christopher :verified_gay: on Nostr: in light of npub1qmlar…ymdus soon supporting usernames in the upcoming public ...
in light of npub1qmlark5zym2u576hfmecfaa2els8eln4rxls76z24l3g7pq48rvq2ymdus (npub1qml…mdus) soon supporting usernames in the upcoming public release of 7.0, in the context of operational security for privacy-vulnerable folks, some reason why usernames are better for privacy compared to a phone number:
with a phone number, adversaries can perform an assortment of attacks against a user
a phone number can be tracked back to a carrier, and a carrier possesses a great deal of personal information about the user of the phone number, not including physical location history going back as far as the existence of the user's account
cops, malicious governments, political adversaries, corporations, etc have capabilities to pay for or otherwise get access to this data. look at the history of T-mobile, carriers are not built for security, they are built to make profit
a phone number, 99% of the time, is going to be an actual phone number belonging to an active cell phone
for no-click RCE attack chains (Pegasus), a phone number is a delivery address
given that a phone number has a high probability of being used on an active cell phone, IMSI catcher stalking and attacks are trivial to conduct, and not even to a well-funded adversary. DEF CON talks show how easy it is to build one with open source software
telcos such as T-mobile hire cheaply. it is trivial for anyone to plant an employee who has lookup access into basic data belonging to a cell phone number
it's reasons like this that i write blog posts detailing how to use devices that do not use basebands, aka wifi only devices. for folks who need high security, particularly anti-stalking protections, it's important to compartmentalize a phone number (still required for Signal registration) from the device that employs its use by using digital phone number services; or, at least, registering a SIM card for Signal's activation SMS on a burner phone, activating Registration Lock, and actually burning the phone and SIM. other SIM/account security measures with the telco are also important
with a phone number, adversaries can perform an assortment of attacks against a user
a phone number can be tracked back to a carrier, and a carrier possesses a great deal of personal information about the user of the phone number, not including physical location history going back as far as the existence of the user's account
cops, malicious governments, political adversaries, corporations, etc have capabilities to pay for or otherwise get access to this data. look at the history of T-mobile, carriers are not built for security, they are built to make profit
a phone number, 99% of the time, is going to be an actual phone number belonging to an active cell phone
for no-click RCE attack chains (Pegasus), a phone number is a delivery address
given that a phone number has a high probability of being used on an active cell phone, IMSI catcher stalking and attacks are trivial to conduct, and not even to a well-funded adversary. DEF CON talks show how easy it is to build one with open source software
telcos such as T-mobile hire cheaply. it is trivial for anyone to plant an employee who has lookup access into basic data belonging to a cell phone number
it's reasons like this that i write blog posts detailing how to use devices that do not use basebands, aka wifi only devices. for folks who need high security, particularly anti-stalking protections, it's important to compartmentalize a phone number (still required for Signal registration) from the device that employs its use by using digital phone number services; or, at least, registering a SIM card for Signal's activation SMS on a burner phone, activating Registration Lock, and actually burning the phone and SIM. other SIM/account security measures with the telco are also important