• Vent@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      From Signal’s blog footnotes:

      Usernames in Signal are protected using a custom Ristretto 25519 hashing algorithm and zero-knowledge proofs. Signal can’t easily see or produce the username if given the phone number of a Signal account. Note that if provided with the plaintext of a username known to be in use, Signal can connect that username to the Signal account that the username is currently associated with. However, once a username has been changed or deleted, it can no longer be associated with a Signal account.

  • Vent@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    Awesome! I love Signal and the lack of usernames has always been one of it’s bigger downsides, especially when comparing against other messaging apps.

  • ArchAengelus@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    9 months ago

    I see this as both a win and a problem:

    As soon as you take away a hard link to a real-life identifier, the sketchy people come out of the woodwork and spread images of child exploitation.

    Signal has not had this problem like some platforms (e.g. Kik), and I suspect two reasons:

    1. Lack of searchable chat rooms
    2. Concrete link to a phone number that anyone who contacts you must know (and make it easy to identify you to authorities)

    Up until now signal has been an excellent secure replacement for text messaging between parties that know each other. I hope they don’t go the “chat groups” route, though I doubt they will. But I suspect this change will make it a preferred way for abusers to exchange images and videos nearly anonymously.

    • N00dle@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      you will still need a phone number to sign up for Signal

      From signals official blog, yes you do