Signal’s mission and sole focus is private communication. For years, Signal has kept your messages private, your profile information (like your name and profile photo) private, your contacts private, and your groups private – among much else. Now we’re taking that one step further, by making your...
A PoW could limit bots too. Require say 30 seconds of work before your registration submits. For regular users that isnt to bad. For bots its a PITA to get tons of accounts
Edit: tor uses PoW as DDOS protection and its helped massively
It was the original purpose of the bitcoin algorithm to limit spam.
If you have to do a lot of maths that takes your computer (for example) 30 seconds, that means it costs 30 seconds of compute to create an account. Nothing to an average user, for a spammer that wants thousands of accounts it gets expensive.
Several captcha[0] libraries already use this and it’s great for accessibility (normal captchas are terrible for it)
For each account you register, you have to do 30 seconds worth of work. So to register one account, you do 30 seconds worth of work. To register 100 accounts, you do 100*30 or 3000 seconds (50 minutes) worth of work. Registering tens of thousands of accounts then becomes unfeasible.
I thought peoples big problem with it was not wanting to give others their number to use signal? Like I meet Joe Blog online and don’t want to give him my real number to chat.
Personally, I care about the phone number requirement not because I don’t want to reveal it to Signal servers, but because it limits access to Signal for people in countries that block their SMS service - registration messages just don’t arrive
I thought peoples big problem with it was not wanting to give others their number to use signal?
The issue is that giving your phone number to Signal Messenger LLC is giving it to others, and therefore not keeping it private in the usual sense of the word.
Some people may be unconcerned about a corporation knowing their number vs. their contacts knowing their number, but that doesn’t diminish the misleading aspect of this headline.
Putting a SIM card in a phone exposes it to enormous surface area of attack. People have been asking to register with anonymous emails instead of a phone number, like Wire has had for years
Wrong, it still keeps it private but not anonymous. It’s not the same concept and for most thread models knowing that you use Signal is not really an issue, especially since with this feature no one can check if you have one if you don’t give them your username unless they have access to Signal servers in which case they still have nothing except the knowledge that you have an account.
They do a lot of work to keep your phone number private, or at least any data that is tied to it. This username upgrade is solely for someone to communicate over Signal without needing to hand over your phone number.
For example, you can now be in group chats with internet strangers by just giving them your username.
On top of that, once MLS is adopted, you can communicate with other messengers as well.
Finally, been ages.
A number is still needed to register I believe.
Requiring a number is a good way to limit bots.
A PoW could limit bots too. Require say 30 seconds of work before your registration submits. For regular users that isnt to bad. For bots its a PITA to get tons of accounts
Edit: tor uses PoW as DDOS protection and its helped massively
PoW…Prisoner of war?
That will also keep away bots.
You can only sign up if you’ve taken at least one Prisoner of War. Bots can’t take prisoners of war for obvious reasons.
Kinda like how Aztec boys came into age in their society.
Proof of work. Example, bitcoin
How does this prove anything if using an emulator to bulk register bot accounts? Also, Signal Desktop is a thing.
It was the original purpose of the bitcoin algorithm to limit spam.
If you have to do a lot of maths that takes your computer (for example) 30 seconds, that means it costs 30 seconds of compute to create an account. Nothing to an average user, for a spammer that wants thousands of accounts it gets expensive.
Several captcha[0] libraries already use this and it’s great for accessibility (normal captchas are terrible for it)
[0] I know, it’s not technically a captcha.
Accessibility is very important to me as a blind user, and this helps tremendously.
Anything you use to autotranscribe images or are image uploads without alt text a nightmare?
Oh, neat. I was unfamiliar with PoW. Thanks!
Pow does not limit spam in bitcoin. Fees do. Pow is used as a decentralized election mecanism to distribute the block production.
I know what it is. It is not a barrier to entry though.
He explained why it is, so can you elaborate on why it’s not?
For each account you register, you have to do 30 seconds worth of work. So to register one account, you do 30 seconds worth of work. To register 100 accounts, you do 100*30 or 3000 seconds (50 minutes) worth of work. Registering tens of thousands of accounts then becomes unfeasible.
And how can a VM or emulator NOT do this?
Anything that can compute can do it. The important part is that it has an associated non-insignificant cost.
deleted by creator
Indeed, which makes their headline a bit misleading. Giving Signal your phone number is not keeping it private.
I thought peoples big problem with it was not wanting to give others their number to use signal? Like I meet Joe Blog online and don’t want to give him my real number to chat.
Less people worried that signal had their number?
Seems the second group is a vocal minority. This feature helps the first group, but doesn’t help the second group.
According to Signal, the first group is the larger group and this helps the most users of Signal.
Could it be better? Sure. This is still a good step in terms of privacy, even though it doesn’t really improve anonymity.
Its important to not let perfect be the enemy of good.
Personally, I care about the phone number requirement not because I don’t want to reveal it to Signal servers, but because it limits access to Signal for people in countries that block their SMS service - registration messages just don’t arrive
It’s specific to signal? Like they want to block people registering or what’s up with that SMS block?
Not specific to Signal. I believe he was referring to places where Twilio doesn’t serve, for example because of sanctions.
The issue is that giving your phone number to Signal Messenger LLC is giving it to others, and therefore not keeping it private in the usual sense of the word.
Some people may be unconcerned about a corporation knowing their number vs. their contacts knowing their number, but that doesn’t diminish the misleading aspect of this headline.
Putting a SIM card in a phone exposes it to enormous surface area of attack. People have been asking to register with anonymous emails instead of a phone number, like Wire has had for years
Do you need the SIM card inside the phone after registration?
Does it matter? At that point your phone is owned by Pegasus et all with zero click vulns
Wrong, it still keeps it private but not anonymous. It’s not the same concept and for most thread models knowing that you use Signal is not really an issue, especially since with this feature no one can check if you have one if you don’t give them your username unless they have access to Signal servers in which case they still have nothing except the knowledge that you have an account.
They do a lot of work to keep your phone number private, or at least any data that is tied to it. This username upgrade is solely for someone to communicate over Signal without needing to hand over your phone number.
For example, you can now be in group chats with internet strangers by just giving them your username.
On top of that, once MLS is adopted, you can communicate with other messengers as well.
What is MLS?
Kinda stupid for privacy to hand over your phone number… Very counter intuitive