Signal Group Chat
-
@stacksofplates said in Signal Group Chat:
Both of course require hacking. How do you intercept a 2FA code without hacking?
By getting the SIM card, being assigned the number, or being in a place like where I worked that all calls and texts going through a third party that reads them first.
-
Yes the window of time to take advantage of SMS based 2FA might be small, but it's definitely no so small that a bank account couldn't be drained by a bot in 1/2 second.
-
There is probably some security that I'm missing here. And I realize that you can often disconnect things after the fact. Which realy just makes it odd that you need a phone in the first place. But if the phone number is used for any ID and verification, that means that if someone gets your old number, and they just test out one of these services, it will hook up to your account automatically and authenticate directly to them, right?
-
@scottalanmiller said in Signal Group Chat:
There is probably some security that I'm missing here. And I realize that you can often disconnect things after the fact. Which realy just makes it odd that you need a phone in the first place. But if the phone number is used for any ID and verification, that means that if someone gets your old number, and they just test out one of these services, it will hook up to your account automatically and authenticate directly to them, right?
There is an article on Signal website about changing numbers..
Once you sign up, you add all other devices using QR code from an existing device.
But Telegram as a chat app overall looks way better. Hadnt tried it in a couple years.
-
@scottalanmiller said in Signal Group Chat:
@stacksofplates said in Signal Group Chat:
Both of course require hacking. How do you intercept a 2FA code without hacking?
By getting the SIM card, being assigned the number, or being in a place like where I worked that all calls and texts going through a third party that reads them first.
Uh two of those three are hacking. “Getting the SIM card is the same as “getting the password”. And a multimillion dollar infrastructure to MITM is exactly hacking.
-
@scottalanmiller said in Signal Group Chat:
@tim_g said in Signal Group Chat:
So if I'm registered on Signal with my phone number, as I am now, how is someone going to use my phone number to intercept my messages? Would they have to hack in to T-Mobile reroute things?
What if they get your SIM card? And, sorry, but I worked a job where they intercepted all phone calls and texts both for employees and the employees of GE who shared the building. Phone calls are not secured, nor are phone accounts. It's "whoever has physical access to the SIM card or the cellular node."
In the real world, I've known thousands of people with their phone calls and texts intercepted most of the time, and that was just the parts we knew about. It's now public that the police intercept that, too.
There is no need to hack T-Mobile or do anything crazy. Phones simply don't have that security to need to work around.
If someone steals me phone I have bigger things to worry about. They would have to know I'm using signal, then use my SIM card in another phone and set up signal again.
If someone stole my phone I would deactivate or disable my SIM card anyways.
Nobody is intercepting my signal messages. It's my personal number and my employer has no control.
I wouldn't consider your worries realistic for the majority. They are more niche that don't really apply to most people.
-
@tim_g said in Signal Group Chat:
@scottalanmiller said in Signal Group Chat:
@tim_g said in Signal Group Chat:
So if I'm registered on Signal with my phone number, as I am now, how is someone going to use my phone number to intercept my messages? Would they have to hack in to T-Mobile reroute things?
What if they get your SIM card? And, sorry, but I worked a job where they intercepted all phone calls and texts both for employees and the employees of GE who shared the building. Phone calls are not secured, nor are phone accounts. It's "whoever has physical access to the SIM card or the cellular node."
In the real world, I've known thousands of people with their phone calls and texts intercepted most of the time, and that was just the parts we knew about. It's now public that the police intercept that, too.
There is no need to hack T-Mobile or do anything crazy. Phones simply don't have that security to need to work around.
If someone steals me phone I have bigger things to worry about. They would have to know I'm using signal, then use my SIM card in another phone and set up signal again.
If someone stole my phone I would deactivate or disable my SIM card anyways.
Nobody is intercepting my signal messages. It's my personal number and my employer has no control.
I wouldn't consider your worries realistic for the majority. They are more niche that don't really apply to most people.
Its the only app I would trust if I wanted to break the law or do anything scrupulous.
I know a lot of politicians are using it these days, lol.
-
You all are fucking stupid.
This entire conversation is going south because @Dashrender is continually conflating shit.
Initial authentication via phone has nothing to do with ongoing security of a service and has nothing to do with a number changing.
@scottalanmiller’s obsession with a phone number not being valid is also just stupid, accurate, yes, but still stupid. Yes some people dispose numbers left and right, but those people are the minority of wireless users.
It also an irrelevant argument because there is no global standard unique identifier that could work for all people. For people with a number that does frequently change, they will have to find and accept the use of some other solution.
I have never heard of any good reliable solution for this that does not tie into one of the existing large content providers such as Google or Facebook.
If you want to continue to rail against the solutions that exist, but rely on a phone number for verification, then provide a concrete example of another robust solution.
-
@jaredbusch said in Signal Group Chat:
@scottalanmiller’s obsession with a phone number not being valid is also just stupid, accurate, yes, but still stupid. Yes some people dispose numbers left and right, but those people are the minority of wireless users.
In the US, yes. But in the rest of the world, most of the world, numbers are fluid.
-
@jaredbusch said in Signal Group Chat:
It also an irrelevant argument because there is no global standard unique identifier that could work for all people. For people with a number that does frequently change, they will have to find and accept the use of some other solution.
