Why are phone numbers a privacy problem?
September 13, 2021 / Alex Linton
Phone numbers are not private. Using your phone number can put your privacy at risk. If you’ve spent much time around the privacy movement, you’ve probably heard countless people lament the privacy shortcomings of phone numbers. It’s a huge problem, and phone numbers remain the achilles heel of plenty of privacy-focused apps such as Signal and Telegram. Avoiding phone numbers was one of our core design goals from the very beginning, and anonymous sign-up is one of Session’s most-loved features. But because the opinion that phone numbers are a major problem is so widespread, sometimes people don’t stop to explain it.
For a long time, phone numbers were just a piece of contact information. You might trade numbers with friends in the schoolyard to call them later that night, or a hospital so they can call you up with your test results. There was an obvious connection between the utility of a phone number and the people who asked for it. But nowadays phone numbers aren’t just contact information (they’re still that too, though), they’re also identifying information. Somehow phone numbers have become a pseudo-social security number that’s used to verify your identity for pretty much any online service that requires an account. While this makes phone numbers an obvious security threat, it also incentivises a bunch of behaviour that makes phone numbers a privacy nightmare.
Bonded for life: When was the last time you changed your phone number?
Phone numbers are critical to the way we move about the world these days. Pretty much every service that lets you make an account—including essential services like banking and health—use your phone number for verification that you’re the real human that you’re claiming to be. This ever-increasing dependence on phone numbers makes it a logistical nightmare to try and change your phone number, and because of this...people just never change it.
Even as a privacy-conscious person, it has been years since I updated my phone number. Changing my digits wouldn’t just mean that I have to sit down and spend hours tracking down and change my on-file phone number at my doctor’s clinic, gym, work, and a million other places — it would also mean that hundreds of contacts from years of professional and personal number-sharing would (effectively) lose my phone number. Even worse, if my old number ended up getting recycled, then my personal messages could end up in someone else’s inbox.
Because of all this, people end up changing phone numbers less often than they change their actual, physical address. This is a big problem — over the years, you’ve probably entered your phone number into long-forgotten websites, petitions, and apps, and now your phone number is buried deep in all corners of the internet.
Match made in heaven: Databases linking you to your phone number
Because phone numbers are semi-permanent pieces of information about you, it makes it really easy to create up-to-date databases which link your real identity with your phone number. In lots of countries, you can’t even get a phone number without being on a government operated registry. And to make matters worse, this linkage can follow you across every platform where you provide your phone number.
That means that even if you sign up to a platform like Twitter with a fake name and a pseudonymous handle, as soon as you verify the account using your phone number it’s simple for Twitter, the authorities, or even other people to work out who’s really operating that account.
Some experts have even suggested that having someone’s phone number is more useful than their social security number if you want to dig up information about them. That’s because phone numbers are in the middle of the Wild West of information exchange. Your phone number is affiliated with hundreds of databases, and a lot of the time phone numbers flow freely along information pipelines.
Digging up the past: Phone numbers and metadata
Because of all this, phone numbers are one of the most valuable pieces of metadata that services can store. Using nothing but phone numbers, apps that might seem private become extremely vulnerable. This is especially the case for messaging apps like WhatsApp, which boast about their end-to-end encryption, but fail to mention how their account system leaves its users vulnerable.
Unfortunately, it is this precise vulnerability which exposed former Treasury Department official Natalie Edwards — a whistleblower who worked with Buzzfeed to disclose information about suspicious banking transactions evidencing Russian interference with American politics. Now, Edwards is serving a six month prison sentence for exposing this corruption.
Metadata collected and provided by WhatsApp proved pivotal in the arrest and conviction of Edwards, with hundreds of messages between Edwards and a Buzzfeed reporter successfully connecting Edwards to the leak. The time and frequency of the messages were strong evidence — because the phone numbers of both Edwards and the reporter used on their WhatsApp accounts were easily linked to their real identities, even if the message contents were encrypted.
Edwards’ story is unfortunate, and their work is commendable, but unfortunately the deliberate positioning of WhatsApp as a ‘private messenger’ led them to believe that a fundamentally flawed application was safe for them to use. This is just one such example, but there are undoubtedly many cases where the traces left behind by phone numbers have jeopardised the privacy and safety of people around the world.
Ditching those digits: Moving on from phone numbers
The privacy problems which phone numbers introduce are extremely well documented, but lots of major platforms are still hesitant to move on from the phone number standard. They are convenient, well-explored, and just plain valuable. But having said that, it’s time for us to break up with phone numbers — at least for the purpose of being a digital identifier.
With Session, we’ve chosen to use public key encryption instead, which is an inherently ephemeral solution that gives users a whole lot more privacy. As more projects build platforms which don’t require a phone number, it’ll become easier and easier to write off apps that won’t give up on phone numbers. It’s time to leave them behind — things were never meant to be like this.
Session Release Roundup #16: Trio of Changes
October 18, 2022 / Kee Jefferys
Update: Important Changes to Session
October 05, 2022 / Alex Linton
Upgrading open groups: Bringing back DMs from open groups
September 12, 2022 / Kee Jefferys
Target acquired: The increasing threat of targeted cyber-attacks
September 11, 2022 / Alex Linton
Session Release Roundup #15: 👍😈🔥
September 05, 2022 / Harris
Sim Swapping attacks: How to protect yourself from this common phone scam
September 05, 2022 / Wesley Sukh