Signal introduces "username" feature

2

Comments

  • @Ympker said:
    @treesmokah this might be offtopic, but since you seem to be quite active in the privacy scene, have you heard of or even tried Session by Oxen? I used it once with a friend, but we quickly stopped doing so, because unlike Signal nobody of our friends even knew Session. Session doesn't require a phone number to sign up and seems to send messages and route calls through an Onion networks where messages and files appear to be like separated encrypted shard where one server never holds enough data to decrypt a message. They're also F-Droid: https://getsession.org/

    Session requires you trust the masternodes, so you put your trust into the people running those to use it. It is also using the OXEN (used to be LOKI) cryptocurrency for the chats.

    VPS providers to check out:

  • Not_OlesNot_Oles Hosting ProviderContent Writer
    edited February 20

    @treesmokah said:

    @Bogddan said:

    @treesmokah said:

    @lapua said:
    "If you were building a secure platform, and wanted to use an identifier, what would be the worst thing to use? Phone numbers." - this is the fundamental design flaw of signal!

    It costs a whole $0.06 to have an "anonymous" Signal account.

    Again, it all depends on your threat model. Signal was supposed to be normie friendly, and it is.
    I would not trust for anonymous communication, I trust it with secure communication with my friends and family.

    What's the name of this service? The ones I found are more expensive.

    https://onlinesim.io/

    @treesmokah How do you pay onlinesim.io without losing your privacy?

    I hope everyone gets the servers they want!

  • edited February 20

    @Not_Oles said:

    @treesmokah said:

    @Bogddan said:

    @treesmokah said:

    @lapua said:
    "If you were building a secure platform, and wanted to use an identifier, what would be the worst thing to use? Phone numbers." - this is the fundamental design flaw of signal!

    It costs a whole $0.06 to have an "anonymous" Signal account.

    Again, it all depends on your threat model. Signal was supposed to be normie friendly, and it is.
    I would not trust for anonymous communication, I trust it with secure communication with my friends and family.

    What's the name of this service? The ones I found are more expensive.

    https://onlinesim.io/

    @treesmokah How do you pay onlinesim.io without losing your privacy?

    Monero, or shielded Zcash or the mixed version of Dash.
    They support them all.

    Thanked by (1)Not_Oles
  • edited February 21

    @chitree said: Session requires you trust the masternodes

    Not really, your messages are routed by a minimum of 3 nodes(much like Tor) and stored in swarms distributed among nodes, encrypted. Attachments are stored by servers controlled by OPTF(on Hetzner I believe), and are also encrypted.

    @chitree said: so you put your trust into the people running those to use it

    Nah, you don't really have to trust any node. Only node that sees your IP is Guard, that has nothing but encrypted string that is supposed to be forwarded to another node(with its public key), and so on. On paper, correlation is extremely difficult. Hence the name "Onion routing", its being gradually decrypted by nodes.

    @chitree said: It is also using the OXEN (used to be LOKI) cryptocurrency for the chats.

    No, It isn't. Oxen is a PoS Monero fork with "masternodes" that store blockchain and "mine" blocks.
    They are also used for relaying Lokinet traffic(UDP) and Session data(special TCP based proto, while Lokinet integration is "on its way" since forever, it will most likely never come). Messages or anything related to Session(besides ONS) are never stored on the blockchain, instead in special swarms on nodes for a period of 7(or 14 days, I don't remember), not permanently. So you have to open Session from time to time to get messages before they expire in swarms, similarly to Jabber and offline queue(XEP-0160).

    In LOKI days it was done much differently, it wasn't a PoS coin with "relaying" functionality. They used something called "proxy routing" but its not important anymore.

    Session voice and video chats are entirely P2P(with centralized STUN), not onion routed/anon. Lokinet integration was supposed to allow wrapping it and making it anon, but as I mentioned above, it will most likely never come. They started writing bindings, but I haven't checked on it since forever.

    Thanked by (2)Not_Oles Lantern1368
  • I doubt Signal is doing anything malicious with user data if what the US government gets is essentially only Unix time since sign up and last access. If they had other data they would have been required to provide such data...

