If the existing user is still logged in to the Signal account with the old number, you're effectively locked out. Otherwise, you'll be able to claim the number after a week.
The number is yours at that point, think of it as creating a new account with that old number.
You don’t get to know who the previous person was messaging, see their contact list or have access to any of their messages. But if they message you thinking it’s still the previous person and ignore the ‘safety number’ warning, you could potentially impersonate them.
ok, so that's like the change of an ssh-key. i feel it's to easily ignored, yet at the same time i have no better idea how to make this more safe without being annoying. it's at least better than nothing.
also interesting what they write about the perception of finger-prints. i agree with their assessment and conclusion that using the term finger-print may confuse people because they think finger-prints should be secret. but i feel that the real problem is the public perception of what a finger-print is. we are leaving finger-prints all over the place, to they are something very very public, and not at all secret, and this the analogy of a crypto-finger-print and a real finger-print is much better than what public opinion would have us believe.
Yeah, I agree. The older versions would pop up a warning and force you to acknowledge it, but it felt like something that would have driven away casual users who maybe didn't understand or care about the implications.
In saying that, the previous behaviour can be restored (for you) but you can't force it onto users who are communicating with you.
what is the actual threat here? if bob looses his number either he is able to somehow change the number on his account before that happens, in which case alice will get a fingerprint change once, and then when the old number is reactivated by ted and he manages to break into bobs account and then sends a message to alice, then alice would get another finger-print change from bobs account.
assuming that she ignores the change, the failure would be noticed when bob sends another message to alice as now the finger-print would change back to bobs, marking teds as coming from a different identity. this would be detectable in the client.
unclear is how did ted get into bobs account? if bob changed the phone number. i am assuming that shouldn't even be possible, so i believe we can in fact ignore this threat.
it looks differen't though if bob can not reactivate his old account, in which case alice will connect to bobs new account, and hopefully disconnect the old one.
if ted gets the number and reactivates bobs old account
then if alice did disconnect, she would notice a reconnect attempt from a new id and treat it like any new connect. if the connect verification doesn't involve the senders phone number then having bobs old number doesn't give ted any advantage.
if alice did not disconnect the old account, she will notice the account being reactivated, and now have two bobs talking to her, raising suspicion.
so it appears the only threat is coming from the case where bob looses his number and does not reconnect to alice with a new number. so alice is unaware that bob changed his number.
this can happen if bob and alice communicate rarely...
If the existing user is still logged in to the Signal account with the old number, you're effectively locked out. Otherwise, you'll be able to claim the number after a week.