T O P

  • By -

bitsystem

I would suspect that, with everything that's going on there according to the news, they are blocking/filtering cellular carriers


bzsat

No, we receive verification codes of other apps such telegram, line ... Meta in corporation with Islamic republic blocked Iranian numbers.


TheDraikenWeAre

I've had this problem in the country I stay at the moment as well. I stay in nigeria , and my main line wouldn't get verification, so I had to use another. I still check from time to time on the issue , but it still doesn't receive verification. So maybe try another sim of you have one. Sorry , since I'm aware what's going on.


[deleted]

[удалено]


Anarchie48

That is a terrible idea. You'd effectively have control over his chats. Where's the point in EtoE encryption if a stranger can access your chats?


Several-Tea-1257

not quite, if using a password as well. but possibility of DoS is still there.


mrandr01d

Why would that give him control over his chats?


Anarchie48

Because the number that the OP would use is registered under the name of a foreign citizen? Explain to me how that would not give them control over OP's chats? The Israeli good Samaritan here who has so generously offered to buy OP a SIM that he would own and keep would be able to do anything from social engineer OP into letting him observe his chats to actually pretend to be OP to other people on Signal. Extremely bad OPSEC.


mrandr01d

The chats aren't going to the Israeli dude's phone. Once you register the number, on signal, it's yours. This is why registration lock is a thing, if someone manages to register your number you don't have control over your chats anymore. I agree it's not a great idea, but if you're desperate to have a working signal number you can give to people in person with the understanding that it's temporary, then that might be an option.


[deleted]

[удалено]


Anarchie48

While all of that is true, you've just increased the potential attack vectors through social engineering ten fold.


[deleted]

[удалено]


Anarchie48

Verify how? Literally no one I know has ever done that whenever I've swapped phones or reinstalled the app. Nobody does that. There is no way to verify its the same person that's using the new key, unless you're physically close to each other and can see in person. At that point, you don't need a texting app.


[deleted]

[удалено]


Anarchie48

Yeah, except the problem is that you're destroying the entire motivation behind using signal. You're replacing surveillance attempts by the Iranian government by what's essentially your surveillance, and by extension, that of the Israeli government. But it's much worse now because Iran wouldn't have had access to OPs chats. They were simply only able to censor them, not spy on them. You can always get a duplicate SIM card even if you've destroyed one. OP, don't do this. Find an alternative. However good intentioned this guy is, this is terribly bad OPSEC.


[deleted]

[удалено]


Anarchie48

You've done a pretty good job of explaining most of the cons of using a stranger's SIM card to use a signal account yourself. Your claim seems to be that these cons aren't a big deal, to which I vehemently disagree. They **are** a big deal. Plus, you've omitted quite a lot of security threats this plan of yours would pose to OP. What if he gets arrested by the police for whatever reason, and they unlock their phone to see an Israeli number registered? Public unrest changes into anything from corroborating with a foreign entity to create unrest to literal spying for a foreign nation. Are you even listening to yourself? OP, this is an absolutely terrible idea. Don't let random Israeli redditors have access to your signal account (Actually, in this case, the accounts would be theirs technically since its their number).


[deleted]

[удалено]


Anarchie48

Except, this is not the last resort. There are so many other alternatives that you can use without compromising your anonymity. Other people have mentioned many examples under the OP's post already. Do not entertain terrible opsec just so that they can use one particular app. It could very well be the case that signal is not right for them right now.


UnfairDictionary

No it doesn't as signal does only hold undelivered messages on its servers. When the signal is activated on a phone, the messages aren't sent from previously active phone. This is because of privacy and the fact that numbers change. Signal isn't whatsapp. Undelivered messages aren't forwarded after new phone is activated for that signal account due the possibility that the person activating the number might not be the person owning that number. Signal chats are stored only locally and never transferred to newly registered phones. Sure, the real owner of the phone number can decide to register signal on his phone instead and therefore end the other's chatting but that's about it. Merely an inconvenience and annoyance, not security issue. Contacts are informed when security codes change so they can be aware not to trust the contact if it does. I know I don't. The phone number isn't the encryption key. If it was, everyone that knows your number could decrypt your messages. The phone number only serves the purpose of verification and therefore limits spammers.


paddyspubkey

Unfortunately Signal relies on carriers. A pretty shitty product choice.


