Signal knows who you're talking to (2023)
Mood
controversial
Sentiment
negative
Category
tech_discussion
Key topics
Signal
Privacy
Security
Messaging Apps
Discussion Activity
Very active discussionFirst comment
21m
Peak period
55
Hour 2
Avg / period
14.1
Based on 141 loaded comments
Key moments
- 01Story posted
Nov 23, 2025 at 5:22 AM EST
21h ago
Step 01 - 02First comment
Nov 23, 2025 at 5:43 AM EST
21m after posting
Step 02 - 03Peak activity
55 comments in Hour 2
Hottest window of the conversation
Step 03 - 04Latest activity
Nov 23, 2025 at 3:04 PM EST
11h ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
the question was if signal is secure and private, and the answer is about anonymity
is it secure and private - it is, is it anonymous - it's not, or at least, to some degree
Eg. you are talking to an HIV medical specialist. This inherently has privacy implications, if observable. Likewise, you wouldn't say DNS has no privacy implications.
Anonymity rather means, you don't/can't know who exactly you are talking to.
Also, “Be kind. Don't be snarky.” (https://news.ycombinator.com/newsguidelines.html)
Also, now that we know the timestamp, we know this user spread two pieces of misinformation in 28 words: Iran was never mentioned and it was not the first question in the QA. I think some snark is well justified here.
Other networks solved this by not blocking backup.
Not meant to be pedantic, but the question about phone numbers appears to be the last question after the talk, asked at 38:05 in the video. (The first question, at 30:50, is about post quantum security.) I also don’t think the asker mentions being from Iran.
Also, what about Briar/Berty as alternative?
https://play.google.com/store/apps/details?id=org.briarproje...
Will all if the messages be delivered promptly, or will most be delayed until the first few recipients have either replied or have reported your new account as spam? I don't know, I'm curious.
Signal appears to have the necessary information to compute spam prevalence per virtual number provider.
Just use SimpleX.
And you might want to tell us how this affects the privacy or security of SimpleX why you're at it.
But it does risk his app being associated with that and therefore discouraging everyday users. I wouldn't be surprised if it ends up as the next EncroChat.
EncroChat was not open-source, so it was much easier to be infiltrated.
Your comment promotes cancel-culture, and as filthy as it is in general, it's even more so in the technology world. Don't do it. Please.
Evident world views far off reason, reality, compassion and pragmatic self-regulation, don't speak for a stable, predictable and reasonable personality.
If a person thinks some humans deserve less rights than others, how could you trust any update to not reflect this world view?
Additionally you may be becoming technologically dependent on a person whose actions may be detrimental to your safety or wellbeing in other parts of your life.
You may also just don't like to promote this person's work.
It's fair to inform others about the person behind the software they are running. Everybody can make their own informed choices.
If the users' communications are encrypted — which they are — there is no way for the creator to "reflect his world view", whatever it might be, in the form of undermining the security or privacy for some part of the user base.
Because until there are other means of forming trust available, everyone only got the vibe check. Some perfect world scenario ain't gonna cut it.
If I wanted to make a honeypot that undermines users' privacy and anonymity, I would make sure to be as nice to everyone as possible. The "vibe check" is irrelevant, the false positives are far too common.
You do you. As I said, we all should be able to make informed choices as we please.
Anyway, since we're talking concrete software, could you point to such code reviews from vibe-independent auditors for continuous verifiable simplex builds targeting common communication platforms?
If not, your point is moot for the subject at hand. Decisions have to be made on the basis of reality not cozy fantasies.
I am not sure I run a single piece of software where this is done. Sporadic audits tend to bring evidence of soundness and security, not continuous absence of malicious functionality.
And yet you run it. Have you vibe-checked every such software? Did that bring you enough information about individuals creating it? If not, if there are no readily available signs, have you vetted their own, private beliefs otherwise — in order to ensure they don't clash with your own?
What if Linus Torvalds turned out to be secretly a Nazi pedophile for the whole time? Would that make you stop using Linux?
But yes, I vibe checked the software projects I use. They are mostly large enough, where single individual failings are of no consequence and unhinged people are usually removed from executive control through various means. But it's trust based on feelings and the information I got. Most people involved in these projects are mature and controlled enough to not mix politics with their work. It's not a good sign to not be in control of such impulses.
And I rather take a chance with the unknown bad, than rationalize the known. Luckily most people with a collectivist FOSS mindset don't turn out to be monsters. Who could have predicted that?!
Your turn.
Unless you mean that only users personally capable of walking through the code line by line and their immediate friends and family should run code written by neo nazis
However, human being human beings, they find it very hard to sequester their beliefs, emotions from their work. It's a common human failing. Often they are not even aware of it.
