> I think the real question is what "usernames" will look like. There were hints dropped that this could be stronger than a typical username (like what HN has).
Yeah I'm a little upset about this. It is just set up for birthday problems. I'd be happy if it was you handing out a random string or 1-time code and then you pick a username per chat. But a global username identifier isn't anonymous (not any more than a phone number anyways) and I do not believe is a good solution.
Yeah this is in the poll what I call medium anonymity. Honestly I think this is a great step. Even if I don't trust Signal, it is a much better step than the weak anonymity stance.
So choose an identifier that does not... identify you. Or choose not to have a username. I assume that that will be an option, since Telegram has it as well.
Actually there are two main problems I'm referring to. You identified one of them. If I want to stay anonymous, I'm really asking how to compartmentalize chats and groups of people. We have different identities with different groups and use different names with them.
The other problem is actually the act of sharing a username. If my username is "godelski" then yeah, I can share it on HN and Reddit where I use that username. But now I've deanonymized myself to friends and family who can see that username through Signal. Alternatively, if I have a username "not_godelski" then how do I get in contact with someone on HN while maintaining anonymity? If I use share it under this account then those two names are linked forever and that deanonymizes me. I can't create a new account just to share that name because those groups know me by that name. If I can have an infinite number of usernames, that solves the problem, but this isn't practical (even 5 usernames would be problematic and requires a lot of cognitive load, which is antithetical to Signal's philosophy).
There's also a third problem I don't care as much about but I'd assume Signal does. And that's naming collisions. NYT has a Signal number that allows whistleblowers to contact them. What's stopping me from creating the username NYT_Whistleblower and becoming a honeypot?
Edit: Lots of people are saying you can't share contact without revealing your identity. Does a 1-click link not solve this issue? If I post a signal.me/#one-time-code/jdjkerfe2r3rfwseffre5ge5g then I don't see how that would reveal my identity. (I'm also not a fan of "you can't". I can understand this being unsolved, but it feels like there are solutions to this problem)
> Alternatively, if I have a username "not_godelski" then how do I get in contact with someone on HN while maintaining anonymity?
You can't, and I don't think that's a surprising outcome. If you have a non-anonymous identity on one platform, and link it to your anonymous identity on another, then that latter identity is no longer anonymous.
You just can't really mix your anonymous and non-anonymous worlds without de-anonymizing the latter. That's kinda a fundamental property of how anonymity works, isn't it?
There's always going to be tradeoffs when you're dealing with online anonymity.
On the far anonymous end you've got 4Chan style anonymity, no permanent or any ID at all. Keeping track of individual people is nearly impossible. Conversations are chaotic and hard to follow. Pretty solid privacy.
I guess the next step up would be per conversation/thread/group whatever ID, you trade a small amount of privacy for improved conversation, privacy is still pretty good, a poor choice in username or username reuse could prove to be privacy risks.
I guess next up from that would be something like forum style usernames, like hn or reddit where it's persistent across the entire platform, but still doesn't have to be linked to anything permanent or 'real'. It increases the privacy risk again because now, your conversation history can be tracked across time. This does make it easier for more permanent connections to be made between users but does make it easier for sensitive details to be leaked depending on the user's behaviour.
Up from there you start getting into IDs that are linked to real world information about a user. This provides some pretty obvious privacy risks.
Ids linked to phone numbers are a strange case of trying to take an ephemeral ID that in todays world can change quite regularly and use it as a source of info for an ID based on real world information.
Also worth explicitly mentioning SSB-style cryptographic “implicit identity”.
Connecting consists of exchanging public keys (which can be global per person, or compartmentalized per contact/conversation).
Rather than a central server relating messages to the right peers, there’s a global feed where you attempt to decrypt everything and the ones which succeed are obviously addressed at you.
The benefit here is that not even a central server operator like Signal can trivially tie messages or chat identities to peers.
I guess this gives you privacy (for the price of 7e9x-ing your compute/bandwidth effort), but only until you loose control of the private key. Then you get deanonymised completely, don't you?
> There's also a third problem I don't care as much about but I'd assume Signal does. And that's naming collisions. NYT has a Signal number that allows whistleblowers to contact them. What's stopping me from creating the username NYT_Whistleblower and becoming a honeypot?
That's easy; you want an internal identifier for Signal accounts that is unrelated to display name. This is already routine in most places including Discord.[1] Nothing stops you from creating the username NYT_Whistleblower, but that won't be what the NYT advertises to potential whistleblowers.
> Alternatively, if I have a username "not_godelski" then how do I get in contact with someone on HN while maintaining anonymity?
Well, you can't. Revealing your identity necessarily involves losing your anonymity, and I don't understand how you think those two actions could be theoretically separated. If you want to share your Signal identity with someone who only knows you as "godelski from HN", then once the sharing is accomplished they will know that "godelski from HN" and "godelski from HN's Signal username" are the same person. So will anyone who was allowed to watch the sharing.
Perhaps what you want is a single buffer account, where you tell people on HN to contact your buffer account (openly identifying it with yourself), and then you use the buffer account to reveal the identity of your actual account?
[1] Note that there is a tension between having a unique identifier by which Signal knows who you are, and the need for participants in two group chats not to be able to notice that your two usernames in those two chats belong to the same person. Discord is failing at this. To be part of a group chat at all, someone is going to have to have an identifier for you; if you want to maintain cross-chat anonymity, you'll need to be able to generate disposable identifiers that you can give to chat admins.
> I don't understand how you think those two actions could be theoretically separated.
