Signal just isn’t as private as its marketing wants you to think it is
A tip (but you do you, of course), use something federated (XMPP!): the time for trusting a central organization to do no harm is over if you have kept tabs of anything internet over the last 40 years or so…
Spammers use fake phone numbers all the time on the regular phone service
The phone calls just use fake caller ID. Caller ID is entirely unauthenticated and the recipient just blindly trusts the sender, so scammers use sketchy VoIP services that let you override the caller ID without actually proving you own that number. Work is being done to improve this: https://www.fcc.gov/call-authentication
That’s means it’s trivial to use a fake number for outgoing calls, but the spammers can’t actually receive incoming calls or texts to those numbers.
More spam messages then, ok…
While Signal did justify the need for numbers by cutting spam prevention I don’t get it…
Spammers use fake phone numbers all the time on the regular phone service so why not on Signal? A few steps too many for them to bother registering?
A few possible answers:
A tip (but you do you, of course), use something federated (XMPP!): the time for trusting a central organization to do no harm is over if you have kept tabs of anything internet over the last 40 years or so…
The phone calls just use fake caller ID. Caller ID is entirely unauthenticated and the recipient just blindly trusts the sender, so scammers use sketchy VoIP services that let you override the caller ID without actually proving you own that number. Work is being done to improve this: https://www.fcc.gov/call-authentication
That’s means it’s trivial to use a fake number for outgoing calls, but the spammers can’t actually receive incoming calls or texts to those numbers.
You still need phone number verification to create an account, that hasn’t changed
So on the privacy front nothing has either. Good to know.
Weirdly, I got a spam message yesterday on Signal. No number - just a username.
I’m on the regular production version - not the one testing usernames.