Use of other identifiers than phone numbers

[corbett]

duplicate of #211

[FredericJacobs]

No, it's different. Use of email is different that multiple device ids. Device ids is a protocol level feature where I can have multiple devices tied to my TextSecure identifier (phone number). This issue is about using other textsecure identifiers such as email.

[corbett]

this issue belongs server side in that case for now. marking as blocked

[FredericJacobs]

Yeah, wondering if we should agree on having everything that's common to TextSecure and Signal (likely protocol related stuff) in the server repositories or a new protocol related repo.

[corbett]

I think that we should @FredericJacobs and then create these issues only in the clients when they are ready for implementing client side, the logic being that during discussion etc things will be in flux and we can't already create client side issues on things that may or may not be on the roadmap (this issue quite clearly is somewhere, but for others they may not)

[gerber]

Telegram allows you to add an optional username linked to your phone number/account. With your username, other users can find and contact you without having to know your phone number. The username can be changed at any time; of course, usernames must be unique, the same username cannot be linked to more than one phone number/account at a time.

As noted by @caveman1973 in https://github.com/WhisperSystems/Signal-iOS/issues/83 : Telegram has an interesting implementation of usernames. [Optionally] In Settings you register one that is linked to your phone number. If you do, anyone will be able to find you by your username and contact you – without having to know your phone number.

[mhkeller]

Would this allow you to have multiple accounts on your phone and desktop? If so, this would be a desirable feature. The use case is having Signal Desktop on a work computer tied to one account and Signal iOS that receives messages for multiple accounts.

[gerber]

@mhkeller I think your proposal is a different uses case -- specify what you are looking for is support for two or more accounts in a single client/app (as an alternative to carrying two or more mobile devices).

If you do have multiple iOS/Android devices -- running more than one instance of Signal Desktop works fine today.

This issue is about use of identifiers other than phone number. e.g., usernames, e-mail addresses.

---

Another related issue: https://github.com/WhisperSystems/Signal-Android/issues/1085

---

BTW -- I posted a bounty for this feature, i.e., implementing usernames, or other non-phone number identifiers (three weeks ago): https://www.bountysource.com/issues/3604111-use-of-other-identifiers-than-phone-numbers

[501st-alpha1]

Is there an issue somewhere tracking what needs to be done on the server/protocol side to support this feature? I searched around a little and couldn't find anything (though I'm not sure I know what repo to look at).

[mailinglists35]

is this not happening yet because of lack of design or is it because lack of resources?

[abate]

I'd love to see this feature implemented. This is really holding me back from using signal

[RedSpid3r]

+1 for this. Currently using Telegram as that allows me to bind a username to my cell number, allowing me to chat without sharing my contact info/number (other people only see my username).

This is literally the only reason i use Telegram over Signal

[yuriy-yarosh]

@FredericJacobs @gerber What do you think about adding a Keybase.io auth support with some PGP ?

[tuxayo]

Would patches for this be accepted? (at least on the client, since the server side isn't libre/open source)

[yuriy-yarosh]

@tuxayo there's signal-server and the respective proto binding.

I think that internal motivation of such projects as signal might diverge from people's common needs and expectations. So, probably not... such projects are usually following the needs of their investors or stake holders, even OpenSource ones. Feel free to create a 'yet another fork' because of someone's ignorance.

p.s. I could join you :p

[tuxayo]

there's signal-server

It's not complete right? At some point it was only the TextSecure server that was libre/open source and the RedPhone server was closed-source. So it's not forkable.

I think that internal motivation of such projects as signal might diverge from people's common needs and expectations. So, probably not... such projects are usually following the needs of their investors or stake holders, even OpenSource ones.

I don't think that's the case for Signal. It seems more about having an extreme priority on the most mainstream stuff (because we are facing WhatsApp, Facebook Messenger, Google Hangout's, etc) and giving a very low priority to the rest (like working without Google Play Services)

Given limited resources, although a frustrating strategy (for myself included) that might be a good strategy to make more people use more libre and secure tools. Well there are always categories of users that are frustrated. And for the once it seems to be the most techsavvy and activist ones.

I prefer to have a quite positive view and wish for the best! :)

Anyway, we are getting off topic.

[yuriy-yarosh]

libre/open source and the RedPhone server was closed-source

Well... yeah, in general, you would prefer to write a custom server, with some additional features, from scratch, proto is open - you're good to go. Optionally, with some backwards compatibility. Anyways, a decent high performance chat server with low delays and good performance would require a lot more effort. There is always a room for improvement anyways, both in throughput and availability. Rust with some DPDK and SIMD intrinsics ftw.

I prefer to have a quite positive view and wish for the best! :)

I preferred to have a quite positive view, just before I've dealt with OpenSource projects monetization. Wishing something doesn't help to improve internal policies and become less rigid - willing to embrace changes.

[mailinglists35]

a custom server

SafeSlinger was a promising custom server. You were required to verify the peer before even adding it as a contact. Did not require phone number and you could host your own server. ios and android friendly. Too bad it died when funding ended :(

(sorry for offtopic)

[virtualdxs]

I'd just like to point out that there's a $1000 bounty on this, in case anyone wants to revisit it.

[shanghaiknight]

Because Signal ONLY uses a phone number, no password, no 2 factor, nothing. All anyone needs to know is our phone number, and to spoof the number. We've already seen how Reddit was hacked with SMS... Why isn't anyone concerned with this and Signal? I'm really confused about this. Phone numbers are NOT secure at all.

Almost 5 years since this request was initially made. Why isn't there another way to get a Signal account???

We have a large group of employees living in geographically dispersed area, needing to be in constant contact.
Our concern is the governments of the countries in which we work.

1, if they know our phone number they can verify we have a signal account.

2, because the government controls the phone networks, there's nothing keeping them from spoofing a number, and 'pretending' to be someone else.

Sure we would get a "Verify safety number" but we get those ALL THE TIME, with our large team someone is always upgrading their phone. Each time it happens, we wonder, did the government spoof one of our people? Our people are beginning to ignore those "Verify safety number" notifications...

As a result, we are seriously considering that Signal is not a secure form of messaging at all.

[DiagonalArg]

There is a new and cogent discussion of this on the keybase blog, with some back and forth at Hacker News. I agree with them that I see this problem of resets all the time. At this point I just have to ignore them. Multi-device support (with at least one "device" being a password) is, I think, becoming critical.

I know @moxie0 's busy, but I hope it's ok to flag him on this.

[bcomnes]

Additional phone numbers would be handy as well. I'm moving to another country and now I'm not sure if I want to delete my +1 signal in favor of a +45 one.

[nikdale]

Yeah, you're right @bcomnes ! We want more than 1 account in our Signal app!

[awaitlink]

@michaelkirk-signal Shouldn't this be closed? This is a feature request and it belongs to the community forum per CONTRIBUTING.md.

Moreover, there are already a handful of topics there talking about this: one, two, three, four, probably more.

[michaelkirk-signal]

We don't track feature requests on GitHub, only bugs with existing functionality. Please see https://github.com/signalapp/Signal-iOS/blob/master/CONTRIBUTING.md for details.

The forum would be a better place to discuss new features: https://community.signalusers.org/

[mailinglists35]

what's the point of community forums when you don't respond to feature suggestions over there? for example is multiple devices ever going to happen? you enabled linking ipads but not iphones. what is the technical difference between them regarding Signal?