But email is that today.
-
@jaredbusch said in Signal Group Chat:
If you want to continue to rail against the solutions that exist, but rely on a phone number for verification, then provide a concrete example of another robust solution.
But we did. Email is more secure, tied to a person, and universal.
-
@scottalanmiller said in Signal Group Chat:
@jaredbusch said in Signal Group Chat:
@scottalanmiller’s obsession with a phone number not being valid is also just stupid, accurate, yes, but still stupid. Yes some people dispose numbers left and right, but those people are the minority of wireless users.
In the US, yes. But in the rest of the world, most of the world, numbers are fluid.
I've had 4 different numbers phone numbers while in Europe - I no longer have any of those numbers. it so cheep to just buy a SIM with 2 GB of data (like $10-20) versus using US based service (with exception of TMo and Google-Fi).
-
@jaredbusch said in Signal Group Chat:
You all are fucking stupid.
This entire conversation is going south because @Dashrender is continually conflating shit.
Initial authentication via phone has nothing to do with ongoing security of a service and has nothing to do with a number changing.
@scottalanmiller’s obsession with a phone number not being valid is also just stupid, accurate, yes, but still stupid. Yes some people dispose numbers left and right, but those people are the minority of wireless users.
It also an irrelevant argument because there is no global standard unique identifier that could work for all people. For people with a number that does frequently change, they will have to find and accept the use of some other solution.
I have never heard of any good reliable solution for this that does not tie into one of the existing large content providers such as Google or Facebook.
If you want to continue to rail against the solutions that exist, but rely on a phone number for verification, then provide a concrete example of another robust solution.
Ya I know better, it’s my fault lol.
-
@scottalanmiller said in Signal Group Chat:
@jaredbusch said in Signal Group Chat:
If you want to continue to rail against the solutions that exist, but rely on a phone number for verification, then provide a concrete example of another robust solution.
But we did. Email is more secure, tied to a person, and universal.
Email is not tied to a perosn, is certainly not universal, and is certainly not more secure.
-
@jaredbusch said in Signal Group Chat:
@scottalanmiller said in Signal Group Chat:
@jaredbusch said in Signal Group Chat:
If you want to continue to rail against the solutions that exist, but rely on a phone number for verification, then provide a concrete example of another robust solution.
But we did. Email is more secure, tied to a person, and universal.
Email is not tied to a perosn, is certainly not universal, and is certainly not more secure.
Email is designed to be tied to a person and is always an option. Telephone numbers are never that, always a device. Email is more universal that phone numbers. Email is way more secure, it at least gives the end user the option of security.
-
@dashrender said in Signal Group Chat:
@scottalanmiller said in Signal Group Chat:
@jaredbusch said in Signal Group Chat:
@scottalanmiller’s obsession with a phone number not being valid is also just stupid, accurate, yes, but still stupid. Yes some people dispose numbers left and right, but those people are the minority of wireless users.
In the US, yes. But in the rest of the world, most of the world, numbers are fluid.
I've had 4 different numbers phone numbers while in Europe - I no longer have any of those numbers. it so cheep to just buy a SIM with 2 GB of data (like $10-20) versus using US based service (with exception of TMo and Google-Fi).
Ah, but did your ‘home’ number go away? No. These were temporary disposable numbers you intentionally never wanted to keep.
This has no relation to the majority of normal users in those countries. They do not change numbers every other day. They, like you, have their primary number that they keeps for long periods of time. Otherwise people would be 7nable to contact them easily.Of course that does not preclude those that burn nu,bears and phones, but again, these are not the majority of users.
-
@scottalanmiller said in Signal Group Chat:
@jaredbusch said in Signal Group Chat:
@scottalanmiller said in Signal Group Chat:
@jaredbusch said in Signal Group Chat:
If you want to continue to rail against the solutions that exist, but rely on a phone number for verification, then provide a concrete example of another robust solution.
But we did. Email is more secure, tied to a person, and universal.
Email is not tied to a perosn, is certainly not universal, and is certainly not more secure.
Email is designed to be tied to a person and is always an option. Telephone numbers are never that, always a device. Email is more universal that phone numbers. Email is way more secure, it at least gives the end user the option of security.
Only from your point of view. I know many people with single shared email accounts. But they all have their own cellphone with a unique number. And this is in the U.S.
No one is arguing that a phone is tied to a person rather than a device. But I am stating that your claim that just because it is a device is not any less identifiable than email is.
Email is horribly not a secure medium and was never originally designed to be.
-
@scottalanmiller said in Signal Group Chat:
@stacksofplates said in Signal Group Chat:
Both of course require hacking. How do you intercept a 2FA code without hacking?
By getting the SIM card, being assigned the number, or being in a place like where I worked that all calls and texts going through a third party that reads them first.
This is an irrelevant issue. Anyone working in such a place that needs to make this type of verification knows that it cannot be done while at work.
This is also an exception that affects such an insignificant amount of people that it basically does not exist.
-
Was a signal group ever started? I am in
-
@irj said in Signal Group Chat:
Was a signal group ever started? I am in
The Telegram app was just way better
