Signal Messenger Gets Usernames
Вставка
- Опубліковано 21 лют 2024
- In this video I discuss how Signal added the option to use usernames to the beta release of their messaging app and how this can improve user privacy in the app.
My merch is available at
based.win/
Subscribe to me on Odysee.com
odysee.com/@AlphaNerd:8
₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF - Наука та технологія
It's nice you can talk to randoms on the internet privately, without needing to give them your phone number.
Who would have thunk that'd be a good idea
@@bubbleboy821 wtf is thunk?
@@Gadottinho schumgus much?
@@Gadottinhoretarded way of saying thought
Who would have thunk that would be a good idea
fact that signal is really close to the cia headquarters is what scares me.
I know this might be jokingly said, but signals architecture makes data you send over it impossible to be read by the servers, even if the CIA hosted them, also calls on signal use WebRTC which means they don't even go through the server, they are P2P.
Edit: I would like to address a very popular opinion in my replies, something along the lines of "WebRTC is not peer to peer because of the STUN/TURN turn servers".
WebRTC is indeed a true P2P protocol at its core. It enables direct server-less communication between peers. While STUN/TURN servers might be necessary in some cases to overcome network hurdles (initial "handshake"), they don't change the fundamental nature of WebRTC as a peer-to-peer protocol.
This and cocaine is what gets me paranoid
" hey fellow criminals " FIB
@@7heMech Yes but the meta data is often enough.
im pretty sure that on signal, you have the option to connect directly p2p or go through a relay server. the relay server is actually more secure because the person you are calling doesn't get your ip, which signal already has. the calls are e2e anyways.@@7heMech
“The only way of keeping a secret between three people is if two of them are already dead”. 😂😂😂😂😂
even then...i dunno...but yes it works for the example of third parties
Discord: NOOO YOU CAN'T HAVE NUMBER DISCRIMATORS ITS TOO CONFUSING
Based Signal: You can have as many numbers as you want 😎
Tell that to ones who created DNS.
why should I type google com when I just can remember : 2̶͕̰̒ạ̴͐́0̵͙̄̾0̵͈̩̈́̈:̶̩̯̾1̶͓̳̅4̴̻̰̒5̴̥̝̇0̸̟̯̈́̕:̷̱͠4̷̦̀͜0̴̝͕̍͘2̵̟̞͂̓6̵̡͌͠:̸̤̆8̵̘̟̏́0̷̙͍̑̅4̶̩͍͠͝:̵̨͗̾:̷͖̌͊2̵̦̇͋0̴̖̃͝0̶̟͙͌è̷̬ͅ.̴̡͕̃
reddit
@@hwfq34fajw9foiffawdiufhuaiwfhw???
@@hwfq34fajw9foiffawdiufhuaiwfhwdeath
up to 9*
Fast warning
The account public key DOESN'T CHANGE when you pick or change username. If you don't reset it, anyone can check against phone number public keys and dox your phone number
If you want to be fully private on this, unlink all account sessions and reset the account public key by registering via the phone number again
can you explain this a bit more please? i am noob
Same what are keys
Should be top or pinned comment
Yeah I don't get what that means. Sounds important, please explain
he's saying that you can cross reference the public encryption key for a phone number with a username, keys are a pair of encryption codes/cipher that is unique to a user and used the encode and decode data to make it encrypted. they come in pairs, private and public.
Their "2 or more numbers at the end" requirement (along with the non-permanent nature) is genius. It destroys people's motivation to create vanity accounts
LEGIT!!! At least it makes it very hard for unmotivated entities lol
Just please avoid using your birth year
I bet there'll be a land grab for the 69s
@@Knightmare-vc8qgbetter, use a year that isn’t your birth year
Everything ending in 69 will be a prize.
signal instantly jumped from C tier to A tier for privacy
Session = S tier
@@_modiXS stands for slow and unreliable. I really love it but when the majority of the time it fails to send a 2kb file, making me press "resend" 40 times manually. Or when messages either fail to send and leaves you with a barely visible ❌️ icon next to it while making it look like it got sent. Or when a message gets sent out, hours, days or even almost 2 weeks after the send button were pressed... any and all amount of useability goes out of the window.
