Using the website tempsmss for temp sms verification, I managed to find a mobile# that enabled me to register for Signal and WhatsApp. I did the following …
WhatsApp
*added email address
*turned on 2FA
*set passkey
Signal
*set pin
*turned on registration lock
*confirmed no linked devices
My Signal keeps getting hijacked (logged out on my device and need to reregister) but my WhatsApp is safe (despite attempts to hijack it). What am I doing wrong?
I don’t think Signal was meant to be used with a disposable SMS number.
You should use a more anonymous chat, like SimlleX and Session.
I could be wrong but … Signal appears more susceptible to account takeover than WhatsApp. If I lose control of my mobile#, then I could lose my Signal but not my WhatsApp
The only way I know you could lose your registration-locked account is if it was considered inactive for 7 days. Are you actively opening the app within every 6 days? If so, I’d ask the Signal Community forum what could be going on. I’m not sure what else could be required to remain “active” since it seems they only store the username, phone number, creation date, and last connection date.
As @HauntSanctuary said, for a proper Signal experience you must use a number you own. That being said, it’d still be very concerning if registration lock isn’t working properly as that makes Signal more vulnerable to account takeovers. Definitely let us know if you learn why this was happening.
I was opening Signal multiple times per day
My thinking was …
go to temp sms verification site
register signal with a mobile# that works
set pin, set registration lock
hide number, set username
check no linked devices
I did all that and opened Signal multiple times per day
But the next day I was logged out of Signal and told to re-register
And a side-note: Signal registered with the burner number … I received messages from strangers containing photos and videos of you know what. I was tempted to inform you know who but then they might want to confiscate my phone
Very strange, definitely ask the unofficial community forum. If you don’t get any answers there I’d just submit a support request.
Wow. Yeah I’d be cautious of reporting it directly to police as that might lead to unintended consequences. I came across CPORT and CyberTip Report which might be better avenues. Obviously report the Signal account as well, but since this number is public I doubt they’d stop. These basement dwellers are probably savvy enough to be using a burner but criminals tend to slip up and get caught so long as police are watching for when it happens.
According to my reading, and what people are saying in this reddit thread, if someone gets the ownership of the registered signal number, you only have 7 days to recover it, after which they can register it freely, albeit with no chat history and your contacts will be informed of the ordeal. And in temp number case, it is a bit difficult to recover the number.
Not a very good implementation to prevent account hijacks, and quite worse than that of Whatsapp, with the justification being that if someone were to get a recycled number from their telecom provider with signal already registered, they can register it without being locked out. A weird hill to die on, when Whatsapp has 10x the adoptation rate and doesn’t seems to troubled by this, and thus have a better system to make account takeover difficult, even if you use temp number.
Of course you shouldn’t be using temp number for important chats, and Signal is not meant to be used like this, but I hoped things were on par with Whatsapp to prevent account takeovers.
the first thing you did wrong is to use a public number that anyone can use, it was obvious the signal one would’ve been hijacked and maybe your whatsapp soon
get a number you truly own and not public, like for example from jmp.chat
if you want to register signal with a number else than your real one, use something like 5sim, talkatone that allocates you a specific fixed number for a certain period. completely open and shared tempsms are..quite risky imo