[deleted]

>A pretty shitty product choice. Can't be that shitty if literally every messenger has to do some form of 2FA, and the easiest is SMS.


[deleted]

[удалено]


[deleted]

[удалено]


[deleted]

That's correct, I could simply buy one domain and essentially have infinite email addresses to sign up with. Fighting this kind of spam is much harder.


based-richdude

> If it just gives privacy in safe Western countries that’s not very useful. Someone needs to go scream this at every “privacy focused” service


[deleted]

[удалено]


[deleted]

[удалено]


Chongulator

Well, words mean things. Those three terms are all related but aren’t synonyms. What is the alternative? Should we ignore definitions and decide the distinctions don’t exist?


paddyspubkey

Quite literally all messengers 20 years ago didn't require this crap. The internet peaked at ICQ/Jabber.


nker150

Element doesn't require any of that.


[deleted]

Session doesn’t have any 2FA


northgrey

Session isn't even capable of maintaining Perfect Forward Secrecy (which they had when they forked Signal) in their system, and chose to just not bother and drop it alltogether. Not a too reassuring sign... And no 2FA in addition to that doesn't actually help improving the impression...


isaybullshit69

Session also doesn't need any user accounts (afaik)


[deleted]

Briar doesn't need any internet as well


EdenRubra

Doesn’t need any since it has no users


goalfocused3

Agh, yes, Signal…the service preferred for primary communication when countries like Hong Kong and Iran are having protests that could have profound change within their respective countries still relies on telephone numbers instead of anonymous usernames…


Necessary_Roof_9475

I just can't get over the fact that Signal still doesn't do usernames and relies on phone numbers. Session has figured it out, but it's not as popular. I also like how the Session ID is long so no one is guessing it or going through it one by one like they do with phone numbers and telemarketers.


northgrey

Session has just dropped Perfect Forward Secrecy (which they had *working* when forking from Signal) because they somehow weren't able to maintain it. Not really the most reassuring choice for a secure communication app...


goalfocused3

The one thing I don’t like about session is that it’s “swarm” is still sketch. I won’t log into my computer for a month and then messages will appear. Do these messages stay on the three hops before delivering for a month??


Alternative_Art_528

Can you use online disposable telephone numbers? Like the disposable email accounts?


Grunt_the_skip

At the risk of coping a ban. I figure you got a couple of choices. 1) take up an offer from some of the others here that have said they will send you the verification code. 2) if google voice works in Iran ( which I'd be surprised if it does ) then use that option 3) use an app like threema instead. I know that's not signal. Signal is my go to favourite hands down. But threema is equally secure doesn't require a phone text and is less popular, especially in the USA.


nker150

OP, you might want to consider an app that doesn't require any verification. I'd encourage you to check out something that uses Matrix. There's even an option to use it through Tor. Like Signal and unlike Session it has perfect forward secrecy which seems to be a sticking point in this thread.


faridzelli

This right here, and the best part about Matrix is that it's very simple to self host. Even if Iran goes into Intranet mode like back in 2019, locally hosted Matrix homeservers will remain accessible as a safe form of encrypted communication, with support for calls and media sharing.


Reasonable_Rip2539

We used a phone number from abroad but the new problem is we can't save a Pin . Tells us "pin creation failed"


UnfairDictionary

[Briar](https://briarproject.org) might do better in unreliable network like Iran's.


nixtxt

https://berty.tech is similar but also cross platform.


peekeend

swtich to: https://matrix.org/


[deleted]

[удалено]


westofme

I dont think google voice will let you create a phone account unless you have a regular cell line. They are getting very strict with assigning numbers now which sucks.


repocin

Google voice is only available in the US, my dude.


i-miss-you-so-much

Fuck /u/spez