Recent searches
Search options
@zeh
It may be worth reiterating at this point that although Signal uses your phone number as a user identifier, I'm not actually sure of they store it or just a hash of it, and they definitely don't transmit otjer numbers from your contacts for discovery:
https://support.signal.org/hc/en-us/articles/360007061452-Does-Signal-send-my-number-to-my-contacts-
They also announced they're trying to move away from using phone numbers at all (the recent intoduction of PINs is in preparation of that) -- but it may take some time
@jgoerzen
@Mr_Teatime @jgoerzen @zeh #OWS keeps a copy of your phone number on record for account recovery purposes. Of course, this also opens you up to various attacks and compromises.
@Mr_Teatime @zeh @jgoerzen "Open" Whisper Systems
@jgoerzen @zeh @Mr_Teatime ..despite the closed nature of their network
Hm... yeah, makes sense. Would it be possible to do those things without storing the user ID?
@Mr_Teatime @zeh @jgoerzen It occurs to me that they could theoretically store a hash, and then ask for the ph# again at acct recovery time, then compare the hashes. But I don't give OWS the benefit of the doubt considering how they push users into Google Playstore & claim it's safer than the APK download which they hide. It's hard to trust OWS anytime trust is needed.
As far as I can tell, they are pretty good at minimizing the amount of stored data, including profile, contact data, metadata etc:
https://signal.org/bigbrother/
As far as i can tell, they don't have more than the phone number (hashed or not, not sure, haven't found the info yet)
Also, the code is open source, so it is testable whether it does what OWS says it does -- no need to speculate.
