this post was submitted on 08 Oct 2025
59 points (77.1% liked)

Privacy

42437 readers
725 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
59
If it ask for your phone number its not private. (lemmy.ml)
submitted 2 days ago by lunatique@lemmy.ml to c/privacy@lemmy.ml
130 comments fedilink hide all child comments
 

Nowadays, a majority of apps require you to sign up with your email or even worse your phone number. If you have a phone number attached to your name, meaning you went to a cell service/phone provider, and you gave them your ID, then no matter what app you use, no matter how private it says it is, it is not private. There is NO exception to this. Your identity is instantly tied to that account.

Signal is not private. I recommend Simplex or another peer to peer onion messaging app. They don't require email or phone number. So as long as you protect your IP you are anonymous

(page 2) 50 comments
sorted by: hot top controversial new old
[–] Zerush@lemmy.ml 1 points 1 day ago (2 children)

2FA is an important security layer, if the service, after sending you the activating SMS with the code, delete your number (normal in serious services), it's also not an privacy problem. In big us corporations on the other hand, it is, eg.Google store tour number and also probably share it, there 2FA is not an option. Instead a number, some services also admit alternatively a second e-mail account to receive the activation code, there, if you have doubt, you can use an disposable mail, so there isn't any privacy problem.

[–] HotChickenFeet@sopuli.xyz 1 points 1 day ago (1 children)

2FA is important, but if you use your phone number for anything, you have no idea how long they retain it, how they directly use it, if they sell it, etc. A real phone number can be mapped back to you trivially.

It should be standard to offer TOTP codes that can be used via an authenticator app, hardware key, etc. Aome places do, many do not.

But at the end of the day, they typically don't ask for your phone number because they want to give you security, but rather as a proxy to ensure you have a unique identity. Most people will have only one phone number, and it will be more difficult / costly to get additional ones than burner emails, etc.

load more comments (1 replies)
load more comments (1 replies)
[–] utopiah@lemmy.ml 6 points 1 day ago

Started to write a long paragraph to explain the difference between privacy and anonymity but I now believe this new user is (no idea why) collecting engagement via rage bait. I won't participate in their posts anymore.

It might even come from a good place, namely trying to always do "better" and be "more private" but in practice it's just lead to confusion.

[–] monovergent@lemmy.ml 2 points 1 day ago (2 children)

I'm ready to be called milquetoast, and while I see where this comes from, it comes off idealistic if we are to communicate with people in the present day in any practical way. Do not forget how much of an improvement it already is over the likes of proprietary messaging apps and how much effort it already is to move people to Signal. It is surprisingly difficult for common folk to grasp the concept of anything but a phone number when it comes to messaging apps.

[–] sqgl@sh.itjust.works 1 points 1 day ago

Indeed, those who don't have older friends totally underestimate how confused the oldies get by the concept of an alternative phone/messaging app.

load more comments (1 replies)
[–] shaytan@lemmy.dbzer0.com 58 points 2 days ago (26 children)

Signal is private, what you should differentiate is being anonymous or not. Using your usual phone number is NOT Anonymous but is PRIVATE, as in the content of your messages being only available to you and the person you're talking to

The way you get a phone number depends on you too, so you can be very much be Anonymous even if signal requires a phone number.

load more comments (26 replies)
[–] irmadlad@lemmy.world 21 points 2 days ago (4 children)

So, late to the party. Me Skuzi. This comment is more targeted towards your responses to user comments, but I would extend that to your entire thesis. So I decided to make an entirely new comment.

Honest questions/comments to follow:

Yes, the US govt can 'compel' a organization such as Signal to allow them to monitor/intercept encrypted messages, The government can even 'compel' a citizen to disclose their encryption key. The cost of non compliance varies from contempt of court to short term incarceration. United States v. Fricosu et al.

However, Signal would only shrug and hand them metadata. Even Signal can't decipher your messages. There are other services unrelated to Signal that operate thusly, such as VPNs, that absolutely do not keep logs and run in RAM only. Some of those VPNs have been raided and servers confiscated by multiple governments with nothing to show for their efforts. If I recall correctly mega.nz and other storage facilities operate along the same lines.

