this post was submitted on 04 May 2026
385 points (99.2% liked)

Privacy

4776 readers
663 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 3 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] AcornTickler@sh.itjust.works 62 points 2 months ago (2 children)

Can't wait to daily-drive a Linux phone with this.

[–] ExtremeDullard@piefed.social 29 points 2 months ago (1 children)

Same here. I desperately want to exit the Android ecosystem and I have a cellphone all setup with UBPorts to do so, but the lack of native Signal client is a showstopper for me.

[–] LodeMike@lemmy.today 2 points 2 months ago (1 children)

You can use something like signal-cli and the desktop app for basically the same thing.

[–] ExtremeDullard@piefed.social 15 points 2 months ago* (last edited 2 months ago) (15 children)

The usability is nowhere near acceptable with a cellphone for daily usage with either or those options, or with the native client in Waydroid because it's not persistent if Waydroid is closed.

Signal with anything other than the official client sucks ass. I know, I tried.

And that's without mentioning that you still need to have the "master" Signal client running on an Android cellphone, which defeats the purpose if you want to ditch Android.

[–] someone@lemmy.today 2 points 2 months ago (1 children)

Yes, Signal is completely unusable unless you're using a phone with a closed source operating system with Signal linked to the phone number.

Even if they are creating a Linux version, I don't trust them at this point and think they are likely creating this as a hacking vector. It took them too damn long to do this, and they have never let people with higher threat models register without a number. The whole thing is sus.

[–] ExtremeDullard@piefed.social 2 points 2 months ago

Yeah I don't trust the Signal people much either. But I don't really care: I use it mainly to share grocery lists, photos of work sites with builders, talk to friends or share non-important photos and videos easily and instantly without paying. And I can tell those who want to contact me to install it, it takes them 10 seconds and it's done. It's not about privacy for me, it's about convenience and not paying the phone company.

That's why I'm not desperate to make it work with silly workarounds like Mautrix/Signal or put up with Waydroid on UBPorts: if it's not convenient, it's not worth it for me.

load more comments (14 replies)
load more comments (1 replies)
[–] pulsewidth@lemmy.world 59 points 2 months ago* (last edited 2 months ago) (4 children)

"To register on Signal Desktop, a phone number will still be required."

Then this is just a whole lot of not much.

Users have been asking Signal to allow accounts to be created without a phone number ever since it was released. I just want to use Signal with my kids who don't have phone numbers, dude. Signal already have usernames and encrypted client-side contacts.. What's the holdup? Why insist a phone number is still required?

[–] quick_snail@feddit.nl 12 points 2 months ago (4 children)

They want to be able to link accounts to your identity, obviously

[–] boonhet@sopuli.xyz 6 points 2 months ago (3 children)

You know, I've been thinking...

Signal's end to end encrypted, yes... But we do the key exchange process through Signal's servers, don't we? How do we know they don't store copies of the keys? Does the client have a mechanism in place to make sure the man in the middle doesn't do anything funny? I haven't actually delved very deep into the code, but it sounds like I should.

And... Sure, their server code may be open source too, but nobody guarantees that that's the code actually running on their servers.

[–] kuberoot@discuss.tchncs.de 3 points 2 months ago

How do we know they don't store copies of the keys?

I don't know how Signal is built, but you can establish a secure communication channel through a channel that's being listened in on, meaning the server doesn't need to ever see the keys. Look up Diffie-Hellman for an example, an algorithm that lets two actors establish a shared secret without communicating enough information to reconstruct the secret.

So if the client uses a secure key exchange algorithm (or straight up asymmetrical encryption) the server can't just grab your keys - you just need a secure way to verify that your keys actually match, because what they could do is a man in the middle attack where they establish a secure channel with you and the person you're messaging, and decrypt and reencrypt messages going both ways, being able to listen in and modify messages.

load more comments (1 replies)
[–] pulsewidth@lemmy.world 3 points 2 months ago (1 children)

My thinking also. Corps/gov can also link identity to emails of course, but it's much harder due to email aliasing and the ease of new account creation.

Mobile phone numbers are far more personal - people generally only have one or two max and generally keep them for very long periods.

If its the true reason, it would make Signal not much better than Meta's WhatsApp, which gleans value from its users by noting metadata tying users to one-another by who they contact, when, and how often to extrapolate social circles and relationships. But Meta goes further in I think also tracking location, etc, and obviously has much more personal data in the linked phone numbers of many FB/Insta accounts.. Signal could potentially be doing some of that to a degree with IP geolocation... Not great.

TLDR: its the one thing stopping me from trusting Signal entirely as a benevolent actor - they want and 'need' your personal phone number. I use it still, as its the best available mainstream option, but I mention this concern when recommending it to those seeking privacy.

[–] quick_snail@feddit.nl 3 points 2 months ago

For me its the blobs. We can't trust anything they do so long as the code they ship isn't 100% open source

load more comments (2 replies)
[–] Kekzkrieger@feddit.org 7 points 2 months ago (7 children)

Cause spamming will get a lot worse once you can just register accounts.

[–] pulsewidth@lemmy.world 3 points 2 months ago* (last edited 2 months ago)

This is real false dilemma that people often raise. There's so many tools that Signal can use to stop spam. Do you get spam email? Almost never - even on E2E email, because reputation blacklisting solved it. Signal already only lets accounts message other users in their local contacts list or added by username.

Examples off the top of my head: If a new account is registered it can have a 'gradual release of abilities' whereby it can only send 3 messages first day, 10 first week, etc. Same for adding users by username. Signal already has spam-account reporting capabilities that block accounts after too many reports. Simple. Solved. And the payoff is that everyone gets complete privacy of who they are during signup.

BTW I already get spam on Signal. Here's the latest from just 2 days ago, know nobody by this name and don't recognize her, standard pretty god-botherer bait profile, user photo looks like AI (light reflection left eye very different to right eye):

15379 15381

load more comments (6 replies)
[–] refalo@programming.dev 6 points 2 months ago* (last edited 2 months ago) (1 children)

The new app design will still be necessary if that were to become a feature, so this is a halfway step either way.

One thing this lets people do is utilize burner numbers without a physical phone tied to it. They can use their provider's web-based UI to receive text messages for the signal confirmation, but can then use the app solely from a desktop.

This also paves the way for an official command-line client, library or SDK that could be used for automation.

[–] pulsewidth@lemmy.world 2 points 2 months ago

Thanks for those pointers. I like the idea of an official CLI for instance to perform automatic regular encrypted backups, or the possibility of interfacing messages to other systems. But I presume they'd have to be careful to avoid opening the door to automated messaging spam bots.

[–] refalo@programming.dev 4 points 2 months ago* (last edited 2 months ago) (1 children)

I just use SimpleX for kid stuff. No phone/numbers necessary, just uses random QR codes as the identifier, makes sharing and setup very easy.

[–] pulsewidth@lemmy.world 1 points 2 months ago

Oh cool, I'll give this a try, I see it's on IOS also. Cheers

[–] Phantaloons@piefed.zip 24 points 2 months ago (1 children)

Finally, Signal will catch up to XMPP.

[–] quick_snail@feddit.nl 15 points 2 months ago

Nah, it still requires a phone number.

XMPP has always won

[–] Stupendous@lemmy.world 16 points 2 months ago

I'm excited but I still detest phone number requirements. Android RCS is a huge improvement over SMS/MMS but what I'm still hoping for is federated end to end encrypted chat to become mainstream. We figured out email, we can figure out text, audio, and video chat

[–] foremanguy92_@lemmy.ml 7 points 2 months ago (2 children)

To register on Signal Desktop, a phone number will still be required. However, this can be either a mobile number or a landline, including basic mobile phones or dumb phones. This will make Signal accessible to users without a smartphone.

What's the point? Something they don't understand is that phone verification only fucked up people, and that spams and big entities have millions of proxies and phone numbers to use and flood the network

load more comments (2 replies)
[–] LodeMike@lemmy.today 6 points 2 months ago (1 children)

Why is it a different version

[–] onlinepersona@programming.dev 3 points 2 months ago (1 children)
[–] LodeMike@lemmy.today 5 points 2 months ago

It seems the headline has bad wording. It's not a new version of Signal.

[–] kadotux@sopuli.xyz 3 points 2 months ago (1 children)

Just install signal-cli :P

[–] someone@lemmy.today 1 points 2 months ago

Or use SimpleX Chat in a terminal instead desperately using some third party github repo to try to access something that tries to identify you based on numbers and hardware identifiers.

[–] tooks@lemmy.world 2 points 2 months ago* (last edited 2 months ago)

Have they brought back SMS?

[–] quantumvoid0@programming.dev 1 points 2 months ago (1 children)

finally, been waiting for a signal desktop-gui for a long time....hope its available on linux

[–] IratePirate@feddit.org 6 points 2 months ago (1 children)

Signal desktop has been a thing for years at this point. On Linux too. However, you could not register it to desktop only. You had to have the mobile app and then register the desktop app, so there was a dependency. This is about to change now.

[–] quantumvoid0@programming.dev 1 points 2 months ago (1 children)

ooo didnt know about that ill try it, i came to hear that WhatsApp is also gonna have a username based system...i dont think thats gonna make it any better

[–] IratePirate@feddit.org 1 points 2 months ago (1 children)
[–] quantumvoid0@programming.dev 1 points 2 months ago (1 children)

whats with big corps messing everything up.... why haven't people switched to FOSS yet

[–] IratePirate@feddit.org 1 points 2 months ago* (last edited 2 months ago)

Plenty of reasons: inertia, vendor lock-in network effect, lack of knowledge or awareness, or plain ol' stupidity.

But on a less pessimistic note: I'm pleased to say that I can reach pretty much all of my contacts via Signal these days. It's reached critical mass where I am.

load more comments
view more: next ›