    Thanked by (1)Not_Oles
  • YmpkerYmpker OGContent Writer
    edited February 21

    @lapua said:
    @Ympker what about threema?

    It's hard enough to bring (non techy) friends to switch away from WhatsApp or at least use an alternative messenger as is. Threema being a paid messenger app, even if only 6€, isn't something they're going to consider after using WhatsApp, fb, insta etc free (ofc paying with data, but you know "free") for years. Convincing them to use a paid messenger won't do. Trust me, it's been hard enough to convince them to give Signal a chance.

    Right now about 20 of my contacts have Signal and about 3 of them actually use it/reply to messages sent on Signal. The others usually just continue using WhatsApp. And those 20 contacts only include about 5 ppl I was able to convince to use Signal. The rest already had it when I installed it.

    Thanked by (1)chitree
  • bikegremlinbikegremlin ModeratorOGContent Writer
    edited February 21

    People with smartphones concerned about privacy > @Ympker said:

    @lapua said:
    @Ympker what about threema?

    It's hard enough to bring (non techy) friends to switch away from WhatsApp or at least use an alternative messenger as is.

    People who use smartphones (and pay with cards) needn't worry about their privacy.

    Thanked by (2)Ympker chitree

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • YmpkerYmpker OGContent Writer
    edited February 21

    @bikegremlin said:
    People with smartphones concerned about privacy > @Ympker said:

    @lapua said:
    @Ympker what about threema?

    It's hard enough to bring (non techy) friends to switch away from WhatsApp or at least use an alternative messenger as is.

    People who use smartphones (and pay with cards) needn't worry about their privacy.

    Well, yeah. Their argument to install Signal ofc wouldn't be intrinsic motivation but just because some friend (me) tells them to use an alternative for some techy and privacy reasons they don't want to or can't follow. It's a bit like Dale Carnegie says in his books "A person convinced against their will, is of the same opinion still". This is probably why I got 20 contacts on Signal but only 3 are actively using it/replying while the others probably have been convinced again their will and set it up, but don't use it.

    Personally, I didn't install Signal because I thought I'd be anonymous or get super privacy on an Android phone. However, I thought it would be at least a better choice than only relying on Meta apps to communicate with friends. Naturally, I am still bound to WA due to many other contacts :P

  • bikegremlinbikegremlin ModeratorOGContent Writer

    @Ympker said:

    @bikegremlin said:
    People with smartphones concerned about privacy > @Ympker said:

    @lapua said:
    @Ympker what about threema?

    It's hard enough to bring (non techy) friends to switch away from WhatsApp or at least use an alternative messenger as is.

    People who use smartphones (and pay with cards) needn't worry about their privacy.

    Well, yeah. Their argument to install Signal ofc wouldn't be intrinsic motivation but just because some friend (me) tells them to use an alternative for some techy and privacy reasons they don't want to or can't follow. It's a bit like Dale Carnegie says in his books "A person convinced against their will, is of the same opinion still". This is probably why I got 20 contacts on Signal but only 3 are actively using it/replying while the others probably have been convinced again their will and set it up, but don't use it.

    Personally, I didn't install Signal because I thought I'd be anonymous or get super privacy on an Android phone. However, I thought it would be at least a better choice than only relying on Meta apps to communicate with friends. Naturally, I am still bound to WA due to many other contacts :P

    I find it inconvenient that many messengers exist.
    So, Russians mostly use Telegram, Serbs use Viber, and others mostly use WhatsAp.
    Of course, I keep all that stuff muted and check them once per day or less frequently.
    If something's urgent, people just call me.

    Thanked by (1)Ympker

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • @Ympker said:

    @lapua said:
    @Ympker what about threema?

    It's hard enough to bring (non techy) friends to switch away from WhatsApp or at least use an alternative messenger as is. Threema being a paid messenger app, even if only 6€, isn't something they're going to consider after using WhatsApp, fb, insta etc free (ofc paying with data, but you know "free") for years. Convincing them to use a paid messenger won't do. Trust me, it's been hard enough to convince them to give Signal a chance.