I used it exclusively for years, it's in a extrimely terrible state for well over a year. now.
I moved to self hosting Matrix (and XMPP on the side) instead. Yes i miss certain features from session but at least using matrix is workable
@@_modiXS stands for slow and unreliable. I really love it but when the majority of the time it fails to send a 2kb file, making me press "resend" 40 times manually. Or when messages either fail to send and leaves you with a barely visible ❌️ icon next to it while making it look like it got sent. Or when a message gets sent out, hours, days or even almost 2 weeks after the send button were pressed... any and all amount of useability goes out of the window.
I used it exclusively for years, it's in a extrimely terrible state for well over a year.
@@_modiX This has its origin in the German word “Stier”, in English: Oxen. Right? ;-)
@MorTobXD Yeah, Matrix is must better at that
I just wish there was a way to use this as a default messaging app again. But most people won't touch it since it's just another niche service to them
Are you sure that's a bad thing? How many things got ruined because the company that owns it wanted to appeal to the normies?
Exactly, normies are dead weight@@Dafuqinator7
same, i also want it as my default messaging app. if they need to differentiate whats secure message and whats not then just do as imessage with the green and blue bubbles.
Ironically I like being able to say "if you arent willing to install an app to talk on the phone, then its ok if we only talk in person"
@@Dafuqinator7 they did it for security reasons but explaining that to the average person just makes me look schizo talking about privacy. I wish there was an SMS parser or something to allow for widespread adoption again as it was nearly impossible to get them to use Facebook messenger before that service went to hell in a handbasket
Anything that helps chip away at Discord's market share is based.
This...isn't doing anything to chip into Discord's market share. Guilded is the closest thing gaming related, and it's not even close to being a problem.
If it ain't storing data for free on the cloud i don't use it
Signal calls leak every user's IP address by default. Now that Signal has usernames, people will share their usernames to others more openly. Someone may call randomly via the username and get the receiver's IP address instantly. From IP address, the user's ISP, their area locations, where they visit periodically with timed calls, etc. can be known to random callers. You can relay the call via Signal servers to avoid IP leak. Check Settings > Privacy > Advanced > Always Relay Calls. This also has drawbacks. The most secure private routing is not implemented by Signal yet.
It'd be cool if they let you save proxy settings for this
The most secure private messenger is SimpleX, imo.
Very useful information
I recently had someone try **hard** to get me onto the signal app. I knew exactly what his goal was, which was to get my number.
Make sure to donate if you're relaying calls, even if it's a tiny amount.
It' a first date. You are not sure they aren't crazy, so you ask to talk via signal. They think *you* are crazy and leave.
crazy broke 🪙
I laughed way too hard at this 😂
Sharing red flags is how you find the love of your life
An important warning: since this is in beta, even if you use the beta, other people outside of it will still see your phone number regardless of your choice. Moreover, signal has a 90-day period in which they maintain compatibility with older versions as of their policy. So even when the update rolls over, people who haven't updated (maybe maliciously) within this 90-day period, will still see your phone number. You should also change your public key.
One thing that could help privacy even more is 1-time invitation links to add new friends on Signal. In that way, no username change would be even needed.
Yeah. Groups in Signal has that already.
Glad they're taking steps towards detaching phones from the service, what stops me from using Signal is the fact it requires a phone with the app installed, which I lack. I ended up settling for Telegram which requires a phone number, but not the app being installed, just the ability to receive SMS
Gentoo user?
wait how does that work in telegram
no session?
Even if I don't care and give them phone number, they can't send me text message. So signal is completely useless for me and for many people.
Waait a minute ! Can anyone explain please because i didn bother use both of that crap with phone number registration. So Signal is actually force you to not just have phone number but also have it on that same device on which its gonna be installed ?
I am mental and an outlaw. Do I qualify?🤔
good one
I am luke and a smith. Do i qualify?
I will quite literally stop using anything but signal if they managed to stop requiring a phone to work.
Even then, it's a centralized server and not self hostable. Not great.
@@Cookiekeks Yes, that's about the only bad thing one can say about signal, which is not too bad since we know exactly what data they store, but its bad in terms that if the server is seized the entire app will go down.
I just dont want to require a phone to use signal, and its the main reason why people use session.
