1 month ago
28
In October 2021, an assistant U.S. attorney issued a subpoena to Signal demanding that the messaging app hand over information about one of its users. Based on a phone number, the federal prosecutors were asking for the user’s name, address, correspondence, contacts, groups, and call records to assist with an FBI investigation. Two weeks later, the American Civil Liberties Union responded on behalf of Signal with just two pieces of data: the date the target Signal account was created, and the date that it last connected to the service.
That’s it. That’s all Signal turned over because that’s all Signal itself had access to. As Signal’s website puts it, “It’s impossible to turn over data that we never had access to in the first place.” It wasn’t the first time Signal has received data requests from the government, nor was it the last. In all cases, Signal handed over just those two pieces of data about accounts, or nothing at all.
Signal is the gold standard for secure messaging apps because not only are messages encrypted, but so is pretty much everything else. Signal doesn’t know your name or profile photo, who any of your contacts are, which Signal groups you’re in, or who you talk to and when. (This isn’t true for WhatsApp, Telegram, iMessage, and nearly every other messaging app.)
Still, one of the main issues with Signal is its reliance on phone numbers. When activists join Signal groups for organizing, they’ve been forced to share their phone number with people they don’t yet know and trust. Journalists have had to choose between soliciting tips by publishing their private numbers to their readers — and therefore inviting harassment and cyberattacks — or setting up a second Signal number, a challenging and time-consuming prospect. Most journalists simply don’t publish a Signal number at all. That’s all about to change.
With the long-awaited announcement that usernames are coming to Signal — over four years in the making — Signal employed the same careful cryptography engineering it’s famous for, ensuring that the service continues to learn as little information about its users as possible.
“Doing it encrypted is the boss level. We had to change fundamental pieces of our architecture.”“Doing it encrypted is the boss level,” said Meredith Whittaker, president of the nonprofit Signal Foundation, which makes the app. “We had to change fundamental pieces of our architecture.”
If Signal receives a government request for information about an account based on an active username, Signal will be able to hand over that account’s phone number along with its creation date and last connection date. So being able to use Signal through usernames doesn’t mean your phone number becomes subpoena-proof — at least not without using the new ability to change your username at will.
That’s because the new Signal usernames are designed to be ephemeral. You can set one, delete it, and change it to something else, as often as you want.
Signal usernames are currently available in Signal Desktop and the beta version of the Signal mobile apps — those will get updated in the coming weeks too. My username is micah.01, if you want to drop me a message.
Signal’s New Phone Number Privacy
With the new version of Signal, you will no longer broadcast your phone number to everyone you send messages to by default, though you can choose to if you want. Your phone number will still be displayed to contacts who already have it stored in their phones. Going forward, however, when you start a new conversation on Signal, your number won’t be shared at all: Contacts will just see the name you use when you set up your Signal profile. So even if your contact is using a custom Signal client, for example, they still won’t be able to discover your phone number since the service will never tell it to them.
You also now have the option to set a username, which Signal lets you change whenever you want and delete when you don’t want it anymore. Rather than directly storing your username as part of your account details, Signal stores a cryptographic hash of your username instead; Signal uses the Ristretto 25519 hashing algorithm, essentially storing a random block of data instead of usernames themselves. This is like how online services can confirm a user’s password is valid without storing a copy of the actual password itself.
“As far as we’re aware, we’re the only messaging platform that now has support for usernames that doesn’t know everyone’s usernames by default.”“As far as we’re aware, we’re the only messaging platform that now has support for usernames that doesn’t know everyone’s usernames by default,” said Josh Lund, a senior technologist at Signal.
The move is yet another piece of the Signal ethos to keep as little data on hand as it can, lest the authorities try to intrude on the company. Whittaker explained, “We don’t want to be forced to enumerate a directory of usernames.”
To prevent people from squatting on high value usernames — like taylorswift, for example — all usernames are required to have a number at the end of them, like taylorswift.89. Once you’ve set a username, other Signal users can start a conversation with you by searching for your username, all without learning your phone number.
Since usernames are designed to be ephemeral, you can set a new username specifically for a conference you’re attending, or for a party. People can connect with you using it, and then you delete it when you’re done and set it to something else later.
There are some cases you might want your username to be permanent. For example, it makes sense for journalists to create a username that they never change and publish it widely so sources can reach out to them. Journalists can now do that without having to share their private phone number. It makes sense for sources, on the other hand, to only set a username when they specifically want to connect with someone, then delete it afterward.
