Privacy

31876 readers

1 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

How I Got a Truly Anonymous Signal Account (theintercept.com)

submitted 1 year ago by BrikoX@lemmy.zip to c/privacy@lemmy.ml

43 comments fedilink hide all child comments

Yes, you can use Signal without sharing your personal phone number. Here’s how I did it.

you are viewing a single comment's thread
view the rest of the comments

[–] refalo@programming.dev 57 points 1 year ago* (last edited 1 year ago) (3 children)

tl;dr the sms verification falls back to voice and they just used a payphone.

I guess if you count the airport full of cameras they went to to do this as "anonymous", then sure :)

Also this article from 2017 suggests not using this method:

It’s important to maintain control of this phone number. For example, you could use a disposable SMS service to register with Signal — there are many such services if you search for them — but those phone numbers can be used by anyone. Similarly, you should avoid using a public payphone’s number, or a SIM card on which you do not intend to renew service. If someone else can receive SMS messages or phone calls to this phone number, they can take your Signal account away from you.

[–] mox@lemmy.sdf.org 33 points 1 year ago (1 children)

That risk is not just theoretical. I made a test account (on another service; not Signal) using a free anonymous SMS number. A few months later, the account had been hijacked.

Of course, if it's a disposable account, then having it hijacked after you're done with it might be a good thing.

[–] Greg@lemmy.ca 11 points 1 year ago (1 children)

Signal has account pins now so I don't think the attack vector is as large as it used to be

[–] Neon@lemmy.world 16 points 1 year ago (1 children)

They can't "take over" your account, but they can "override" it and delete yours.

[–] atro_city@fedia.io 0 points 1 year ago (1 children)

How can they override it?

[–] PoorPocketsMcNewHold@lemmy.ml 7 points 1 year ago (1 children)

Register a new account over that phone number. They can't get into any previous accounts register with that phone number. They could potentially manage to find the pin if the previous user really used a guessable one, but then again, they won't be able to check the previous messages and the linked owner of that account will be warned of that new connection.

[–] atro_city@fedia.io 7 points 1 year ago

I don't think that's possible with a registration lock unless you are inactive for longer than 7 days.

Enabling a registration lock triggers a 7-day inactivity timer if your number is registered on another device.

[–] delirious_owl@discuss.online 3 points 1 year ago

Just wear a face mask and sunglasses and hoodie when using the pay phone. That way you'll blend-in and be anonymous

[–] leanleft@lemmy.ml -1 points 1 year ago (1 children)

”It’s important to maintain control of this phone number."

I strongly feel that this is false.

[–] refalo@programming.dev 5 points 1 year ago (1 children)

Care to elaborate?

[–] leanleft@lemmy.ml 0 points 1 year ago* (last edited 1 year ago) (1 children)

~~If someone trys to register with an existing number then it wont work if its already being used.~~
Im not sure on this^
Better to enable a security pin if you are concerned.
The traditional phone system involvement is annoying.

[–] refalo@programming.dev 2 points 1 year ago (1 children)

Got a source for that? There have already been multiple contradicting sources posted saying this isn't true.

[–] leanleft@lemmy.ml 2 points 1 year ago* (last edited 1 year ago)

I cant find any information that discusses the security risk. But it would seem that this transfering all content to the owner of the phone number is a standard feature.
So, maybe its not discussed because it doesn't frequently happen.
It doesnt seem like a trustworthy way to ensure users' content remains secure.
Update:
https://old.reddit.com/r/signal/comments/8r7tbc/someone_impersonating_me_using_my_old_number_what/
https://support.signal.org/hc/en-us/articles/360007062012-Change-Number
https://support.signal.org/hc/en-us/articles/360007062452-What-do-I-do-if-my-phone-is-lost-or-stolen
https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages