Reminder that while apps like signal are more convenient for every day use, if you want to have a way to message certain people when communications are being blocked, you should setup Briar[1] with your friend group. It connects over Tor when you have internet access, but can also pass messages ad hoc over WiFi or bluetooth, so that messages can be distributed across a group.
I want to love these things but the first one appears to be unfinished, and the second has hardware you have to assemble and then depends on an android app that appears to be quite flaky from the reviews. I would very much like a radio enabled encrypted communications system to complement Briar, but both of these look extremely iffy currently.
Since there is no obvious disclaimer on the page, I'll add one here for good measure: In most jurisdictions, broadcasting on long-range frequency bands is not permitted without a license. I absolutely encourage people to get involved in this topic, but don't forget to check your local regulations.
Regarding regulations LORA tries to address that problem, from Wikipedia:
LoRa uses license-free sub-gigahertz radio frequency bands like 433 MHz, 868 MHz (Europe), 915 MHz (Australia and North America), 865 MHz to 867 MHz (India) and 923 MHz (Asia).
There should be a really wide (geographically), and at the same time not too sparse network of Briar users for sending messages with it to make sense practically.
This one person--with no people responding "also me!"--says they were logged out of multiple services in different jurisdictions at once, so while the underlying issue of a login mechanism somehow tied to SMS access is certainly an issue, I personally, so far as makes sense from this one data point, find it unlikely that this had anything to do with the coup.
If you're logged into at least one device with telegram, the sign in code for the a device first comes to the logged in device, instead of coming via SMS. The 6 digit code comes from a verified 'Telegram' account over the internet, thus avoiding the security or connectivity issues of SMS.
Did Signal give solid reasoning for disallowing accounts and usage without an attached cell phone number? (I assume the question comes up frequently, but I don't know the answer)
Using phone numbers as identifiers for encrypted messages is the core feature of Signal. It was marketed from day one as a drop in SMS replacement. Initially it even used SMS as the transport for encrypted messages. It was literally called "TextSecure". This is why I have always found the attacks on it using phone numbers to be amusing.
The problem is that in the years since Signal was launched like that, more and more countries around the world are requiring you to show ID to buy a SIM card, and then a copy of that ID is made and sent on to the authorities. So, the state has a one-to-one correlation between phone numbers and individuals, and so it can see who is using Signal.
So? Signal is just a messaging client. The goal of Signal is to get it widely used by as many people as possible, so that it's a totally normal thing to have on your phone.
If a country has gotten to the point that you would be targeted just for having an app installed, just changing to usernames wouldn't be enough, as users could be easily detected through network logging (thanks AWS and Google for killing domain fronting [0]). Your usecase sounds like it needs an app like Briar.
It's pushed as a secure messaging client, and so when it doesn't meet the standards for that people will mention it so potential users have the information needed for a risk assessment.
This is the core routing issue. If you don't have centralized system to locate a "user", then the only alternative is to broadcast all messages to everyone, which is not a scalable solution.
Actually, there must be methods for distributed routing. How does TOR finally map a hidden service to an IP address?
Maybe there can be a dynamic DNS service for user accounts on an anonymous messaging network?
From what I gather, the phone number is only used for identification of a user account. Can't exactly remember where I came across this information (probably an ama from their team on reddit) but Signal have recently said they are looking for ways to make the above not a requirement for its users.
I don't see this sim lockdown being a problem unless you want to create a new account or for some reason your account has been logged out requiring 2FA. In my understanding, telegram also asks for SMS for 2FA on re-login. Though the 2FA code will be simultaneously sent to any other device you've logged the account in.
Unfortunately in many countries even prepaid SIM cards are directly tied to government ID verification. I know this has been discussed many times, but I agree that it would be nice to be able to use Signal for secure communications without a phone number.
I find it interesting that Germany is one country which does this. A country which has strict privacy regulations and people prefer to use cash rather than cards, but they are happy to carry a device which can track their every movement and is tied to their government identification. This isn't an EU thing, there are quite a few EU countries where you can buy and activate a SIM without any ID.
Have there been any cases where the people have spoken out against such regulations, and they have been reversed?
Horse hockey. They'll still do the same thing, there'll just be larger networks of individuals who activate a SIM and then swap it with someone else. The terrorist excuse is no excuse at all. It's just a pragmatist's paving stone on the path to hell and tyranny.
I wonder what caused force log out in the first place? I have a Signal account logged in and then SIM card was removed from the phone, and Signal still works (of course I'm not in MMR).
This is why using multiple burner SMS accounts from various countries, I understand why most apps use filters of known SMS numbers but this is why this can be a pretty big deal.
Sometimes you can get logged out going from wifi to LTE/mobile data on either of those apps, I have had that happen, and this can create issues like this which means you will have to create another account and may not have your contact list etc... which is impossible if you're trying to use your mobile number you use.
It's kind of crazy that all of our over-paranoid back ups and ad-hoc solutions have been so damn necessary for even the normal person in the last 10 years, be it PgP, burner sms numbers, cryptocurrency, apps like TG and Signal etc...
As some have mentioned Moxie said he wants to move away from phone based accounts, and now that Elon sent him a ton of new users from all walks of Life that this may need to be accelerated, which from what I garnered from his podcast with JR it's just not well staffed and is in need of some your guys' talents.
> It’s difficult to get burner SMS numbers and also to activate a SIM from abroad.
Agreed, to an extent.
But not if you know how to do the legwork; I have 4 active Telegram/Signal accounts on sveral devices using apps that allowed me to register and acquire a US/EU based mobile number.
I completely lost al ofl those passwords and access to those old numbers (didn't use them after activation years ago) but it certainly is possible if you do the legwork.
I’m not sure. For the record, it could just be a bug or an unexpected edge case, not necessarily a specific government intervention, but regardless it does seem more fragile than it should be considering Signal’s ethos.
Not sure if this is relevant but the Tatmadaw are majority owners of Mytel, which has one of the largest networks in subscriber base and hardware infrastructure. They never really gave up control of Myanmar in a strategic sense.
Threema does not have this issue. If it would be free it would be a better choice as it does not need a mobile number. For people in the west the cost is so low but still many refuse because it 'should be free'.
Seems like a major weakness if your local government can somehow just log you out of your secure messaging platform.