@@Cookiekeks add to that credible high profile cases having had Signal conversations intercepted by intel agencies. I forgot the first one unfortunately but the last one was Tucker Carlson. I know many dismiss the claim because of politics but remember that when authoritarian mechanisms are used is usually against political enemies.
@@ShaferHart Okay but I really wouldn't trust Tucker Carlson about anything. He's a complete moron, chances are he had other opsec mistakes that lie outside of the scope of Signal, like a virus on his computer.
Wow, I've been debating about joining Signal, but from what I've seen here, it sounds like I wanna try it 😂
VERY Knowledgeable MENTAL OUTLAW!!! ❤
Would love it if you did a video on Signal's in-app payment system. Love your channel and haven't seen many other videos on this particular topic from other content creators.
This is an important feature for me. In fact, I use session instead of signal because session already doesn't disclose your phone number (they don't even collect your number).
About time!! I currently have a fever this better not be a fever dream
Nice Trackmania drama reference ya got there. Though I wouldn't notice 😏
Videos like this make me glad I use Signal to basically replace texting with friends.
Nice, I might actually message people with my phone then, as opposed to now where I only take photos of #2's in case anyone steals it.
@MO - Great info.👍
Now we need a privacy keyboard app.
openboard
Just have a Degoogled phone and disable network permission of the keyboard.
florisboard
HeliBoard (on Izzy's F-Droid) is the maintained fork of OpenBoard
GrapheneOS + Openboard 🤷♂️
hi nice video thanks for making these videos.
Only took years for basic privacy functionality, but I'll take it! I'm more concerned about other users than Signal at this point.
about time !!!!!!!!!111
politicians asked. we delivered.
Make a politician, into a povertytician.
~ Lee "Scratch" Perry
I don't understand why they force you to give them your phone number at all
bcus its a honey pot always has been
You dont. It makes no sense, nobody will come to save you. An app that is private . . .haha in your dreams i guess
because they want to know who you talk to, they don't care about the body of the message
Hey loon at that someone with common sense
Probably to stop people from registering too many accounts.
Now this is epic.
Finally something like the old Blackberry Messenger PIN is adopted by these private messaging apps LoL Such a simple concept.
finally this, update is good
The phone thing is why i switched to session for privacy. Also, once signal stopped working as sms there really isn't a point to signal over session. Good luck getting anyone you know to switch to either :\
"your" phone number is not your - it belong to phone company and phone company very cooperative with govt (if not directly belong to) in every country. Many peoples in oppressive countries who try use signal for communication learned this the hard way.
Signal may as well require passport for registration.
Of coarse someone may find some way to register on anonymous phone number from different countries but how many could and would do that? Why force them to do that ?
When they would get that "anonymous" sim card would they use different phone to avoid govt find them in one step trough imei? Would they go to some place where they could not be found trough cameras to receive that damn SMS? or they would do that from their house giving to phone company exact location by it?
Signal app claiming they care about safety and privacy of users require phone number at same time is just a hypocrisy and joke
love your vids bud
Now if only they would allow custom time for disappearing messages. I want the ability to have it longer than 4 weeks
Same. Three months feels perfect.
@@Slugbunny Yeah I'd take that, honestly it's just best to let each individual choose. Should be up to a whole year if two people want that.
Good... I hope this will also lead to the ability to use your same Signal account on multiple phones...
Session betta
Signal... Gensokyo... I see it's dim glow
youkai lives matter
I hope we can have multiple different usernames. I'd like to have one for professional purposes and personal.
Username update is great 👍 The phone number will not be exposed now
It will probably be easier to hide your number from the authorities when you don’t have to share the phone number to use signal (and even block anyone from seeing it) since getting someone’s phone might have them being able to see their signal contacts thereby the persons phone number.
Session hasn't been using the Signal protocol for a long while now
Finally!
The biggest problem with this is it all depends on the infrastructure being completed prior to being investigated. If you're actively investigated, registering a Signal using someone else's phone number and intercepting/deleting the text is effectively child's play for a nation state actor with control over their own communications nodes. So, unless you have face to face talked to someone and ensured that channel is open and them (assuming they aren't being MITMed by a fake server infrastructure) I probably wouldn't consider it valid. It is probably a honey pot.