    Right now about 20 of my contacts have Signal and about 3 of them actually use it/reply to messages sent on Signal. The others usually just continue using WhatsApp. And those 20 contacts only include about 5 ppl I was able to convince to use Signal. The rest already had it when I installed it.

    i buy threema licences and give them away to my oh-so-poor friends who buy a cup of coffee every day for the value of a lifetime threema licence. if i tell them that, they feel very ashamed.

    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer

    @lapua said:

    @Ympker said:

    @lapua said:
    @Ympker what about threema?

    It's hard enough to bring (non techy) friends to switch away from WhatsApp or at least use an alternative messenger as is. Threema being a paid messenger app, even if only 6€, isn't something they're going to consider after using WhatsApp, fb, insta etc free (ofc paying with data, but you know "free") for years. Convincing them to use a paid messenger won't do. Trust me, it's been hard enough to convince them to give Signal a chance.

    Right now about 20 of my contacts have Signal and about 3 of them actually use it/reply to messages sent on Signal. The others usually just continue using WhatsApp. And those 20 contacts only include about 5 ppl I was able to convince to use Signal. The rest already had it when I installed it.

    i buy threema licences and give them away to my oh-so-poor friends who buy a cup of coffee every day for the value of a lifetime threema licence. if i tell them that, they feel very ashamed.

    Fair enough. I totally agree that the license's pricing is more than fair, but as a student, I'm not gonna hand out free licenses. That's why Signal is my best bet atm. I actually DO know lots of my friends that have setup Telegram and, contrary to Signal, actually use it. However, they don't seem to be aware that Telegram chats by default aren't e2e encrypted, only "secret" chats. At least that was the last time I read about Telegram. Ironically those that use it, also installed it for "privacy" reasons but then use it without e2e. Others I know use it for the TG bots to get media etc

    Thanked by (1)bikegremlin
  • bikegremlinbikegremlin ModeratorOGContent Writer

    @Ympker said:

    @lapua said:

    @Ympker said:

    @lapua said:
    @Ympker what about threema?

    It's hard enough to bring (non techy) friends to switch away from WhatsApp or at least use an alternative messenger as is. Threema being a paid messenger app, even if only 6€, isn't something they're going to consider after using WhatsApp, fb, insta etc free (ofc paying with data, but you know "free") for years. Convincing them to use a paid messenger won't do. Trust me, it's been hard enough to convince them to give Signal a chance.

    Right now about 20 of my contacts have Signal and about 3 of them actually use it/reply to messages sent on Signal. The others usually just continue using WhatsApp. And those 20 contacts only include about 5 ppl I was able to convince to use Signal. The rest already had it when I installed it.

    i buy threema licences and give them away to my oh-so-poor friends who buy a cup of coffee every day for the value of a lifetime threema licence. if i tell them that, they feel very ashamed.

    Fair enough. I totally agree that the license's pricing is more than fair, but as a student, I'm not gonna hand out free licenses. That's why Signal is my best bet atm. I actually DO know lots of my friends that have setup Telegram and, contrary to Signal, actually use it. However, they don't seem to be aware that Telegram chats by default aren't e2e encrypted, only "secret" chats. At least that was the last time I read about Telegram. Ironically those that use it, also installed it for "privacy" reasons but then use it without e2e. Others I know use it for the TG bots to get media etc

    I would argue that practically nothing is really e2e encrypted.

    Thanked by (2)Ympker chitree

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • YmpkerYmpker OGContent Writer

    @bikegremlin said:

    @Ympker said:

    @lapua said:

    @Ympker said:

    @lapua said:
    @Ympker what about threema?

    It's hard enough to bring (non techy) friends to switch away from WhatsApp or at least use an alternative messenger as is. Threema being a paid messenger app, even if only 6€, isn't something they're going to consider after using WhatsApp, fb, insta etc free (ofc paying with data, but you know "free") for years. Convincing them to use a paid messenger won't do. Trust me, it's been hard enough to convince them to give Signal a chance.

