Comment

Comment on Telegram is exposing their users privacy.

The second I went to sign up and learned a phone number was absolutely required, I knew that declaration was pure bullshit.

source

Sort:hotnew top

helenslunch@feddit.nl ⁨2⁩ ⁨days⁩ ago
Signal requires that as well. Their privacy is definitely not bullshit. As far as I can tell, it’s a spam mitigation method.

source
- Ganbat@lemmy.dbzer0.com ⁨2⁩ ⁨days⁩ ago
  It’s bad for privacy no matter how you sell it. Unless you have a good amount of disposable income to buy up burner numbers all the time, a phone number tends to be incredibly identifying. So if a government agency comes along saying “Hey, we know this account sent this message and you have to give us everything you have about this account,” for the average person, it doesn’t end up being that different than having given them your full id.
  
  source
  - calamityjanitor@lemmy.world ⁨2⁩ ⁨days⁩ ago
    Another aspect is the social graph. It’s targeted for normies to easily switch to.
    
    Very few people want to install a communication app, open the compose screen for the first time, and be met by an empty list of who they can communicate with.
    
    signal.org/blog/private-contact-discovery/
    
    By using phone numbers, you can message your friends without needing to have them all register usernames and tell them to you. It also means Signal doesn’t need to keep a copy of your contact list on their servers, everyone has their local contact list.
    
    This means private messages for loads of people, their goal.
    
    Hey, we know this account sent this message and you have to give us everything you have about this account
    
    It’s a bit backwards, since your account is your phone number, the agency would be asking “give us everything you have from this number”. They’ve already IDed you at that point.
    
    source
    Ganbat@lemmy.dbzer0.com ⁨2⁩ ⁨days⁩ ago
    Yep, at that point they’re just fishing for more which, hey, why wouldn’t they.
    
    It’s a give and take for sure, requiring a real phone number makes it harder for automated spam bots to use the service, but at the same time, it puts the weight of true privacy on the shoulders and wallets of the users, and in a lesser way, incentives the use of less than reputable services, should a user want to truly keep their activities private.
    
    And yeah, there’s an argument to be made for keeping crime at bay, but that also comes with risks itself. If there was some way to keep truly egregious use at bay while not risking a $10,000 fine on someone for downloading an episode of Ms. Marvel, I think that would be great.
    
    source
  - PapstJL4U@lemmy.world [bot] ⁨1⁩ ⁨day⁩ ago
    Guys like you see privacy as a monolith, that it never is. Unusable privacy is meanigless as email had shown. Privacy of communications does not mean privacy of communicators and usable authentication can be more important then anonymity.
    
    And all this has to be realised on real-world servers, that are always in reach of real world goverment.
    
    source
  - helenslunch@feddit.nl ⁨2⁩ ⁨days⁩ ago
    
    It’s bad for privacy no matter how you sell it.
    
    I mean it’s not ideal but as long as it’s not tied to literally any other information, the way Signal does it, it’s “fine”, and certainly not “pure bullshit”.
    
    So if a government agency comes along saying “Hey, we know this account sent this message and you have to give us everything you have about this account,” for the average person, it doesn’t end up being that different than having given them your full id.
    
    They have done this several times, they get nothing
    
    source
    Ganbat@lemmy.dbzer0.com ⁨2⁩ ⁨days⁩ ago
    Says right there in the subpoena “You are required to provide all information tied to the following phone numbers.” This means that the phone number requirement has already created a leak of private information in this instance, Signal simply could add more to it.
    
    Additionally, that was posted in 2021. Since then, Signal has introduced usernames to “keep your phone number private.” Good for your average Joe Blow, but should another subpoena be submitted, this time stating “You are required to provide all information tied to the following usernames,” this time they will have something to give, being the user’s phone number, which can then be used to tie any use of Signal they already have proof of back to the individual.
    
    Yeah, it’s great that they don’t log what you send, but that doesn’t help if they get proof in any other way. The fact is, because of the phone number requirement, anything you ever send on Signal can easily be tied back to you should it get out, and that subpoena alone is proof that it does.
    
    source
    -> View More Comments