Nice, very nice.
'bout time.
i love being a beta tester
I prefer being a Sigma tester
sadly when you live in most european countries, like germany in my case, to get a phone number you need to activate it using your ID, so all the feds really need is a phone number and they instantly know who it belongs to.
Just go for a trip to the Czech Republic
steal a phone. or make a voip number
@@SuperSpecies oh don't worry I have a dozen imported romanian sim cards, just wanted to point out the total government control in europe
Could you please make a video about which balaclava do you wear in everyday life? I've only been going to public wearing balaclava for more than a year now, but it can get quite uncomfortable after a few hours. I'm also not allowed to enter certain places such as banks, coffee shops, restaurants and grocery stores, not to mention it's really hard to find a job. I've basically been unemployed for the entire year. I'm a financier by profession with 10 years of experience, but even if they invite me to an interview after I send them my anonymized CV, which doesn't mention my name, my phone number, my home address, my education or my previous employers, they don't let me in wearing balaclava. It's a discrimination and I know I could sue them, but I wouldn't be allowed to wear balaclava in court either. So after a year of not having a job and only buying canned food from a really fishy local convenience store, which is run by a really creepy guy and probably serves as a cover for drug trafficking, this guy told me he could have some job for me and he doesn't mind wearing balaclava, in fact, he requires it. It's supposed to be about debt collection. So things might be turning better for me, but oh boy, is it difficult to stay private these days.
This is a wild read
@@untitled4373babe new copypasta just dropped
Wear a silicone mask instead.
@@progenitor_amborella It may sound hard to believe, but even at the era of LLM, I'm still capable of writing stuff on my own ;)
@@AKuTepion basic military condor balaclavas are very comfortable
Signal is full blown CIA hahah wtf man
I must admit that these deamon clothes are really cute.
someone could create a contact for every possible phone number to find out who is behind a user name. Like phone number brute force.
Extremely BASED days ahead, bois.
You can also sign up with a landline number in case you want a second business acount, nice presentation!!! 👍👍👍👍👍👍👍👍👍👍👍👍
why you gotta flashbang me like that bro?
It's still centralized shyte.
There is zero need for this architecture other than data collection. Decentralization is one possible answer here. For example Keet or Session.
You're right! It's not useless, it's WORSE than useless. Before, when they got subpoenaed, they gave them your phone number back. Now they will give them your phone number AND your username, which WILL link usernames to phone numbers, and now you're de-anonymized. Great fucking job.
5:05 I think the biggest thing I learned from this video is that Ubuntu is pronounced Ooo-Boone-Two and not the Oo-Bun-Tu I've been saying for years.
At one point in my life I pronounced it you-bah-nah-too
@@HSAC.WDTK.DTKT.LFO. wow.
@@HSAC.WDTK.DTKT.LFO.you-bahn-too
the demo had you change bob to alice.89, but the message arrived to the other alice as bob.
Molly enabled it too already
came here to see what is going on with the sos and solar flairs? MO make a community so we can talk to the squad!
I like old fashion proton mail its just simple it works idk i like older stuff i try to stick to whats working if it aint broke dont fix it. No one does email anymore but im 58 so im old
🎉 yeeeey eles chegaram! Mas a verdade precisa ser dita, já tinha passado da hora deles lançarem os nomes de usuário.
Bro , Can u make full depth video on Signal vs molly ? Proprietary vs FOSS
Most of my family stopped using signal when they removed the texting integration. I still strongly disagree with them removing it. It meant that people who cared, had encrypted convos with normies, and people who didn't could jeep texting as usual. But let's be real. I'm not going to make my mom use two different messaging apps.
didn't session abandon the signal protocol in favor of some weird protocol of their own?
They better work on incremental baclups
If numbers aren't at all private y make that the account identification?
Nice
Yeah, still not trusting anything that asks for phone number.
Signal still store phone numbers in SQL Data bases
Man i like to watch this channel so often but i can't discuss here because all my comments get shadow banned or deleted. And i just can figure out why that happens.
Signal is like the WeChat for privacy
Or what WhatsApp is supposed to be
Can someone help me figure this out?