    Right now about 20 of my contacts have Signal and about 3 of them actually use it/reply to messages sent on Signal. The others usually just continue using WhatsApp. And those 20 contacts only include about 5 ppl I was able to convince to use Signal. The rest already had it when I installed it.

    i buy threema licences and give them away to my oh-so-poor friends who buy a cup of coffee every day for the value of a lifetime threema licence. if i tell them that, they feel very ashamed.

    Fair enough. I totally agree that the license's pricing is more than fair, but as a student, I'm not gonna hand out free licenses. That's why Signal is my best bet atm. I actually DO know lots of my friends that have setup Telegram and, contrary to Signal, actually use it. However, they don't seem to be aware that Telegram chats by default aren't e2e encrypted, only "secret" chats. At least that was the last time I read about Telegram. Ironically those that use it, also installed it for "privacy" reasons but then use it without e2e. Others I know use it for the TG bots to get media etc

    I would argue that practically nothing is really e2e encrypted.

    Personally, I lack the technical knowledge to verify Signals e2e claims. But it being open source at least bears the possibility of more knowledgeable people than me verifying those claims, which in the end makes it a tad better than WhatsApp imho. Of course, WhatsApp has the bigger userbase and in the end I can only do as much as try to opt for a better solution while probably still having to stick to WA for years to come.

  • I like that Threema is paid and therefore not having to rely on external funding (at least according to their own marketing materials). That said no one in my circle is going to be convinced enough to pay for it, so Signal it is. Still keep it on the back burner though.

    Thanked by (2)Ympker lapua
  • bikegremlinbikegremlin ModeratorOGContent Writer

    @Ympker said:

    @bikegremlin said:

    @Ympker said:

    @lapua said:

    @Ympker said:

    @lapua said:
    @Ympker what about threema?

    It's hard enough to bring (non techy) friends to switch away from WhatsApp or at least use an alternative messenger as is. Threema being a paid messenger app, even if only 6€, isn't something they're going to consider after using WhatsApp, fb, insta etc free (ofc paying with data, but you know "free") for years. Convincing them to use a paid messenger won't do. Trust me, it's been hard enough to convince them to give Signal a chance.

    Right now about 20 of my contacts have Signal and about 3 of them actually use it/reply to messages sent on Signal. The others usually just continue using WhatsApp. And those 20 contacts only include about 5 ppl I was able to convince to use Signal. The rest already had it when I installed it.

    i buy threema licences and give them away to my oh-so-poor friends who buy a cup of coffee every day for the value of a lifetime threema licence. if i tell them that, they feel very ashamed.

    Fair enough. I totally agree that the license's pricing is more than fair, but as a student, I'm not gonna hand out free licenses. That's why Signal is my best bet atm. I actually DO know lots of my friends that have setup Telegram and, contrary to Signal, actually use it. However, they don't seem to be aware that Telegram chats by default aren't e2e encrypted, only "secret" chats. At least that was the last time I read about Telegram. Ironically those that use it, also installed it for "privacy" reasons but then use it without e2e. Others I know use it for the TG bots to get media etc

    I would argue that practically nothing is really e2e encrypted.

    Personally, I lack the technical knowledge to verify Signals e2e claims. But it being open source at least bears the possibility of more knowledgeable people than me verifying those claims, which in the end makes it a tad better than WhatsApp imho. Of course, WhatsApp has the bigger userbase and in the end I can only do as much as try to opt for a better solution while probably still having to stick to WA for years to come.

    It gets decrypted on your device. Your device is connected to the Net.

    Thanked by (1)Ympker

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • mfsmfs OG
    edited February 21