Having politically or socially divisive beliefs publicly also makes such a person a target of coercion and encouragement to yield to a "harmless" temptation by way of appropriate 3 letter like agencies.
To ensure that this does not happen will require maintaining a paranoid level of vigilance on the code all the time. That is a lot of work, very expensive and is unlikely to happen. Perhaps not fair to his creation, but that's just how it goes.
My comment is at a high level. This is the first time I heard of Simplex chat, so I don't even know what views its developer has.
That is quite the Twitter timeline.
If they are revealing their identity so that we can vet their credentials, then it makes sense that they would want us to judge them based on their online persona.
If we believe all of this to be true - it’s not really cancel culture, it’s by design that the creator of SimpleX has implemented this filtering mechanism for their users.
This guy?
You are much more secure blending in the vast masses using WhatsApp than on a ultra-targeted ultra-small app like SimpleX.
So where exactly is that "much more security" you're touting?
There are many about how they were caught because the used ultra-secure "phones for criminals".
black markets and opposition members i’ve used / talked with focus on disposability not security
the premise of their communications is always “the platform is bugged” and in case of opposition members “the government can always just beat you and trick you into unlocking your phone”
deals happen on messenger all the time and burning messages / rotating phones and accounts is very common. for opposition members, messaging apps are purely for benign communication and actual discussion happens in person or in truly destructible formats or it’s not recorded at all
periodically anon burner message apps appear on app stores and rotate out pretty fast once they start getting too much attention
the idea of a perfectly secure app for communication is currently mostly a fantasy; if a malicious actor wants to get your info and communication they will. this doesn’t mean give up completely and be insecure but instead just be in a position to ditch the app when it becomes necessary, if you need that level of security
it’s better people be trained to understand the reality of what can be done with the communication methods they use and how they can be punked so they can make informed decisions — i’m fine with signal’s goals and efforts but i’m not a fan of signal advocates treating security and privacy like another round of the OS wars, that teaches people the wrong lesson and makes it harder to convince ppl privacy and security are a problem we need to take seriously not just for criminals but for everyone. privacy and security benefit us all or it benefits no one
Regarding sealed sender I don't think they ever fixed the statistical method of identifying sealed senders described in the "improving sealed sender" paper from 2019 (?), meaning it is pretty useless anyway if signal decided they wanted to identify senders.
Improving Signal's Sealed Sender
https://www.ndss-symposium.org/ndss-paper/improving-signals-...
On the other hand, it needs to provide ultimate security, even though there is always a compromise between security and convenience. If it doesn't, geeks will criticize it for not being secure enough.
Telegram solved this already though, they allow users to register using either their phone number or a unique username. But Telegram has a huge spam problem. Which is likely the real reason Signal requires a phone number.
I was able to register with fake number I got for free on the internet. That clearly doesn't solve SPAM problem. If I know that, Signal certainly knows that.
Booooo you telegram
Matrix and XMPP are excellent protocols for decentralisation, but their E2EE implementation leaves all kinds of metadata exposed outside of the E2EE envelope.
You need to trust the server to not expose any of this information to anyone else (which is difficult to do when the police comes in with a warrant). If you use your own Matrix server(s) this isn't a direct problem, but then the communication links between you and the people you talk to would stand out immediately, so protection fails in other ways.
I'm not saying you should drop Matrix or anything, its decentralized nature and clear finances do have some trust advantages over Signal's occasional behaviour, but on a protocol level, an ultra paranoid person would probably be better off using (an audited client for) Signal.
* no sealed-sender (but see the OP on why this is not a panacea)
* server can see which users are in which rooms
* plaintext room names & topics (so serverside search can work)
* aggregations (metadata around reactions, edits, replies, threads - ie who reacted to what and with what emoji)
We’ve been working away improving this - for instance MSC3414 defines a way to encrypt key/value events like the above, and an implementation landed this summer. Similarly per-room user ids are planned too. However, it’s not trivial to get right, and we are underresourced so the work is going slower than we’d like. Also, decentralisation at least means the metadata doesn’t pool in some centralised place (as signal’s traffic footprint does, for instance). If you run your own server, then the threat may be acceptable.
I’d go as far as to say good-enough is the enemy of the better.
(Obviously there's always room for improvement, but even if there wasn't, the complaining still wouldn't stop.)
Messaging your friends? What about your family?
One of you a nerd? Have one of those people stand up a server and federate it.
If Signal remains the "authority" here, then there can be mechanisms for spam reports across federated lines, distributed blacklisting and an appeal process.
That would alleviate their burden significantly, it would retire the notion that they have to always have perfect security and it would be in-keeping with their idea that "we don't want to have the information that could expose users". The easiest way to not have information at all is to not even relay it.
Signal could have helped a lot here (so could others, to be honest).