Let say im a journalist. Im getting info in/out of a certain country using signal, which is linked to my phone number. Everything is encrypted, fine..but what stops a situation where somebody on the other end has their phone compromised--and now the adversary is able to link the conversations to your literal number.
If it was Only usernames or email; the other person's phone can be be compromise; but now when they read the msgs, that's it. As long as no identifying info has been discussed, That's where it ends.
This is just one simple example. I'm aware there are clearly better ways of doing things, such as Not having the phone number be your only number;
but I'm very curious about this specific situation-since most people using signal Are in fact using their only number.
Also,
There is somthing weird about how hard they try to keep the the phone number option as if its Absolutely 'needed'. What is even with that?
You're a journalist. You use a burner or several to firewall your sources from being compromised - also on your end. Done.
How much does a prepaid SIM cost? Probably cheap enough for journalist to buy.
@@Slugbunny Thats an obvious work around, yes, but it doesn't attempt to answer the question.
@@SuperFranzs Thats an obvious work around, yes, but it doesn't attempt to answer the question.
One another thing that I'm not confident about. Its servers are centralized, no? Doesn't this mean it might still be vulnerable to DDOS attacks or server shutdowns?
This is why I never used signal, I don't want randos in signal groups having my number.
I hope there will be a way to take advantage of this without having to make a new account. I don't want to have to lose my chats/contacts and have to start fresh.
I asked that same question but nobody has replied. If you're already using signal, if you want the beta, I THINK you need to delete your old account completely and then reinstall the beta version.
@@klwthe3rd No, that doesn't make any sense.
based signal just got even baseder
23 seconds ago, yes please.
Cool now you just need to convince all your family and people you need to be in touch with to use anything that's not whatsapp
Ok law, but what about monero deslisted on binance? what do you have to say about that, sir?
They kept it on derivatives lol, I guess they need that extra fees money still
Tells me Binance is not safe
Chinkance is now officially a glowy owned.
And that Monero is on to something@@nicksjacku9750
How does this work security wise from a "phone Number recycling" perspective, my current number appears to have been used by someone called daisy before i got it on a new contract, calls from debt collectors (and a couple random guys) looking for daisy over the years
Whats your take on DD WRT router FW ? I saw your video on onion router software, but you never mentioned anything about DD-WRT.
Don't waste your time. If you want something secure go straight for opnsense.
Any thoughts on Skiff's shutdown?
Considering signal uses peering servers. Is it truly the best application for messaging ? Remember phones are full of malware, and the software layer can't see communication between the SIM and baseboard.
Convincing normies to switch to siginal is almost impossible. Whatsapp is massive outside the US.
What do you think about Tor based chat "Briar"?
I think he recommended it a few years ago.
tatum bro
Could you also review the session messager?
he reviewed session 3 years ago. search for "mental outlaw session."
The whole Tucker Carlson's plans to interview Putin being leaked from gives me major doubts about Signal.
from what i've seen it looks like his device was compromised not the app itself. doesn't seem to have any implications for signal, beyond the fact that if someone can see what you're doing on your phone e2e encryption doesn't help you
Considering Tucker didn't mention what software they were using, it was probably e-mail or some other boomer stuff.
But, since he had a whole team looking up tickets and ways to get to Russia, the feds found out that way.
Signal is boss. Don't ever change. Software how it should be.
'90s internet advice: "Never give out your personal information because it could end up in the wrong hands"
Current internet advice: "Give every company all of your personal or you are a morally repugnant person and probably a terrorist"
Curious if usernames in the beta will stay secured to stable release on the app store?
Google Voice requires tethering to a cell number now. May as well just get a burner.
Secure phone communications don't exist, even with Signal. Kind of just pissing in the wind.
LMAO 🎉❤❤❤
If you can change your username and it changes the QR code, are you still going to receive messages from the old username in QR code? And if you are that leads to unlimited horrible possibilities for people to exploit this
Cant wait for people to start selling usernames as NFT's 🤦
Can't wait for people to start buying youtube channels as NFT's 🤦
He
He's everywhere
I guess you do actually watch Muta's videos after like farming if you made it here.
I think the numbers at the end avoid this, they are like discord tags, so multiple people can have the same nickname but not the same tag