Adding a username to a messaging app may seem like a standard feature, but for Signal, such identifiers have traditionally been anathema to its mission of complete privacy and security. The next version, 7.0, will add usernames, but company president Meredith Whitaker explained that this was not as easy a decision as it might seem.
The new feature seems simple enough. When you register your username, it will be displayed in place of your phone number. But why do this when everyone already has a contact name and Signal is completely private anyway?
In an interview on stage at StrictlyVC LA, Whittaker explained the preparations and complexities involved in what they believe is an important new safeguard.
“Let me start with an example. India recently made it mandatory to submit a biometric facial recognition scan to get a SIM card. This is not just happening in India; In a growing number of jurisdictions, people are being asked to provide more and more personal information in order to obtain personal information. In some places, such as Taiwan, some are linked to government ID databases, which are frequently compromised. , which is causing a lot of problems,” she said.
Private data is also available on the private market, but this is less of an issue in the US where burners and SIMs are plentiful. But the trend is accelerating around the world, she said.
“A frequent request from journalists and human rights defenders in conflict zones was: “We love it, but your phone number is a big problem for us.'' Don't share this information You need to be able to talk to people. We need to get into a group of strangers who are not afraid of others hurting it. And you should be able to start a conversation with someone without sharing your phone number. Because again, it's my biometrics and everything else, and a ton of information could be leaked. ”
Essentially, Signal relies relentlessly on the phone number, a durable and increasingly non-private identifier, moving from a legitimate product choice to a serious threat to a significant number of its users. there was. They decided they needed to add an optional layer of obfuscation without negatively impacting usability or security.
“So we basically flipped the architecture inside out to support this, and to support it in a way that I'm really proud of,” Whitaker said.
The key move was to implement usernames without imposing new large-scale moderation obligations on Signal.
“It's a sign that we don't want to be responsible for content, and we're not in the content arbitrage business. But of course, when we use a username, traditionally we use a new name. You're creating a space, right? In effect, you're creating something that has to be surveilled, maybe policed, maybe censored.”
Image credit: Signal
This is an issue that much larger organizations are struggling to deal with, as having millions or even billions of users registering or changing their names can itself be against the rules. . Names are just short strings of characters and can easily become “rainbow bubbles”.Kill everyone[insert slur here]” Impersonation, fraud, and all kinds of issues can happen in the username field just as much as they can in the post and profile fields.
Signal's solution to this is essentially to eliminate, rather than completely stop, the large-scale ways in which these methods cause harm.
“We've implemented a kind of safety design method that allows us to stay true to our principles, which means we just don't take on the work,” Whittaker explained. . But this is more than just completely relinquishing your role as platform owner.
“We're not creating block lists or anything like that to determine what's appropriate and what's not. But we also don't want to create new surfaces that cause harm, right? , we recognize that it can be a real problem. So what do we do? Let us minimize or perhaps eliminate the room for harm. “I’m going to design it,” she continued.
“The username is not a handle. It doesn't appear within the app. It's not something we have a directory for. However, it takes the place of a phone number when initiating contact.” (Signal adds a number to ensure that the selected username is unique.)
In other words, this system is much more limited than public profiles or spam you might receive on other platforms that have a username as the user's legitimate identifier.
Instead, your username provides a way to identify and hide yourself at the same time. Those who request it get all the benefits of Signal's phone number requirements, but with little risk of username abuse. Usernames can only be retrieved upon request, shifting responsibility to the user without compromising their needs or ability to identify.
“I think there's actually a kind of paradigm around secure design with integrity that we're pushing as we add a very important layer of privacy to apps,” she concludes. I attached it.
This new feature will be available in Signal 7.0 clients. “And if you're a beta user, you can access and claim your username right now,” Whittaker added. “If that's all you need.”
You can read the full interview below.