Through the magic of cryptography, there's now (maybe) a way to "encrypt" your contact list, upload it, the server can then find your contacts without decrypting it, and connect you with them.
That's not remotely technically accurate a way to describe what is happening under the hood, but the point is, you can share your contact list without sharing your contact list.
This magic is in RFC status from Blue Sky here: https://docs.bsky.app/blog/contact-import-rfc
Sealed sender feels like a get out subpoena feature.
Thanks to this leak, surveillance states don't need to work around sealed sender stuff, though. They can just mass collect the Signal data and figure out IP patterns over time. Without proxying your traffic through ever-changing proxy networks such as Tor, it's only a matter of gathering data. Especially if someone accidentally hits the call button, which arranges a peer to peer setup immediately identifying the two parties.
Signal is still the best general purpose messenger out there if you value privacy and security. My government uses it as a communication mechanism between people and embassies in places with terrorist presence.
It looks like SimpleX has some protocol advantages but reading the reviews, the app doesn't seem good enough for the general population. It's probably because they value privacy above usability, but with problems like "messages don't get delivered if the other party doesn't open their app for a few days", that app isn't going to work for the people I talk to. I also can't really find who's paying for SimpleX, all I can find is anonymous donation links and a company listing in the UK (the country known for forcing Apple's hand in disabling E2EE backups). Probably fine, but once again, no messenger is perfect.
This is the eternal struggle. You can only hope that Whatsapp will mess up bad enough to outweigh the gigantic convenience it offers to users
One thing I dislike about Signal on its privacy posture is that the moment you register, anyone who already has Signal and has your phone number in their contacts list will get a message saying you're on Signal. This is a good way for others with bad intentions to know about your presence on the platform. The options to hide your phone number are available only after registering on Signal (after this broadcast has already happened) and when the user figures out that this is possible somewhere deep in the settings.
On registration Signal could ask whether to inform all random people who happen to have your number. But since unused/discarded phone numbers are recycled by carriers to other customers within a matter of weeks or months or years (depending on where you are), your presence on Signal may be sent to someone you've never ever known or has known you. Signal ought to remove this broadcast on registration. Telegram (and I guess WhatsApp) also suffer from the same issue.
Getting a new phone number isn't expensive, but it's infinitely more expensive than zero. And if a service is willing to block the phone companies that offer the cheapest new numbers, the price rises again.
You can buy them in bulk on shady sites for as little as 5c per pop.
Most abuse happens on an industrial scale, and it's trivially easy and practically free to bypass this kind of "security" feature.
I suppose this Sealed Sender issue is problematic for some people, but it's not enough for me to seriously consider jumping ship.
And what good did that achieve, practically? In effect, your friends and family:
- still use a centralised service with Signal (subject to enshittification/changing the deal overnight/acting as a single point of control and failure) - still use WhatsApp because they really have no choice: that's where everyone else is (and so, there is no avoiding Meta's data collection on them and indirectly, on you) - gained nothing compared to WhatsApp+E2EE (being centralised, both Signal and Meta can infer your social graph, the nature and volume of exchanges you have with your contacts, and hence the nature of your relationships, Signal only "pinky swears" it's not looking at it, and that's a very lame "guarantee").
The privacy fatalism in your comment here and in other comments is plainly incorrect.
With SSL, we no longer have to care, and that's much better that way. Signal has all the same means of (meta)data harvesting and analyzing as Meta. It can't be made different: this is built into their very centralised service. All I'm saying is that we should aim for better, and have guarantees baked into the protocol to avoid absolute metadata centralisation. Federation is a good start.
> Whatever issues Signal Foundation has had, they certainly pale in comparison to Meta's.
At this point I would trust a vibe-coded messenger app over anything produced by Meta. Security and privacy are completely opposed to Meta's business model and track record, regardless of how WhatsApp was once designed, and especially regardless of what their PR army claims. The idea that the same couldn't hypothetically happen to Signal is pure fantasy that's not worth entertaining in this discussion.
In the US one can buy a prepaid card wearing a mask and paying with cash.
Also I came across this service which purports to be anonymous: https://www.cape.co/ but has a ridiculous monthly fee.
Case in point: recently, some Russian mobile service providers started blocking registration SMS for popular messengers, Signal included.
In earlier years there were also cases of mobile number spoofing in the country, where the control over the number was given to law enforcement who then use it as second factor authentication to break into different accounts.
That's how easy it is. The word "secure" and "mobile phone number" are the opposites of each other.
I hope the PR gets merged soon.
Signal has always aimed to ensure confidentiality in the simplest way possible. People forget that there are anonymous systems or systems that do not require a telephone number but they are incredibly painful to set up. You either have to go through physical checks with QR code exchanges to validate participants or have some kind of web of trust (no one has fond memories of PGP key signing parties).
