this post was submitted on 20 Feb 2024
642 points (99.2% liked)

Privacy

31837 readers
85 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 107 points 8 months ago* (last edited 8 months ago) (3 children)

Finally, been ages.

A number is still needed to register I believe.

[–] [email protected] 74 points 8 months ago (1 children)

Requiring a number is a good way to limit bots.

[–] [email protected] 29 points 8 months ago* (last edited 8 months ago) (1 children)

A PoW could limit bots too. Require say 30 seconds of work before your registration submits. For regular users that isnt to bad. For bots its a PITA to get tons of accounts

Edit: tor uses PoW as DDOS protection and its helped massively

[–] [email protected] 61 points 8 months ago (2 children)
[–] [email protected] 47 points 8 months ago

That will also keep away bots.

You can only sign up if you've taken at least one Prisoner of War. Bots can't take prisoners of war for obvious reasons.

Kinda like how Aztec boys came into age in their society.

[–] [email protected] 18 points 8 months ago* (last edited 8 months ago) (1 children)

Proof of work. Example, bitcoin

[–] [email protected] 33 points 8 months ago* (last edited 8 months ago) (2 children)

How does this prove anything if using an emulator to bulk register bot accounts? Also, Signal Desktop is a thing.

[–] [email protected] 28 points 8 months ago* (last edited 8 months ago) (4 children)

It was the original purpose of the bitcoin algorithm to limit spam.

If you have to do a lot of maths that takes your computer (for example) 30 seconds, that means it costs 30 seconds of compute to create an account. Nothing to an average user, for a spammer that wants thousands of accounts it gets expensive.

Several captcha[0] libraries already use this and it's great for accessibility (normal captchas are terrible for it)

[0] I know, it's not technically a captcha.

[–] [email protected] 15 points 8 months ago (1 children)

Accessibility is very important to me as a blind user, and this helps tremendously.

[–] [email protected] 1 points 8 months ago (1 children)

Anything you use to autotranscribe images or are image uploads without alt text a nightmare?

[–] [email protected] 3 points 8 months ago (1 children)
[–] [email protected] 3 points 8 months ago

Ah bummer… I’ll do better!

[–] [email protected] 10 points 8 months ago

Oh, neat. I was unfamiliar with PoW. Thanks!

[–] [email protected] 5 points 8 months ago

Pow does not limit spam in bitcoin. Fees do. Pow is used as a decentralized election mecanism to distribute the block production.

[–] [email protected] 13 points 8 months ago (10 children)

For each account you register, you have to do 30 seconds worth of work. So to register one account, you do 30 seconds worth of work. To register 100 accounts, you do 100*30 or 3000 seconds (50 minutes) worth of work. Registering tens of thousands of accounts then becomes unfeasible.

load more comments (9 replies)
[–] [email protected] 15 points 8 months ago* (last edited 8 months ago) (3 children)

A number is still needed to register I believe.

Indeed, which makes their headline a bit misleading. Giving Signal your phone number is not keeping it private.

[–] [email protected] 35 points 8 months ago (3 children)

I thought peoples big problem with it was not wanting to give others their number to use signal? Like I meet Joe Blog online and don't want to give him my real number to chat.

Less people worried that signal had their number?

[–] [email protected] 17 points 8 months ago (2 children)

Seems the second group is a vocal minority. This feature helps the first group, but doesn't help the second group.

According to Signal, the first group is the larger group and this helps the most users of Signal.

Could it be better? Sure. This is still a good step in terms of privacy, even though it doesn't really improve anonymity.

[–] [email protected] 8 points 8 months ago

Its important to not let perfect be the enemy of good.

[–] [email protected] 6 points 8 months ago (1 children)

Personally, I care about the phone number requirement not because I don't want to reveal it to Signal servers, but because it limits access to Signal for people in countries that block their SMS service - registration messages just don't arrive

[–] [email protected] 2 points 8 months ago (1 children)

It's specific to signal? Like they want to block people registering or what's up with that SMS block?

[–] [email protected] 3 points 8 months ago

Not specific to Signal. I believe he was referring to places where Twilio doesn't serve, for example because of sanctions.

[–] [email protected] 2 points 8 months ago (1 children)

Putting a SIM card in a phone exposes it to enormous surface area of attack. People have been asking to register with anonymous emails instead of a phone number, like Wire has had for years

[–] [email protected] 2 points 8 months ago (1 children)

Do you need the SIM card inside the phone after registration?

[–] [email protected] -1 points 8 months ago

Does it matter? At that point your phone is owned by Pegasus et all with zero click vulns

[–] [email protected] -5 points 8 months ago

I thought peoples big problem with it was not wanting to give others their number to use signal?

The issue is that giving your phone number to Signal Messenger LLC is giving it to others, and therefore not keeping it private in the usual sense of the word.

Some people may be unconcerned about a corporation knowing their number vs. their contacts knowing their number, but that doesn't diminish the misleading aspect of this headline.

[–] [email protected] 8 points 8 months ago

Wrong, it still keeps it private but not anonymous. It's not the same concept and for most thread models knowing that you use Signal is not really an issue, especially since with this feature no one can check if you have one if you don't give them your username unless they have access to Signal servers in which case they still have nothing except the knowledge that you have an account.

[–] [email protected] 6 points 8 months ago (1 children)

They do a lot of work to keep your phone number private, or at least any data that is tied to it. This username upgrade is solely for someone to communicate over Signal without needing to hand over your phone number.

For example, you can now be in group chats with internet strangers by just giving them your username.

On top of that, once MLS is adopted, you can communicate with other messengers as well.

[–] [email protected] 1 points 8 months ago
[–] [email protected] 12 points 8 months ago

Kinda stupid for privacy to hand over your phone number... Very counter intuitive