- cross-posted to:
- privacy@lemmy.world
- signal@lemmy.ml
- cross-posted to:
- privacy@lemmy.world
- signal@lemmy.ml
It would be better if it was randomly generated, I’m looking at you CoralApples216
Doesn’t really matter with them being non unique. Multiple people can have the same username, there’s a randomly generated number that goes with it
Let’s make a compact to all use “guillotinetherich”
A pact maybe?
maybe Wogi wants to check his makeup in the mirror while he’s out at guillotine-the-rich rallies.
Why would it be better?
Probably because some people tend to pick user names that identify them in some way. Take me for example, I have a few names I go by but this username is definitely helpful in identifying me. I use it on the other place, a couple of emails, discord, telegram, etc. I don’t feel the need to be as anon as possible (no shade on those who do) so I main this one. I have a few others that I have been known to use and those are mainly for things that I don’t want easily connected back to me.
You shouldn’t be forced to be anonymous. If you want to pick the same username, you should be able to. But even so, there’s still a required number at the end. So unless your username elsewhere ends in 2 digits and isn’t already taken, then you can’t pick it anyway
The best compromise might be similar to how it works currently
Right now you enter your username, and then a number is randomly generated but you can change it manually.
Randomly generate both, and allow the user to change both
It’s not about forcing anyone to be anonymous. I’m not OP here but I kind of agree. Maybe signal should default to a randomized one with a blurb about safety, anonymity, etc but let you create your own if you want.
Again. My personal view isn’t to force random usernames on people but to maybe educate them on this stuff. Also, there are legit reasons why you should have non identifying usernames even if it’s not how the world should work. There are enough nutters out there who may recognize something in someones name that links them to someone they know offline and people are nucking futz. I can tell you stories I’ve heard from my clients that you would believe but don’t want to.
Oh and for the numbers, that can be even more identifying because people tend to use numbers that mean something to them. I have a variation on this name that includes my birth year in 2 digits. If I was posting things online that close family might have a problem with, it wouldn’t be hard to do to the math and identify me that way.
guessing it would mean that people wont be using the same username as they do on every other account. So if doodlebop69 can’t be traced from signal they could go to google and find the same doodlebop69 to grab their information from
But doodlebug69 needs to accept a message from you before you can see their profile info.
They have the username already, they don’t need to see their profile info to search for a username
It generated a suffix of two digits when I tried (you can set it explicitely but it is mandatory).
I kept having to randomly scramble it until it gave me a number I liked.
I can be your
Guest1234
anytime you want ;)
This is the best summary I could come up with:
Based on a phone number, the federal prosecutors were asking for the user’s name, address, correspondence, contacts, groups, and call records to assist with an FBI investigation.
Whenever Signal receives a properly served subpoena, they work closely with the American Civil Liberties Union to challenge and respond to it, handing over as little user data as possible.
Whittaker stressed that this is “a pretty narrow pipeline that is guarded viciously by ACLU lawyers,” just to obtain a phone number based on a username.
Signal’s leadership is aware that its critics’ most persistent complaint is the phone number requirement, and they’ll readily admit that optional usernames are only a partial fix.
She gave an example of a person who faces severe threats and normally maintains vigilance but whose mother is only on WhatsApp because she can’t figure out the numberless Signal.
Signal engineers have discussed possible alternatives to phone numbers that would maintain that friction, including paid options, but nothing is currently on their road map.
The original article contains 1,894 words, the summary contains 165 words. Saved 91%. I’m a bot and I’m open source!
just two pieces of data: the date the target Signal account was created, and the date that it last connected to the service.
And how does Usernames help here? Should be the same 2 data Points and not more?
The idea is that you change or remove your username after someone else starts a conversation with you, so the username can no longer be used to subpoena your account details.
Put another way, signal is able to provide those 2 pieces of information to law enforcement based on a phone number. This helps you to prevent law enforcement having a phone number to ask signal to look up in the first place, assuming you change your username every time you hand it out.
They also hash the usernames that they store on your account which means law enforcement can’t ask what usernames are being used, only being able to ask for specific usernames which are currently in use.
I understand that right now LEA can serve up a subpoena and give Signal a username and get a phone number, but they can’t give them a phone number and get a username.
Is it also possible for Signal to keep track of past usernames/associated hashes for a particular phone number?
(For comparison, Signal could record IP addresses, but we trust they don’t due to unsealed cases. Could they keep a username history?)
Yes it entirely depends on whether they store previously used usernames along with the date range it was in use (to tell apart multiple people who used the same username at different times)
We’ll have to see if any unsealed cases in the future support that they don’t keep those records like how they don’t keep IP logs, but personally their track record is enough for me to have confidence in the feature, especially since my “threat model” is primarily opportunistic hackers or spearphishers at most, not police or state / nation state level actors.
My phone number is registered to my phone carrier under my real name. My username is not. Unless I’ve misunderstood the question.
They don’t track username history and don’t have a server side list of plaintext usernames, and others can’t find your phone number from the username alone. That makes it harder to confirm which account is yours.
Iirc from the last time this article or similar was posted, it’s about how warrants are issued. It’s the username versus phone number not username versus or and/or other data points. Anything more than that I am still unclear about.
deleted by creator
deleted by creator
Except only data from servers thy got so far was phone number, registration date and I’m not sure if last login was even a thing.
deleted by creator
I have this for some time now on iOS
deleted by creator
I dont. I got it via normal update. The 7.1 has been installed recently on my iPhone
deleted by creator
deleted by creator
Not-a-paywall paywall.