So far, the Signal secure messenger has one weakness: it requires a phone number to authenticate the user. But that will soon change. He already knows how he wants to use the technical innovation.
WhatsApp has evolved over time. Although there would certainly be something to criticize about the world’s most used communicator, almost everyone has it on their smartphone. Signal is its secure and data-saving alternative, which is also growing in popularity. But even Signal isn’t perfect. A frequent point of criticism in his case is the necessity of identity verification through a mobile phone number.
With many other messengers, this is not necessary. Signal is now changing its approach and wants to use usernames instead of phone numbers in the future. What sounds very simple at first glance, but requires a lot of technical effort. It will take several more months of work before the feature can be completed. But Signal explains everything in its blog post.
Contacting without the need to enter a mobile phone number
Until now, it was mandatory to provide a phone number to use Signal. | Source: Shutterstock
If you are a WhatsApp user, you surely remember one of the initial stages after installing the app, when it asks you for permission to access your contacts. It’s no secret that if you give permission, the list is transferred to the provider’s servers and further contacting the addressees, but also you as a recipient, is very easy. With your contacts, you can also immediately see which of them are also using WhatsApp with you. Convenience is high from the user’s point of view, but data protection issues recede into the background.
At Signal, it is our ambition that privacy protection continues to meet high standards. Even so, no obstacles should be placed on users.
Contant Discovery is a basic part of every messenger. Signal wants to show users contacts who also use the service, but it doesn’t want to know what those contacts are. Even Signal asks for access to the user’s contacts during setup. If this permission is granted, hashed phone numbers are transferred to Signal’s servers.
So that Signal’s servers cannot find out which specific phone numbers are stored in the contacts of your smartphone, hashes are assigned in a protected storage, the so-called enclave. These are already good security measures, but a mobile phone number is still not an optimal verification factor. Therefore, additional safety measures are necessary.
Additional security measures
Signal’s new authentication technology makes it possible to use the communicator without a mobile number based on usernames only. | Source: Shutterstock
For example, to prevent data leakage through attacks on the operational memory of Signal’s servers, a technique for masking RAM accesses is being created. Technical details are further described on the Signal blog. It is important for users that additional security with the right technology also brings benefits in speed. Signal is also no longer dependent on mobile numbers as the main authentication parameter.
Instead, users can choose any username and do not have to disclose their mobile phone number. Still, contacts can be searched quickly and safely, without having to worry about data leakage and data compromise.
A very important change after a long time
If the developers pull it off and Signal really does go without a phone number in the future, then it will become unbeatable. Although other applications, such as TeleGuard, already offer this freedom, many people still do not use it. Signal thus holds relatively strong cards in his hand.
Source: The Signal Blog, GitHub/signalapp