Because they're building a private, not anonymous, instant messenger. They've been very open about this.

Spam prevention

Privacy ≠ anonymity

Everything is a balancing act. Privacy, anonymity, and security aren't the same things. They're sometimes, and in some aspects always, difficult to achieve without compromising one of the other two.

When you add in the goal of quick, easy setup to make the service useful in the first place. Doesn't matter how good the service is at the trinity if nobody is willing to use it. Signal just errs on security first, privacy second, anonymity third.

So, you're going to get two schools of thought on this, and one of them is wrong. Horrendously wrong. For perspective, I was a certified CEHv7, so take that for what its worth.

There's a saying in security circles "security through obscurity isn't security," which is a saying from the 1850s and people continually attempt to apply the logic to today's standards and it's--frankly stupid--but just plain silly. It generally means that if you hide the key to your house under the floor mat, there's no point to having the lock, because it doesn't lend you any real security and that if you release the schematics to security protocols and/or devices (like locks), it makes them less secure. And in this specific context, it makes sense and is an accurate statement. Lots of people will make the argument that F/OSS is more secure because it's openly available and many will make the argument that it's less secure. But each argument is moot because it deals with software development and not your private data. lol.

When you apply the same logic to technology and private data it breaks down tremendously. This is the information age. With a persons phone number I can very likely find their home address or their general location. Registered cell phones will forever carry with them the city in which they were activated. So if I have your phone number, and know your name is John Smith, I can look up your number and see where it was activated. It'll tell me "Dallas, Texas" and now I'm not just looking for John Smith, I'm looking for John Smith in Dallas, Texas. With successive breakdowns like this I will eventually find your home address or at the very least your neighborhood.

The supposition made by Signal (and anyone who defends this model) is that generally anyone with your private number is supposed to have it and even if they do, there's not much they can do with it. But that's so incredibly wrong it's not even funny in 2025.

I've seen a great number of people in this thread post things like "privacy isn't anonymity and anonymity isn't security," which frankly I find gobstopping hilarious from a community that will break their neck to suggest everyone run VPNs to protect their online identity as a way to protect yourself from fingerprinting and ad tracking.

It frankly amazes me. Protecting your data, including your phone number is the same as protecting your home address and your private data through redirection from a VPN. I don't think many in this community would argue against using a VPN. But why they feel you should shotgun your phone number all over the internet is fucking stupid, IMO, or that you should only use a secure messaging protocol to speak to people you know, and not people you don't know. It's all just so...stupid.

They'll then continue to say that you should only use Signal to talk to people you know because "that's what its for!" as if protecting yourself via encryption from compete fucking strangers has no value all of a sudden. lol

You have to be very careful in this community because there are a significant number of armchair experts which simply parrot the things that they've read from others ad-nauseam without actually thinking about the basis of what they're saying.

OK. That's my rant. I'm ready for your downvote.

Signal fills an incredibly important spot in a spectrum of privacy and usability where it's extremely usable without sacrificing very much privacy. Sure, to the most concerned privacy enthusits it's not the best, but it's a hell of a lot easier to convince friends and family to use Signal than something like Matrix.

Privacy ≠ Anonymity ≠ Security

Bots. If it makes you feel better, you can disable other people finding you via phone number and just give them your username. All messages are private.

One of the design goals is that they don't have a user database, so governments etc can't knock down their door demanding anything. By using phone numbers your "contacts" are not on their servers but local on your phone.

1. Yes, and in that time you would visit a website with your own IP address likely, likely over HTTP without SSL/TLS, likely with your vulnerable browser fingerprint. Point?

2. Privacy, not anonymity. Two completely different things.

3. Because the way Signal is built hosting it requires a lot of resources (storage especially), so they want spam prevention and fewer accounts per person.

Reduce spam bot accounts and other malware, as well as to allow for user discovery so you can find your contacts more easily. It's not designed to be an anonymous service, just a private one.

SimpleX

The amount of trolls in this thread that either try to spew false information intentionally or just have no idea what they are talking about is insane.

