Shields Up: Using Signal Without Giving Your Phone Number – Features – Source: An OpenNews project

Shields Up: Using Signal Without Giving Your Phone Number - Features - Source: An OpenNews project:

Using Google Voice (very few countries have it available), and using Twilio. Twilio can be configured to create a virtual number that’ll forward SMS and voice calls to the phone number you registered with — a telephony proxy.

If you’re an international user, Twilio (or Wire, which uses usernames) is the only option here. Twilio costs $20 and acts as a proxy for a virtual phone number to your real phone number. Not exactly an anonymous solution. You’ve simply added a layer.

There are alternatives to consider if you’re going to be spending money, particularly in the mobile app space. For example, a number of mobile apps offer a second number for a recurring monthly fee. Since you need to retain access to the number for your Signal account - essentially squatting it — to prevent someone else hijacking it for *their* Signal account.

There is no perfect secure messaging solution that provides complete privacy protection.

* Signal: Strong e2ee, but requires phone numbers for userIDs. This means it isn’t private, or you’ll end up paying for a second number just to secure and retain the account.
* Wire: Strong e2ee, but it collects and retains a lot of metadata compared to Signal. Your user’s contacts, IP location, device type, plus all the communications based metadata.
* Conversations/ChatSecure: both are XMPP clients that support OMEMO, a variant of the Signal protocol that runs over XMPP. Conversations, in particular, is quite alright on Android. If you stand up a private XMPP server with the correct modules then you’ll have the safest most private option. ChatSecure is hampered by a lot of things that iOS does to limit the capabilities of long running background apps that use network services. So here the problem is that you can’t use the more secure iPhone for your secure chat comms. Instead you have to use Android. CopperheadOS works, but Android has a lot of problems beyond the OS, the hardware is frequently designed as hostile to user privacy.

The ideal solution, as I see it, is to take Wire and be able to stand up private networks. If there was a way to setup Wire servers as private instances, federate with like minded people (eg all hacker houses), then the user will gain control over the data and metadata exposure, which is the biggest issue with Wire.

Signal is basically a PoC for the Signal protocol, sort of a MySpace of secure messengers. Wire has more potential right now, particularly as they’re open sourcing their server which’ll allow third partyWire networks. That’s what we need, that’s what I want.

The other thing is to make new Wire clients. In particular one that has less attack surface and more privacy friendly features.