Phone Number Validation vs User Privacy

From Whonix
Jump to navigation Jump to search

Validation12312421.png

Introduction[edit]

Some applications like Signal and Telegram require the user to provide a phone number for verification.

The mandatory linkage of the software application with a phone number makes it very likely adversaries can easily link any 'anonymous' use of such applications in Whonix ™ with a user's real identity, even if a secondary phone number is used as a limited workaround. At the time of writing user requests to enable registration with an email account as a possible alternative have been ignored or denied by some developers of such applications. For this reason alone, alternative options like Gajim, HexChat and Tox should be investigated instead; see Instant Messenger Chat for further information. Readers are of course free to ignore this advice.

In many cases (such as Signal and Telegram) the number can be different form the device's SIM card; it can be a landline or VoIP number, so long as the user can receive the verification code and possesses a separate device to set up the software.

Do not Use (Mobile) Phone Verification.

Phone Number Validation vs User Privacy[edit]

Some applications like Signal and Telegram require the user to provide a phone number for verification.

The mandatory linkage of the software application with a phone number makes it very likely adversaries can easily link any 'anonymous' use of such applications in Whonix ™ with a user's real identity, even if a secondary phone number is used as a limited workaround. At the time of writing user requests to enable registration with an email account as a possible alternative have been ignored or denied by some developers of such applications. For this reason alone, alternative options like Gajim and HexChat should be investigated instead; see Instant Messenger Chat for further information. Readers are of course free to ignore this advice.

In many cases (such as Signal and Telegram) the number can be different form the device's SIM card; it can be a landline or VoIP number, so long as the user can receive the verification code and possesses a separate device to set up the software. A far safer registration alternative is to utilize a random online phone number, see: Kicksecure logo Phone Number Registration Unlinked to SIM Card The Web Archive Onion Version .

Also see: Do not Use (Mobile) Phone Verification.

See Also[edit]