If you are worried about what data (including your phone number) law enforcement can recieve (if they have your specific user ID, which is not equal to your phone number) from the Signal company check this: https://propertyofthepeople.org/... Tldr: It's the date of registration and last time user was seen online. No other information, Signal just doesn't have any other and this is by design.

If you want to know more about how they accomplish that feat you can check out the sealed sender feature: https://nerdschalk.com/...

or the private contact discovery system: https://signal.org/blog/private-contact-discovery/

Also as Signal only requires a valid phone number for registration you might try some of these methods (not sure if they still work): https://theintercept.com/...

I think it's important to remember de difference between being private and being anonymous. Signal IS private. It's not anonymous. The same is true for many other apps/services.

Personally I like to be private. I don't really need to be anonymous.

Signal is not perfect but we control its app, libre software. See SimpleX Chat.

Escaping WhatsApp and Discord, anti-libre software, is more important.

https://jami.net/

Offers the same privacy but is not centralised. it's peer to peer

If you want to be mainstream a) you can't have spammers, scammers, and all the other scum of the earth and b) finding your contacts in the app HAVE TO be plug and play. Literally no normie will bother adding with usernames or whatever.

Maybe I am being too simplistic here. But I have never received a spam message to my XMPP account and I don't know how a spammer would find it.

In a phone-based system a spammer can spam a list of numbers, or use contact lists that are easily shared via phone permissions. There are several low-effort discovery processes.

For e-mail, you get spam when you you input your personal e-mail into forms, websites, or post it publicly.

But for something like XMPP... It seems rather difficult to discover accounts effectively to spam them. And, if it is an actual problem, why not implement some kind of 'identity swap' that automatically transmits a new identity to approved contacts? A chat username does not need to be as static as an e-mail or a phone number for most people.

I just don't see 'spam' as such a difficult challenge in this context, and not enough in my view to balance out requesting a phone number. Perhaps a spammer can chip-in?

It's private but it's not anonymous. they know who is talking to who, but not what they are talking about.

Haven't seen anyone link this here so I'll link it myself

https://dessalines.github.io/...

Some things are outdated, like how you had to give others your phone number (although it's still necessary for signup) but most of these still hold up

I assume ease of use and spam prevention.

I think Signal tries to be at least somewhat attractive to the average person who wants more privacy than just using WhatsApp or whatever. Making it easy to message existing contacts helps a lot with adoption.

They implemented an alt method IIRC but you must go out of your way to search and find it. I just recall seeing a bunch of post headlines about using email or something like that a year or so back.

They send an initial SMS message that is a main expense and funded by some rich person and donations. I think that has some significance to encryption or something but I'm not sure of the details. I could be wrong on that one, it has been years since I read the details.

Is there a quick explanation of what signal actually does? I don't understand the need for a phone number either. Jami doesn't ask for a phone number. It has other deficiencies that make me not want to use it, but those are technical rather than policy, more or less. Similarly, irc (I'm luddite enough to still be using it) doesn't ask for a phone number either. So this is all suspicious. There are a bunch of other things like this too (Element, Matrix, etc.) that I haven't looked into and tbh I don't understand why they exist.

Jami.net

Ignore the comment saying signal is "end to end encrypted" "private" etc They are simply stuck in a delusional state where they try to convince themselves that signal is the best option so they can continue using it. Nothing is private if it isn't fully libre because you never know what the proprietary code is doing. The signal protocol itself has its source code released, and the encryption and security code is publicly available, but the signal Foundation has stated that it uses both free code and proprietary code. Their reason is UI, but it's hard to make sure whatever proprietary code is being used for because you simply can't see it. As GNU puts it: "You're walking in a pitch black cave". Jami is fully libre and is a GNU project. You don't even need any phone number!

thousands of threads on this topic since decades ago.

it's an eternal debate (since signal has no plans to change)

just read the history and join the rest of us waiting for them to change. using signal before that change is completely optional. go ahead and don't use it. no problem.

opening the discussion again is just tiring.