You can also create a link or QR code that people can scan to add you as a contact. These, too, are ephemeral. You can send someone your Signal link in an insecure channel, and, as soon as they contact you, you can reset your link and get a new one, without needing to change your username.
Finally, while you’ll still need a phone number to create a Signal account, you’ll have the option to prevent anyone from finding you on Signal using your phone number.
Can Signal Hand Over Your Phone Number Based on a Username?
Whenever Signal receives a properly served subpoena, they work closely with the American Civil Liberties Union to challenge and respond to it, handing over as little user data as possible. Signal publishes a post to the “Government Requests” section of their website (signal.org/bigbrother) whenever they’re legally forced to provide user data to governments, so long as they’re allowed to. Some of the examples include challenges to gag orders, allowing Signal to publish the previously sealed court orders.
If Signal receives a subpoena demanding that they hand over all account data related to a user with a specific username that is currently active at the time that Signal looks it up, they would be able to link it to an account. That means Signal would turn over that user’s phone number, along with the account creation date and the last connection date. Whittaker stressed that this is “a pretty narrow pipeline that is guarded viciously by ACLU lawyers,” just to obtain a phone number based on a username.
Signal, though, can’t confirm how long a given username has been in use, how many other accounts have used it in the past, or anything else about it. If the Signal user briefly used a username and then deleted it, Signal wouldn’t even be able to confirm that it was ever in use to begin with, much less which accounts had used it before.
If the Signal user briefly used a username and then deleted it, Signal wouldn’t even be able to confirm that it was ever in use to begin with.In short, if you’re worried about Signal handing over your phone number to law enforcement based on your username, you should only set a username when you want someone to contact you, and then delete it afterward. And each time, always set a different username.
Likewise, if you want someone to contact you securely, you can send them your Signal link, and, as soon as they make contact, you can reset the link. If Signal receives a subpoena based on a link that was already reset, it will be impossible for them to look up which account it was associated with.
If the subpoena demands that Signal turn over account information based on a phone number, rather than a username, Signal could be forced to hand over the cryptographic hash of the account’s username, if a username is set. It would be difficult, however, for law enforcement to learn the actual username itself based on its hash. If they already suspect a username, they could use the hash to confirm that it’s real. Otherwise, they would have to guess the username using password cracking techniques like dictionary attacks or rainbow tables.
Why Does Signal Require Phone Numbers at All?
Signal’s leadership is aware that its critics’ most persistent complaint is the phone number requirement, and they’ll readily admit that optional usernames are only a partial fix. But because phone numbers make it simpler for most people to use Signal, and harder for spammers to make fake accounts, the phone number requirement is here to stay for the foreseeable future.
Signal doesn’t publish how many users it has, but the Android app boasts over 100 million downloads. It has achieved this scale largely because all you need to do is install the Signal app and you can immediately send encrypted messages to the other Signal users in your phone’s contacts — based on phone numbers.
“You reach a threshold where you’re actually reducing privacy.”This ease of use also makes Signal more secure. If Signal removed phone numbers, making it more difficult for Signal users to find each other compared to using alternative messaging apps, there could be a price to pay. “You reach a threshold where you’re actually reducing privacy,” Whittaker said. She gave an example of a person who faces severe threats and normally maintains vigilance but whose mother is only on WhatsApp because she can’t figure out the numberless Signal. The high-threat person would be stuck using the less secure option more often.
Requiring phone numbers also makes it considerably harder for spammers to abuse Signal. “The existence of a handful of small apps that don’t really have a large scale of users, that don’t require phone numbers, I don’t think is proof that it’s actually workable for a large-scale app,” Whittaker said.
It’s entirely possible to build a version of Signal that doesn’t require phone numbers, but Whittaker is concerned that without the friction of obtaining fresh phone numbers, spammers would immediately overwhelm the network. Signal engineers have discussed possible alternatives to phone numbers that would maintain that friction, including paid options, but nothing is currently on their road map.
“That’s actually the nexus of a very gnarly problem space that I haven’t seen a real solution for from any alternatives, and we would want to tread very, very cautiously,” Whittaker said. “There’s one Signal. We’re the gold standard for private messaging, and we have achieved critical mass at a pretty large scale. Those things couldn’t easily be recreated if we fuck this up by making a rash decision that then makes it a spammy ghost town. That’s the concern we’re wrestling with here.”
The post Signal’s New Usernames Help Keep the Cops Out of Your Messages appeared first on The Intercept.
