Been using signal for years and love it and got the majority of my contacts on to it. My question is how are usernames useful now? You still need to register with a phone number with signal to limit spam and bots afaik and I’m assuming you should protect your username just like you do your phone number anyways because spam, malicious files/messages, etc… What scenario is this addressing where an average person gives up their username to a stranger? The only one I can think of is online dating or other online interactions like on forums. Just seems this is just more tailored to the people who need to be pseudo-anonymous for whatever reason than an actual privacy feature. Even then for the anonymous people does that mean usernames will be able to be changed?

Tldr: Questioning what scenario does signal’s new usernames address for the average Joe?

  • LWD@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    FWIW if Signal did cooperate with law enforcement for any reason, they could be given the RndoUsr.40 account name and return a phone number, as long as that user was still rocking the username by the time they started looking… Or, I suppose, if Signal servers log those histories somehow.

    Importantly, though, phone numbers cannot be queried for usernames. The data returned from a phone number will be the same as seen on previous FOIA requests.

    From their blog (hard to find because it’s hidden behind ellipsis):

    Usernames in Signal are protected using a custom Ristretto 25519 hashing algorithm and zero-knowledge proofs. Signal can’t easily see or produce the username if given the phone number of a Signal account. Note that if provided with the plaintext of a username known to be in use, Signal can connect that username to the Signal account that the username is currently associated with. However, once a username has been changed or deleted, it can no longer be associated with a Signal account.