Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't show contact phone numbers to prevent shoulder surfing #1741

Closed
1 task done
nvemb3r opened this issue Nov 9, 2017 · 5 comments
Closed
1 task done

Don't show contact phone numbers to prevent shoulder surfing #1741

nvemb3r opened this issue Nov 9, 2017 · 5 comments
Labels
Feature Request

Comments

@nvemb3r
Copy link

nvemb3r commented Nov 9, 2017
edited
Loading

  • I have searched open and closed issues for duplicates

Bug description

My contact's phone numbers is visible on the top of the right column above conversations. This can implicate contacts that I talk to if someone happens to be in my vicinity viewing my desktop.

Steps to reproduce

Visible on startup

Actual result: The phone number is immediately visible, w/o warning. Prying eyes will no their contact number immediately.

Expected result: Phone number should only be exposed after the user allows it to.

Screenshots

Platform info

Operating System: Linux Mint 18.2
Browser: Firefox 56

Signal version: 1.0.37

Link to debug log
@leafcutterant
Copy link

Very keen observation. I too would like

  • to have an option to hide/show it, or
  • to have it hidden by default and you have to open the contact's profile (click on their name) to see the actual number.

Keep in mind that the same issue exists in the mobile version as well (at least on Android I can confirm), so it would be consistent to have this work in a privacy-centric way on all platforms.

@scottnonnenberg scottnonnenberg changed the title Shoulder Surfing Concerns Don't show contact phone numbers to prevent shoulder surfing Nov 9, 2017
@kyelbek
Copy link

kyelbek commented Nov 25, 2017

Check response in this ticket:
signalapp/Signal-Android#5277

They refused to do this on mobile at least twice... I don't think that will change in near future.
I also think they should give us an ability to hide mobile number. It would be helpful for example when traveling in public transport.

@leafcutterant
Copy link

I have this strange feeling that the Signal leadership doesn't give a damn about end-point security.

thanks but we're not going to do this

Moxie Marlinspike has been rejecting essential security features like that multiple times, with no explanation. (Just think of all the Github issues where the encryption of locally stored data/messages came up. There were all no-thanks'd by Moxie, closed and disabled for commenting.)

The application is championed as the pinnacle of in-transmission security, which is great, and we can't tell you what to implement and what not. But please, this is supposed to be a "secure messenger". I also find it appalling that there is popular and well-constructed security tool (Signal), and the head developer reacts to obvious security requests in such a non-open way.

@movingtheground
Copy link

A temporary work around would be to create a contact for yourself with your number. It shows up as YourName, Recipient1, Recipient2, etc.

@char char mentioned this issue Oct 4, 2019
Closed
7 tasks
@EvanHahn-Signal
Copy link
Contributor

Recent versions of Signal Desktop hide a contact's phone number unless you explicitly try to view it. Should this issue be closed?

@josh-signal josh-signal mentioned this issue Sep 29, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Request
Milestone
No milestone
Development

No branches or pull requests
7 participants
@scottnonnenberg @nvemb3r @leafcutterant @kyelbek @automated-signal @movingtheground @EvanHahn-Signal