Our great sponsors
-
Signal-Server
Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Nope. "If Alice registers number X and enables reglock, but Bob later proves ownership of number X (by registering and completing the SMS code), then Alice will be unregistered."
IE, if somone intercepts the SMS code, even with reglock, you can forcibly de-register somone. This means if you use loose access to your phone number, you can easily loose access to your signal account.
https://github.com/signalapp/Signal-Android/issues/12595#iss...
They justify this by saying "The intention of reglock is to prevent hijacking of numbers you actually own, not to guarantee the number for yourself for life", but its way to easy for activists and dissidents to lose ownership (temperately or permanently) of phone numbers for the phone number system to be the backbone identity system for a secure messaging platform
Related posts
- Cap – open-source alternative to Loom
- How to Deploy Directus as a Backend-as-a-Service (BaaS) on Koyeb
- The xz sshd backdoor rabbithole goes quite a bit deeper
- Apple Updates App Store Guidelines to Permit Game Emulators, EU Music App Links
- Butterfly: Powerful, minimalistic, cross-platform, open source note-taking app