    And then there's me using IRC

    Jokes besides (it's not a joke but w/e) an XMPP-compatible IM is all it's required and there's no need to constantly reinvent a wheel.
    Getsession has been mentioned, there are a few other "secure & pseudonymous" approaches out there. SimpleX has received some nerd hype recently as well. Matrix is convenient for its bridges, anyway it's has received some security-wise criticism has already been noted (obviously it ultimately depends on your threat model). Briar received some hype a while ago for its censorship-resistant features. Still, what matters with IMs is adoption.
    Matrix recently launched an appeal for fundraising, this has raised some concerns about its future. Signal has massive costs too, so it's no surprise that some "coins" or some revenue strategy is devised along the road. Telegram did the same too, without bothering too much about security details and practices (and not just for the fact that E2E isn't enabled per default, some bug have enabled to snoop on non-public groups using unofficial clients and other clients have been devised to be ToS-breaching) ; Telegram success eventually boils down at presenting itself as overly "convenient" for its userbase (and for some developers, since it exposes an API for various bots); it has become quite adopted and "premium" features (and coins) have been introduced. It also started to have "stories", like Instagram. Signal hopped on that boat too.
    XMPP has nothing wrong. It has been interoperable with Google Chat until 2011 I think, at that time Google/Facebook et al decided to make their XMPP implementation non interoperable. It remained interoperable with GTalk for a few years after that.
    Not every XMPP server and client have the same set of features; Snikket offers modern XMPP features making it completely interoperable with non-Snikket clients (e.g. Conversations on Android) yet offering clients for every device (including Apple-based ones) with the goal of offering a seamless user experience. If you're planning or open to self-host it (even on a raspberry pi), it could be really convenient. Sure your peers are supposed to have installed at least an XMPP-compatible client, if not Snikket itself.
    But as said, what matters with IMs is adoption. Matrix with its bridges may allow a willing sysadmin to offer a chatroom more or less available for every (or most) IMs actually used by its users, winning over the innate resistance to download yet another app for IM. A bridge may be convenient yet it will slow down actual adoption and will just add security issues.

    Will I use an username on Signal, after all these years? I don't think so. Maybe a vanity username at this point in time.
    Will Signal get more users thanks to this move? I don't think so.

    @bikegremlin said: So, Russians mostly use Telegram, Serbs use Viber, and others mostly use WhatsAp.

    Here what I see is "Whatsapp for people I know, Telegram for groups/people I don't know/trust that much" (since you aren't supposed to share your phone number)

    @treesmokah said: Good fucking luck getting your friends and family to install a XMPP client with OMEMO and teach them how federation works.

    I found less resistance to invite people to Snikket et al than to Signal, mainly because there's a perceived lower barrier at signup (I guess that giving out a personal phone-number is perceived as musky) and Message Carbons and other features

    Thanked by (2)bikegremlin chitree
  • @BruhGamer12 said:
    I doubt Signal is doing anything malicious with user data if what the US government gets is essentially only Unix time since sign up and last access. If they had other data they would have been required to provide such data...

    Let's take a look in this article from 2021 to learn more
    https://www.rt.com/op-ed/513732-signal-messenger-us-national-security/

    VPS providers to check out:

  • @Ympker said:

    @lapua said:

    @Ympker said:

    @lapua said:
    @Ympker what about threema?

    It's hard enough to bring (non techy) friends to switch away from WhatsApp or at least use an alternative messenger as is. Threema being a paid messenger app, even if only 6€, isn't something they're going to consider after using WhatsApp, fb, insta etc free (ofc paying with data, but you know "free") for years. Convincing them to use a paid messenger won't do. Trust me, it's been hard enough to convince them to give Signal a chance.

    Right now about 20 of my contacts have Signal and about 3 of them actually use it/reply to messages sent on Signal. The others usually just continue using WhatsApp. And those 20 contacts only include about 5 ppl I was able to convince to use Signal. The rest already had it when I installed it.

    i buy threema licences and give them away to my oh-so-poor friends who buy a cup of coffee every day for the value of a lifetime threema licence. if i tell them that, they feel very ashamed.

    Fair enough. I totally agree that the license's pricing is more than fair, but as a student, I'm not gonna hand out free licenses. That's why Signal is my best bet atm. I actually DO know lots of my friends that have setup Telegram and, contrary to Signal, actually use it. However, they don't seem to be aware that Telegram chats by default aren't e2e encrypted, only "secret" chats. At least that was the last time I read about Telegram. Ironically those that use it, also installed it for "privacy" reasons but then use it without e2e. Others I know use it for the TG bots to get media etc

    Telegram also rolled their own encryption instead of using an already trusted and vetted type.
    https://resources.infosecinstitute.com/topics/cryptography/the-dangers-of-rolling-your-own-encryption/

    Any messaging service that uses centralized servers is bad news. I see that SimpleX looks promising & you can host your own servers.

