https://www.theguardian.com/australia-news/2024/nov/05/sessi... they moved more than their infra

> They also require a phone number even!

"You don’t need a mobile number or an email to make an account with Session." - https://getsession.org/faq#identity-protection

> They also require a phone number even!

No? Where did you get this from? I have used the app and was never asked anything. I was given an id I could share with others and that's it. Very simple. I wish more apps had this easy onboarding process.

No legal mechanism with such breadth exists in Australia. There was a great deal of overblown media reporting but the law [0] makes it explicitly clear that any request that requires a "systemic weakness", "systemic vulnerability" or anything of the like is null and void. Those terms are defined [1]. Note that it doesn't say the government can't request such a thing, it says that such a request "has no effect". It's simply dead on arrival.

My understanding is that the government could compel Facebook to publish a version of WhatsApp with a special mode that sends all messages to the police if the user ID is 1234567. This introduces a vulnerability but it is limited to one specific person. If your user ID is not 1234567, you're completely unaffected.

However my understanding is that the government cannot compel Facebook to compel a version of WhatsApp that, when it receives a special message, silently starts sending plaintext copies of every other message it receives to the police. Such a mechanism would be a systematic weakness that affects people other than those for which a warrant has been issued, so the notice would "have no effect".

The government could also not compel a source-available app with verifiable builds to stop distributing them so that it can add a secret user ID branch like the one I mentioned above for WhatsApp.

[0]: https://classic.austlii.edu.au/au/legis/cth/consol_act/ta199...

[1]: https://classic.austlii.edu.au/au/legis/cth/consol_act/ta199...