The same goes for decentralization. On paper, everyone wants decentralization. But when it comes to interconnecting hundreds of servers with different rules, moderation and legislation, and protocol versions, it becomes hell and no one wants to have to manage it (e.g. Mastodon).
There are objective reasons why these systems are not popular.
The other problem is that the very use of this type of software becomes a marker. I am convinced that the majority of Olvid users work for the French government, for example.
Iranian activists who are checked at the border or elsewhere with any uncommon communication application have already lost, regardless of the security of the application.
Crypto-punks are a niche group that can accept this type of usage constraint. My grandmother cannot, but she can use Signal and she will be one user among millions.
A number of people take advantage of this to push unrealistic and inconsistent threat models. ‘I need an anonymous, decentralised solution that can resist the NSA so I can send my shopping list to my wife. I'm not going to consider hardware access or coercion because I'm a law-abiding citizen.’
Some people forget that many things have already been tested. Do you want a file-sharing network and forums that are completely anonymous, decentralised, and resistant to censorship? It exists: Freenet. It's so overrun with paedophiles that even the most fervent advocates of anonymity have fled.
sure, but let's not pretend that the distinction is lost on Signal and serves to fuel their security theatre.
> My grandmother cannot, but she can use Signal and she will be one user among millions.
And she will not be better-off than on WhatsApp. Even assuming that Signal is a good actor today (and, surprise, it very much is *not*: using a 3rd party client is against their T&C, they have a history of pushing their crypto to your face, their marketing is based on blatant lies, …), she will be back to square one the day inevitably Signal flips.
The case I'm making here is for federation. I skipped the whole Signal stage. My family and friends (including grandmother) are now on XMPP instead. It has all the guarantees you might desire from Signal without the hanging sword of Damocles hanging over your head.
May I humbly suggest the thing I've done for 25 years, when I need to pass sensitive data like a slate of passwords or API keys or confidential business logic... I just PGP encrypt a zip file and attach it to a normal email.
This does nothing to address the anonymity issue, as you point out. But I'm really not sure that any set of measures I could take would truly keep me anonymous at this point in the race between governments and the well-funded organizations trying to evade them. I assume that no matter what I do to hide my identity, someone with enough money and motivation would be able to unmask it. To believe otherwise would be foolish.
> The server running Silk Road was imaged and forensically examined in late July. This was done surreptitiously by the hosting provider at the request of the FBI via local authorities and the Mutual Legal Assistance Treaty. They used the server’s ssh config to find the VPN server Ulbricht was logging in from and the VPN server’s last login record of IP addresses to locate a cafe near his home. The FBI was able to correlate the location based on Google’s records of the email account that was previously used to solicit users and help on the Bitcoin Talk forums, which he accessed from home the same day he logged into the VPN server.
https://www.comparitech.com/blog/vpn-privacy/staying-anonymo...
Do you have any evidence to back this claim? Specifically as it relates to Signal.
> There is still a risk that a server maliciously records all queues and messages (even though encrypted) sent via the same transport connection to gain a partial knowledge of the user’s communications graph and other meta-data.
[0]: https://github.com/simplex-chat/simplexmq/blob/master/protoc...
Also, most often the two parties use different receiving servers, and this aligns us more with the physicals letters analogy from the submitted article, except that each receiving server is more like a central post warehouse in a big city and not a small district branch.
How does Signal make money to be able to afford their AWS subscription? Do corporate clients pay for it or something?
That MySudo service he mentions in the article sounds quite interesting as well. Has anyone given it a try?
So, as with all things privacy related, it depends on your level of paranoia, I suppose ;)
This sort of thing is depressingly common in the world of encrypted messaging. It is really common for a user to not know about the requirement to do identity verification with E2EE for example.
Now, to break your confidentiality, Signal would have to have a relatively complex system setup for trying to match up messages and deanonymize people. You could imagine many scenarios where a bad actor (agency) attempts to trick Signal into logging metadata. This now requires a lot more information, and if nothing else would give you a level of deniability.
Almost feels like another CryptoAG with Snowden recommending it so much when he knows that metadata is enough.
This is single user talking to single user, though. I know it gets more complex when you have more users than that.
For example, Aztec, a privacy focused blockchain, requires recipients to download the entire block to determine if any private message is addressed to them (and BTW use techniques resembling Signal's double ratcheting in creating these identifiers) [1]
This is infeasible on mobile devices. At best, it allows the user to select a proxy server they trust to identify messages intended for them and forward a notification.
1 - https://www.taurushq.com/blog/enhancing-token-transaction-pr... (search for "synchronizer")
Using phone numbers as IDs or a verification method is a horrible practice, not to mention that it forces you to use a phone in the first place.
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.