    Thanked by (1)Ympker

    VPS providers to check out:

  • rootroot OG
    edited February 21

    Thank you @treesmokah for the heads-up about registering usernames. I just did this for me and my wife.

    With regards to Threema, the idea sounds great, but that paid license... ouch!
    I find it really easy for me to grab a license since I appreciate privacy, but it would be hard to convince others in buying such license. The best use for such software would be inside a company, where a manager should want complete privacy within their company.

    Thanked by (1)Ympker
  • @root said:
    Thank you @treesmokah for the heads-up about registering usernames. I just did this for me and my wife.

    With regards to Threema, the idea sounds great, but that paid license... ouch!
    I find it really easy for me to grab a license since I appreciate privacy, but it would be hard to convince others in buying such license. The best use for such software would be inside a company, where a manager should want complete privacy within their company.

    or do a good deed and give away licences (worth the equivalent of a good cup of coffee)!

  • YmpkerYmpker OGContent Writer

    @root said:
    Thank you @treesmokah for the heads-up about registering usernames. I just did this for me and my wife.

    With regards to Threema, the idea sounds great, but that paid license... ouch!
    I find it really easy for me to grab a license since I appreciate privacy, but it would be hard to convince others in buying such license. The best use for such software would be inside a company, where a manager should want complete privacy within their company.

    Exactly my thoughts.

  • @chitree said:

    @BruhGamer12 said:
    I doubt Signal is doing anything malicious with user data if what the US government gets is essentially only Unix time since sign up and last access. If they had other data they would have been required to provide such data...

    Let's take a look in this article from 2021 to learn more
    https://www.rt.com/op-ed/513732-signal-messenger-us-national-security/

    Yea I am not taking RT.com at their word lol.

  • @BruhGamer12 said:

    @chitree said:

    @BruhGamer12 said:
    I doubt Signal is doing anything malicious with user data if what the US government gets is essentially only Unix time since sign up and last access. If they had other data they would have been required to provide such data...

    Let's take a look in this article from 2021 to learn more
    https://www.rt.com/op-ed/513732-signal-messenger-us-national-security/

    Yea I am not taking RT.com at their word lol.

    I guess we should just "trust" the U.S. Government instead...

    VPS providers to check out:

  • edited February 21

    @chitree said: I guess we should just "trust" the U.S. Government instead...

    yea like me saying that I don't trust RT implies what you said lol

  • I see the name SimpleX being thrown around here. Funny how the same people who speculate the potential mingling of Signal with the U.S. government or Telegram with the Russian government would rather put their faith into a LTD company based in UK and backed by venture capitalists (and no business model).

    @mfs said: Matrix recently launched an appeal for fundraising, this has raised some concerns about its future. Signal has massive costs too, so it's no surprise that some "coins" or some revenue strategy is devised along the road.

    You wouldn't like how Telegram recently raises fund then.

    @chitree said: I guess we should just "trust" the U.S. Government instead...

    A healthy dose of skepticism is always welcome, especially when it comes to the (whatever) government and their dirty laundry. That said this kind of whataboutism helps no one.

    Thanked by (2)bikegremlin chitree
  • Small update, usernames have been pushed to "live" version like 2 weeks ago now, it should be integrated well.
    https://github.com/signalapp/Signal-Desktop/releases/tag/v7.0.0

    Thanked by (1)Ympker
  • Ive been getting spam now on signal for the first time since the username update .

  • @BruhGamer12 said:
    Ive been getting spam now on signal for the first time since the username update .

    I have not received any spam personally.

  • YmpkerYmpker OGContent Writer

    Just setup my username the other day :)

  • HostAddonHostAddon Hosting Provider

    Now that is great news, i just set up mine. Sharing qr code or url and no need to give ur number, great!

    Host Addon | Premium Hosting Services
    ¦| Dedicated Servers | Premium Cloud Hosting | VPS Hosting | Shared Hosting | SSL | Domains

Sign In or Register to comment.