Introducing usernames and phone number privacy on Signal!
We’re making it possible for people to connect with each other without having to share phone numbers. Now launching to beta users, available for everyone soon.
@signalapp it seems you have not publicly documented how the usernames feature works in terms of the back-end.
If the Feds subpoena Signal with a username, what data will they get from you? Will they get the user’s phone number? In reverse, if the Feds subpoena a phone number, will they get the associated username? What about one’s history of numbers/usernames?
@yawnbox Signal server can lookup ACI (account identifier) by username because this is what Signal client asks it for:
https://github.com/signalapp/Signal-Server/blob/4aa42466952ad81a6a48e8fa71ad5c456e71a022/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java#L382
getAccountIdentity always returns E164 (phone number) given the ACI:
https://github.com/signalapp/Signal-Server/blob/4aa42466952ad81a6a48e8fa71ad5c456e71a022/service/src/main/java/org/whispersystems/textsecuregcm/grpc/AccountsGrpcService.java#L88
Looks like the server can lookup phone number by username.
@yawnbox @signalapp
I also wonder if ACI is visible to group members or do they only get access to some indirect identifiers. This is not something obvious from the API, need to dive deeper into the code to find out. Invisible in the UI unique identifier trackable across groups has already caused a lot of real problems for Telegram users, hopefully Signal does not repeat this mistake, visible phone numbers are sometimes better than this.
It is confirmed that Signal can convert usernames to phone numbers: https://theintercept.com/2024/03/04/signal-app-username-phone-number-privacy/
> If Signal receives a subpoena demanding that they hand over all account data related to a user with a specific username that is currently active at the time that Signal looks it up, they would be able to link it to an account.
@yawnbox @signalapp
@micahflee