Phone Number Validation vs User Privacy

From Whonix
Jump to navigation Jump to search

The mandatory linkage of the software application with a phone number makes it very likely adversaries can easily link any 'anonymous' use of such applications in Whonix with a user's real identity.

Some applications like Signal and Telegram require the user to provide a phone number for verification.

Even if a secondary phone number is used as a limited workaround. At the time of writing user requests to enable registration with an email account as a possible alternative have been ignored or denied by some developers of such applications. For this reason alone, alternative options like Gajim, and Tox should be investigated instead; see Instant Messenger Chat for further information. Readers are of course free to ignore this advice.

In many cases (such as Signal and Telegram) the number can be different form the device's SIM card; it can be a landline or VoIP number, so long as the user can receive the verification code and possesses a separate device to set up the software. A far safer registration alternative is to utilize a random online phone number, see: Kicksecure logo Phone Number Registration Unlinked to SIM Card The Web Archive Onion Version .

The Intercept: how I got a truly anonymous signal accountarchive.org describes how difficult it is to pass phone number validation.

Chapter Do not Use (Mobile) Phone Verification contains additional crucially important advice.

See also:

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!