group called privacy but you think there is no privacy?

I just stop using those accounts that force me to give up my number. It's called standards, YOU must have them and you will have more privacy than most.

This group function is to help increase privacy. That's what I'm doing by letting you know not to use your phone number. If you have a defeatist ideology. You lose.

[–] Prove_your_argument@piefed.social 1 points 1 hour ago* (last edited 1 hour ago) (1 children)

Protonmail is highly accepted

Sure, requires 3rd party email or cell phone to work though.

tutamail didn’t ask for my number or another email

The last one, run by little over a dozen people as FOSS, and easily quashed by the long arm of the law or a pricey lawsuit. What happens then?

I just stop using those accounts that force me to give up my number. It’s called standards

You still need an email that is completely associated to you for official things like medical interactions, government interactions, and stuff like sports tickets if you care about going to a sports game in a town like Boston. Hell, when you send resumes I assume you have a professional inbox for that too.

So how do you do it? Do you live in two worlds with a burner phone / never checking your 'private' stuff outside of some kind of proxy/vpn scenario where you remote into whatever box is handling your actual private online presence?

[–] lunatique@lemmy.ml 2 points 51 minutes ago

Geez. You just don't get it. You don't need your identity tied to your email. Proton mail didn't ask me for a phone or email. But I've had it for years so maybe that changed. But you conceal your personal info when you sign up. Tutamail is used by many people. And you can email any other email provider with it