It’s important to maintain control of this phone number. For example, you could use a disposable SMS service to register with Signal — there are many such services if you search for them — but those phone numbers can be used by anyone. Similarly, you should avoid using a public payphone’s number, or a SIM card on which you do not intend to renew service. If someone else can receive SMS messages or phone calls to this phone number, they can take your Signal account away from you.
That risk is not just theoretical. I made a test account (on another service; not Signal) using a free anonymous SMS number. A few months later, the account had been hijacked.
Of course, if it’s a disposable account, then having it hijacked after you’re done with it might be a good thing.
If someone trys to register with an existing number then it wont work if its already being used.
Im not sure on this^
Better to enable a security pin if you are concerned.
The traditional phone system involvement is annoying.
tl;dr the sms verification falls back to voice and they just used a payphone.
I guess if you count the airport full of cameras they went to to do this as “anonymous”, then sure :)
Also this article from 2017 suggests not using this method:
That risk is not just theoretical. I made a test account (on another service; not Signal) using a free anonymous SMS number. A few months later, the account had been hijacked.
Of course, if it’s a disposable account, then having it hijacked after you’re done with it might be a good thing.
Signal has account pins now so I don’t think the attack vector is as large as it used to be
”It’s important to maintain control of this phone number."
I strongly feel that this is false.
Care to elaborate?
If someone trys to register with an existing number then it wont work if its already being used.Im not sure on this^
Better to enable a security pin if you are concerned.
The traditional phone system involvement is annoying.
Got a source for that? There have already been multiple contradicting sources posted saying this isn’t true.
I cant find any information that discusses the security risk. But it would seem that this transfering all content to the owner of the phone number is a standard feature.
So, maybe its not discussed because it doesn’t frequently happen.
It doesnt seem like a trustworthy way to ensure users’ content remains secure.
Update:
https://old.reddit.com/r/signal/comments/8r7tbc/someone_impersonating_me_using_my_old_number_what/
https://support.signal.org/hc/en-us/articles/360007062012-Change-Number
https://support.signal.org/hc/en-us/articles/360007062452-What-do-I-do-if-my-phone-is-lost-or-stolen
https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages