Conversation
Notices
-
MMN-o ✅⃠ (mmn@social.umeahackerspace.se)'s status on Monday, 19-Jun-2017 06:08:32 UTC MMN-o ✅⃠ @b9ace But in that case Skype and/or Google controls the phone number and thus can make account "recovery" (i.e. impersonate me, only requiring my contacts to accept the new fingerprint which is probably a very easy thing to do in "user friendly" software like Signal). -
MMN-o ✅⃠ (mmn@social.umeahackerspace.se)'s status on Sunday, 18-Jun-2017 16:37:21 UTC MMN-o ✅⃠ Is it still not possible to use Signal without a phone number? !security -
MMN-o ✅⃠ (mmn@social.umeahackerspace.se)'s status on Sunday, 18-Jun-2017 16:48:41 UTC MMN-o ✅⃠ The followup question is "what happens if I can manipulate/take over someone's phone number?". -
MMN-o ✅⃠ (mmn@social.umeahackerspace.se)'s status on Sunday, 18-Jun-2017 16:53:05 UTC MMN-o ✅⃠ Fortunately we've got !xmpp for those who realise Signal is crap .] -
donniethedumbass (donniethedumbass@quitter.im)'s status on Sunday, 18-Jun-2017 16:54:27 UTC donniethedumbass @mmn The general discipline is that handing out phone numbers is a security risk. Putting them on a server owned by a nerd with dreads is a self-inflicting wound. MMN-o ✅⃠ likes this.MMN-o ✅⃠ repeated this. -
MMN-o ✅⃠ (mmn@social.umeahackerspace.se)'s status on Sunday, 18-Jun-2017 17:03:52 UTC MMN-o ✅⃠ @donniethedumbass Oh how I wish I had dreads now so I could be offended. -
MMN-o ✅⃠ (mmn@social.umeahackerspace.se)'s status on Sunday, 18-Jun-2017 18:48:33 UTC MMN-o ✅⃠ @galaxis but can I do recovery for someone else if I hijack/access that phone number? I.e. someone loses their phone and I grab their sim card, and all that is needed is that remote users accept the new fingerprint? -
Alexander Bochmann (galaxis@mastodon.infra.de)'s status on Sunday, 18-Jun-2017 19:19:40 UTC Alexander Bochmann @mmn Uh, sorry, after checking the help pages, I'm reminded there is no real account recovery since everything is tied to the phone number. So yeah, if you lose control of the number you can be impersonated, provided your contacts accept the changed safety number.
https://support.whispersystems.org/hc/en-us/articles/212535908
https://support.whispersystems.org/hc/en-us/articles/115005335227MMN-o ✅⃠ repeated this. -
MMN-o ✅⃠ (mmn@social.umeahackerspace.se)'s status on Monday, 19-Jun-2017 06:08:48 UTC MMN-o ✅⃠ @b9ace easy to do by mistake
-