Why email or phone is required for privacy based forums, messengers?

Problems about validation methods:

  • email: to create a valid email with valid certificate configs, you need a phone number.
  • phone number: for phone number you required a government based identity.

Example privacy-oriented projects:

  • this forum requires a valid email.
  • most of Lemmy instances requires email.
  • signal requires phone number.


I am not expert. But I know the basics about Ethereum-POW, tor network things… I have read that tor browser may support simple POW logic to validate if the client is human or not. So why privacy-oriented projects does not use solution like this? Why I used my valid real email to register here? I am reading many discussions randomly on open source projects at Github/Gitlab, they always mention that they can not prevent the “spam” problem. Therefore they use solutions like email/phone number. But they can use POW. Maybe also earn little money for their open source project. If you use a service fully free, you need to give money. If you cant give money (because of privacy issues), you can simply run the client which executes POW before use the free service (it use my laptops electricity for 3-4 minutes - depends on the service).

Maybe many people will run instances for free (because they can earn money via POWs), and then distributed systems will increase the node counts.

Am I wrong? What I am missing?


You can just use a disposable temporary email address, which you can get from temp-mail.org or use an alias from SimpleLogin or addy.io.

Not only does it require a phone number, but it also wastes a lot of money on verifying those numbers.


Well since phone numbers are involved, spammers are a thing and would quickly ruin Signal and its reputation.


Which demonstrates that requiring an email is a unnecessary requirement.


Not all do, for example Tuta, Cock.li and Disroot don’t need a phone number. Proton also doesn’t but apparently requires a phone number if you use it to sign up for accounts elsewhere

What I meant is that not only is a phone number requirement a bad thing for multiple reasons, but they also waste a lot of money because of that requirement. Which is twice as bad.

E-mail also serves to simplify administration. A password reset link can be sent to it. For situations with a single admin, this feature is a very very big deal.

It also serves to inhibit spam. Which is the name of the game. Can’t get rid of spam but you can make it harder.

Lemmy instances need e-mail for both the above reasons. It’s an earlier Reddit problem, assholes making multiple accounts and spamming downvotes or spamming ads or just being assholes. Lately the admins have been defederating from instances who can’t get their spam issues tamped down.

Signal’s phone number requirement is mostly from it’s history as an encrypted sms app. It’s target is phone number users who all have a phone number, and it was the simplest way to get people using the app. Their philosophy isn’t to keep you anonymous from the government, but that the government can’t see what you say to your friends without grabbing you and beating you with a wrench. Which takes a lot of manpower and effort.

If you don’t like the signal phone number requirement, they just started a username system so you can give out a username instead of your phone number for people to contact you.

Another alternative is SimpleX which uses no identifiers, but still has signal level security.

1 Like

Yeah… The point of asking for an email is to communicate with you, this seems reasonable for places where you are making an account. IMHO the point of privacy is generally not to become an anti-social hermit who can never be contacted by anybody.

It actually does not really prevent spam. Nearly 100% of spammers these days are actually humans in some third world country who can easily verify their emails, etc.

It would be unreasonable if getting an email address required a phone number, like OP claims. Fortunately however, this is not true, and email can be obtained from countless providers without any semblance of KYC :laughing:

Phone number requirements on the other hand are very unfortunate, and I don’t think Signal should have it. They do though, which is why we also like/promote messengers like Matrix and SimpleX.


Why can’t they just communicate with you on the platform itself lol. The reason is bc they use email as a fallback in case you forget your password. So it basically becomes a really janky password manager that’s not really fit for purpose. Now that password managers are more common though we might see email requirements go away, probably not though.

having said that without a captcha or email verification you’re inviting automated spam :wink:

1 Like

Can’t one just create a lot of SimpleLogin accounts or a few paid ones and just use SimpleLogin’s API to basically automate email verification? Which would result in automated spamming.