The third new feature, which is not enabled by default and which Signal recommends mainly for high-risk users, allows you to turn off not just your number's visibility but its discoverability.
That extra safeguard might be important if you don't want anyone to be able to tie your Signal profile to your phone number, but it will also make it significantly harder for people who know you to find you on Signal.
The new phone number protections should now make it possible to use Signal to communicate with untrusted people in ways that would have previously presented serious privacy risks.
A reporter can now post a Signal username on a social media profile to allow sources to send encrypted tips without also sharing a number that allows strangers to call their cell phone in the middle of the night.
An activist can discreetly join an organizing group without broadcasting their personal number to people in the group they don't know.
In the past, using Signal without exposing a private number in either of those situations would have required setting up a new Signal number on a burner phone-a difficult privacy challenge for people in many countries that require identification to buy a SIM card-or with a service like Google Voice.
Now you can simply set a username instead, which can be changed or deleted at any time.
To avoid storing even those usernames, Signal is also using a cryptographic function called a Ristretto hash, which allows it to instead store a list of unique strings of characters that encode those handles.
Amid these new features designed to calibrate exactly who can learn your phone number one key role for that number hasn't changed: There's still no way to avoid sharing your phone number with Signal itself when you register.
The fact that this requirement persists even after Signal's upgrade will no doubt rankle some critics who have pushed Signal's developers to better cater to users seeking more complete anonymity, such that even Signal's own staff can't see a phone number that might identify users or hand that number over to a surveillance agency wielding a court order.
Whittaker says that, for better or worse, a phone number remains a necessary requisite as the identifier Signal privately collects from its users.
That's partly because it prevents spammers from creating endless accounts since phone numbers are scarce.
Phone numbers are also what allow anyone to install Signal and have it immediately populate with contacts from their address book, a key element of its usability.
This Cyber News was published on www.wired.com. Publication date: Tue, 20 Feb 2024 18:43:05 +0000