Suppose Signal generates a one-click (or even temporary) link. I can share that link that'll connect. That can accomplish the same thing as a signal.me address. Onetime links are definitely a thing. I'm sure people that know more can share even more creative ways to accomplish this. Someone has to have some fancy ZKP method for initiating contact.
> Perhaps what you want is a single buffer account
I think I covered this in my "infinite accounts" above.
> [1]
Seems to be more easily solved by letting me specify a handle at the per-chat level.
> Nothing stops you from creating the username NYT_Whistleblower, but that won't be what the NYT advertises to potential whistleblowers.
Seems you're passing the buck. Making it a "not my problem" issue and I think this is a big enough problem that it would make platforms like NYT wary of using such a system.
> Seems you're passing the buck. Making it a "not my problem" issue and I think this is a big enough problem that it would make platforms like NYT wary of using such a system.
How? So you've got your account with a display name of "NYT_Whistleblower". Now... how does somebody else find it by accident?
I'm sure you can be creative enough where you can read between the lines and determine a valid username that is a near clash and someone might accidentally use that name instead.
> Edit: Lots of people are saying you can't share contact without revealing your identity. Does a 1-click link not solve this issue? If I post a signal.me/#one-time-code/jdjkerfe2r3rfwseffre5ge5g then I don't see how that would reveal my identity.
Well, if you're under attack, the 1-click link will reveal your identity to the first person to click on the link. But that's entirely different from what you're asking for, which is to reveal your identity to a specific person designated by yourself, regardless of who sees your link first.
The reason people are telling you you can't reveal your identity while staying anonymous is that those are opposite concepts. But if you're not trying to preserve your anonymity against the same person you want to reveal your identity to, you're on the much simpler problem of communicating in a way that is resistant to eavesdroppers. You don't need anything from Signal; you need an encrypted channel of communication with your counterparty.
> Well, if you're under attack, the 1-click link will reveal your identity to the first person to click on the link.
That's true, but much easier to defend against. Since you can talk in a semi-synchronous manner and we can have a high _probability_ that the correct person will be be the one clicking on the link.
So if it works:
Godelski: Hey, let's chat on Signal, my link is signal.me/#one-time-code/jdjkerfe2r3rfwseffre5ge5g
Thaumasiotes: Great!
If it doesn't work:
Godelski: Hey, let's chat on Signal, my link is signal.me/#one-time-code/jdjkerfe2r3rfwseffre5ge5g
Thaumasiotes: Hey, link seems bad
While you're right that there are no guarantees, I don't think that's true for any system. There's only probabilities. Obviously there are other ways to do this along the same lines. I can have a global link that has infinite links (e.g. one I could place under my HN profile) that I can only have there. These strings are much easier to generate than usernames given that with higher entropy you don't have the same likelihood of a birthday clash.
I'm not saying that communicating without revealing your identity isn't a challenging problem. But there are clearly some versions that reveal _more_ than others. Maybe there's no perfect system (I'm not smart enough to know) but there's clearly better ones than others. Standard usernames seems to just be throwing your hands up and giving up.
> you're on the much simpler problem of communicating in a way that is resistant to eavesdroppers
> Godelski: Hey, let's chat on Signal, my link is signal.me/#one-time-code/jdjkerfe2r3rfwseffre5ge5g
> Thaumasiotes: Hey, link seems bad
Sure, that interaction degraded gracefully. But your identity was also permanently compromised; it doesn't make sense to focus on how easy it was for me to say "hey, that didn't work". The reason the link went bad is that you disclosed your identity to someone you were specifically trying to keep it a secret from. This is an unforgivable flaw in the protocol.
>> you're on the much simpler problem of communicating in a way that is resistant to eavesdroppers
> We already have that. It's called E2EE.
Well, no. E2EE is the answer to resisting one particular eavesdropper. What you're trying to get at is called "public key cryptography", the system whereby two strangers can establish a secure channel without relying on an already-existing secure channel. E2EE has nothing to say about establishing secure channels; it just refers to the concept of using one.
Here's the system you actually want:
Godelski: Hey, let's chat on Signal, what's your PGP public key?.
Thaumasiotes: My PGP key is yyyyy.
Godelski: [encrypted for yyyyy: Here's how you can find me on Signal]
But notice that Signal doesn't participate in this exchange. Nor can it. I'm not on Signal, as far as you know; your messages to me have to use some other medium.
> But your identity was also permanently compromised;
Only if I accepted the request. Clicking the link would presumably act the same way as a contact that you don't know. It asks before you accept. So I can wait till you respond.
It seems like you don't want user id as much as you want searchable user aliases (or persona ids). Basically, a private id (linking your clients), where there are multiple public persona ids for "searching" and adding people to conversations.
Users in conversations are linked by (private id and the persona id at creation), where messages get sent between the clients.
Meanwhile, people (or rather private ids) get added to conversations by using the publicly searchable personas (i.e. any globally unique string). Then for the life of that conversation, the persona is sticky. You could even add multiple personas from the same user to the same conversation if that is necessary. For some the persona id could be phone numbers, full names, online aliases, emails, etc.
People can then hand out different personas depending on the context.
It is unfortunate that they seem to be going for user created username. I’d rather have something like ~hkopy-vnhyt randomly generated and given to users with option to try for another randomly generated username if they didn’t like the first.
Quite a bit of code related to usernames has already been checked into Signal. Here's the username regexp and the method that checks if a username is valid: https://github.com/signalapp/Signal-Android/blob/a5e5a735800...