As to the requirement for a phone number, yes they do require a phone number. However, unless they've changed something recently, you can use a free or paid for, burner phone number for verification. The caveat is that if you ever have to recover your account or future verification, you may or may not have access to that number if you used a free service. So, that might be a consideration.

Also, some free services might not work while others will. If signing up for a paid account, burnerapp.com for instance, will allow you to sign up via their website, however you can't use a VPN. WiFi can be acquired at any coffee shop. If you prefer more private methods of payment for these services, there are those that accept crypto.

So, there are 'options.' You just might have to jump through a few hoops to get there.

Secondly, Signal is open source, no? The whole shebang including the protocol is open source. Where might 'they' be putting the backdoor to intercept encrypted messages? I can tell you this, the day the world finds out that the US govt has successfully cracked strong encryption ciphers, is the day you are going to see a lot of movement on this planet. From billion dollar corporations, private entities, governments, and even ne'er-do-wells on Signal.

I'm no 'fanboy', tho there is a lot to be a fan of. I'm not getting any kickbacks, compensation, or monetary advancements. If I need to be schooled, please do share.

Signal does plan to add a paid for service as well as their free service.

[–] corvus@lemmy.ml 1 points 1 day ago* (last edited 1 day ago) (1 children)

Signal would only shrug and hand them metadata

So at the very least by using Signal the government can know everyone you communicated with, at what time and where. And still is considered a private messenger. Amazing.

[–] irmadlad@lemmy.world 6 points 1 day ago* (last edited 1 day ago)

As clients upgrade, messages will automatically be delivered using sealed sender whenever possible. Users can enable an optional status icon that will be displayed in the detailed information view for a message to indicate when this happens. These protocol changes are an incremental step, and we are continuing to work on improvements to Signal’s metadata resistance. In particular, additional resistance to traffic correlation via timing attacks and IP addresses are areas of ongoing development. https://signal.org/blog/sealed-sender

In reading about the Sealed Sender protocol, as I understand, it redacts whom you've contacted. However, the metadata does include timestamps. I have no dog in this hunt as 99% of my messages are whispered into someone's ear. Still, one must implicitly trust the receiver of such whispered messages. I honestly don't care what app you use. Those choices are ultimately yours and yours alone and hopefully dependent on who you entrust with your data. This is just an interesting dissection of Signal and privacy/anonymity for the muse.

In the end, we all trust some entity whether it be your ISP who has your bank account info and residential address and can tell when you're downloading 150 gigs of Linux distros overnight even with a VPN, a bank with every last transaction you authorize, the time/date, or government to which we pay income taxes who has pretty much all the info they would need to show up at your doorstep. If your threat model precludes all the above, I would recommend whispering and disconnecting from society. I honestly do not see any other way.

load more comments (3 replies)
[–] 1XEVW3Y07@reddthat.com 5 points 1 day ago (1 children)

I am a huge fan of SimpleX and their removal of user IDs. I think it's a brilliant solution, and wish that SimpleX was recommended more than Signal.

load more comments (1 replies)
[–] titanicx@lemmy.zip 1 points 1 day ago (2 children)

Do you think your phone number is private?

[–] pineapple@lemmy.ml 1 points 1 day ago (3 children)

it's definetly not public information

load more comments (3 replies)
[–] lunatique@lemmy.ml 0 points 1 day ago

I don't have a phone number

[–] airikr@lemmy.ml 4 points 2 days ago (1 children)

Thank you! Finally someone that also sees Signal as privacy invasing!

load more comments (1 replies)
[–] hereforawhile@lemmy.ml 3 points 2 days ago (1 children)

People dont realize that you may as well hand over your social security number when you pass out your phone number.

[–] SteleTrovilo@beehaw.org 3 points 1 day ago (1 children)

Indeed, I also don't realize that. Please explain further.

load more comments (1 replies)
load more comments
view more: ‹ prev next ›