Signal’s New Usernames Help Keep the Cops Out of Your Data
Ephemeral usernames instead of phone numbers safeguard privacy — and makes the Signal messenger app even harder to subpoena.
It would be better if it was randomly generated, I'm looking at you CoralApples216
Why would it be better?
Probably because some people tend to pick user names that identify them in some way. Take me for example, I have a few names I go by but this username is definitely helpful in identifying me. I use it on the other place, a couple of emails, discord, telegram, etc. I don't feel the need to be as anon as possible (no shade on those who do) so I main this one. I have a few others that I have been known to use and those are mainly for things that I don't want easily connected back to me.
I can be your Guest1234 anytime you want ;)
It generated a suffix of two digits when I tried (you can set it explicitely but it is mandatory).
I kept having to randomly scramble it until it gave me a number I liked.
This is the best summary I could come up with:
Based on a phone number, the federal prosecutors were asking for the user’s name, address, correspondence, contacts, groups, and call records to assist with an FBI investigation.
Whenever Signal receives a properly served subpoena, they work closely with the American Civil Liberties Union to challenge and respond to it, handing over as little user data as possible.
Whittaker stressed that this is “a pretty narrow pipeline that is guarded viciously by ACLU lawyers,” just to obtain a phone number based on a username.
Signal’s leadership is aware that its critics’ most persistent complaint is the phone number requirement, and they’ll readily admit that optional usernames are only a partial fix.
She gave an example of a person who faces severe threats and normally maintains vigilance but whose mother is only on WhatsApp because she can’t figure out the numberless Signal.
Signal engineers have discussed possible alternatives to phone numbers that would maintain that friction, including paid options, but nothing is currently on their road map.
The original article contains 1,894 words, the summary contains 165 words. Saved 91%. I'm a bot and I'm open source!
just two pieces of data: the date the target Signal account was created, and the date that it last connected to the service.
And how does Usernames help here? Should be the same 2 data Points and not more?
The idea is that you change or remove your username after someone else starts a conversation with you, so the username can no longer be used to subpoena your account details.
Put another way, signal is able to provide those 2 pieces of information to law enforcement based on a phone number. This helps you to prevent law enforcement having a phone number to ask signal to look up in the first place, assuming you change your username every time you hand it out.
They also hash the usernames that they store on your account which means law enforcement can't ask what usernames are being used, only being able to ask for specific usernames which are currently in use.
I understand that right now LEA can serve up a subpoena and give Signal a username and get a phone number, but they can't give them a phone number and get a username.
Is it also possible for Signal to keep track of past usernames/associated hashes for a particular phone number?
(For comparison, Signal could record IP addresses, but we trust they don't due to unsealed cases. Could they keep a username history?)
My phone number is registered to my phone carrier under my real name. My username is not. Unless I've misunderstood the question.
They don't track username history and don't have a server side list of plaintext usernames, and others can't find your phone number from the username alone. That makes it harder to confirm which account is yours.
Iirc from the last time this article or similar was posted, it's about how warrants are issued. It's the username versus phone number not username versus or and/or other data points. Anything more than that I am still unclear about.
Except only data from servers thy got so far was phone number, registration date and I'm not sure if last login was even a thing.
deleted by creator
Not-a-paywall paywall.