To prevent spam and to allow people who already know each other's number to easily contact over signal. If you want an anonymous account use an online sms activation service paid with monero, personally I recommend smspool.net .

Session is an alternative that does not require, or request, your phone number (or any other identifying information). Honestly, I have no idea why Signal got popular and Sessions did not. As soon as Signal asked for my phone number that set off alarm bells for me and I’ve never really trusted it since.

Is it possible to use a voip based SMS for registration?

Those are a little easier to get anonymously then physical sim cards.

Because it's centralized, I prefer SimpleX.

in the end of the day, the end user needs an id. this is perfect for the everyday user, but obviously if you are writing anti regime articles, you might want to look around for more anonim apps.

Privacy is not necessarily anonymity. Signal uses a phone number to prevent spam and DDOS attacks on their network. Session doesn't do this and got wrecked by DDOS attacks to the point where most of the major groups are pretty much dead.

Use Signal to talk to people you know. That's what it's for. You don't use it for anonymous chats.

I think you can use a pay phone to sign up.

Session is what you want. But you have to directly shares each others public keys to connect

Tried session? Anyone have comments on it? Nice to be able to skip the phone and easily use vpn, though I haven’t spent enough time on that.

Privacy: they know who you are but they don't know what are you doing/when are you doing. Anonymity: they don't know who you are.

There is a lot of FUD here. It's just like anti-vaxxers claiming vaccines make you autistic or have microchips in them: they don't understand what they're talking about, have different threat models, and are paranoid.

Messages are private on signal and they cannot be connected to you through sealed sender. There have been multiple audits and even government requests for information which have returned only the phone number and last connection time.

Anti Commercial-AI license

Because their founder (Marlinspike) is probably under a National Security Letter, maybe it's just that, maybe he's done some crimes they're also holding over him. If you look at his behavior it's that of someone very paranoid that they're going to be found out to be cooperating with the feds and get hit with charges for not upholding the bargain, someone straddling one or two big lies that have to be maintained to keep their life going. Very controlling of things they should be open about if they care about privacy as they claim. But exactly the behavior of someone under an NSL who's terrified of getting hit with charges for that and maybe other things but who is expected to front and run a purported privacy first messenger. The secrecy, the refusal to allow others to operate their own servers, the antagonism towards federation, the long periods without publishing source code updates.

This doesn't necessarily mean that signal message content is compromised, the NSA primarily scrapes metadata and would most care about knowing who is talking to who and to put real names to those people and building graphs of networks of people. Other things like what times they talk can be inferred from upstream taps on signals servers without their knowledge or cooperation via traffic observation and correlation especially when paired with the fourteen eyes global intercept network. With a phone number it's also a lot easier to pinpoint an exact device to hack using a cooperating (or hacked) telecom. Phone numbers can also be correlated to triangulated positions of devices, see who in a leftist protest network was A) heavily sending messages and B) attended that protest and left last and begin to infer things about structure and particular relationships.

And those saying it has to do with spam prevention, that's kind of nonsense. First I still get the occasional spam, second a phone number that can receive a confirmation text is something all these criminal organizations have access to which the average person doesn't. Third it's possible to prevent spam just by looking for people (especially new accounts under 120 days old) sending very small amounts of messages (1-3) to a very large amount of other users especially in a short amount of time. Third there's no reason to keep the phone number tied to the account, a confirmation text could be required with a promise to delete the phone number immediately after (would still be technically useful to the NSA though less useful for keeping track of people changing numbers or using a burner for this who might be higher value targets).

Because they're lying. Corporations, governments, and just people in general tend to do that, ya'know.

Do not trust signal. Mosk advertised it on twitter.

Edit: I only got 11 downvotes yet, so i have to add:

Signal is not allowed in Russia, guess why. Telegram is. yes yes try harder. THINK mf

WhatsApp is obviously not recommended.

I’m not saying don’t use. I’m saying do not trust.