Hello everyone and welcome to the lemmy.world hacking community! Anything related to hacking is allowed here. but be careful what you say on lemmy. Lemmy is not private and tools already exist to try and identify lemmy users. With that being said I will create a signal group and a session chat group if the community is interested in that. If there is anything at all I can help you with, please don’t hesitate to ask. I will try and have the basic tool repo online by next weekend and then I will open it up to others so we can edit it as a community.
Hack The Planet 🌎 🖥 Explore Endlessly 🔍
Would love having a signal, matrix or telegram group tbh :) Would probably be safer than to talk about it here. Especially if it’s breaking the instances rule 1…
I am not sure that groups would be made like in telegram or matrix for the public to use in Signal until the username feature gets released.
Signal has usernames, they are linked to phone #s though which is signals 1 drawback. Session works similarly to signal except every user is anonymous. Telegram could be used but I just don’t trust them. If it’s what the community wants though, then it’s what we’ll do.
I am pretty sure I’ve seen a comment in GitHub say that you can optionally hide your phone number now that the username is going to be all you need. The username format will be basically like Discord’s “old” username system.
That’s fantastic. I found some more info on the feature: https://signal.miraheze.org/wiki/Usernames
Yeah that. I am surprised you were able to find such a good detailed wiki about Signal. Never saw this before.
I just used Boolean operators and looked for “Signal” “username” or “usernames”. Then that was in the results.
“Usernames aren’t shared on your profile”. This means that while people can use your current username to start a chat with you if they know it at that point, people can’t see your past, current, or future usernames.
This link is not based on your username. Rather, it will contain a (random) UUID (not the account UUID, ACI, or PNI) called a username link handle that simply points to your encrypted username stored on the server. Since the username is encrypted (by your app before uploading it to the server to activate the link), it is likely the link will also contain a (random) key to decrypt the username (this key does not need to be submitted to the server). As such, this link can be created, updated, and deleted independently of your username. This means it may be intended for use as a temporary, throwaway link that you can share with someone without revealing your username or its hash directly (it will only be revealed to them once they look it up). When you delete the link, it can no longer be used to look up your encrypted username and hence contact you in any way and is thus rendered completely useless.
This is amazing. Seems like you can be “anonymous” to the one you’re talking to without revealing your username or your phone number. Though someone that can access the API to get the encrypted username via the UUID in the URL from the server will be able to decrypt the username using the key in the URL. Am I right?
Lemmy is not private and tools already exist to try and identify lemmy users.
What kind of tools? Can you elaborate further?
I can’t find the link to the tool I found the other day. It looked at things like most active user post time and would try to discern things like the users time zone, county they are in, etc. It was a fediverse version of Reddit investigator. If I find the link I’ll update the post with it.
Okay, thanks.
