> You seem to care about whether the messaging provider knows your phone number / email address... but that simply isn't the attacker model most people have: they want the people they are talking to to not have their real phone number / real email address, and couldn't care less if Telegram or Snapchat or Google or even Facebook knows who they are taking to
I don't disagree but OP was specifically talking about Signal "snooping" one's phone number, so I was talking about a different attack vector.
Besides, to answer all those comments saying that they would set up a separate anonymous email address in heartbeat, we should not forget that the HN crowd is a rather unique group of people. How many of our grandmas would get themselves a new email address just for the purpose of signing up for Signal?
Finally,
> Signal doesn't seem to care
doesn't seem to be true. The Signal developers have been working on switching from phone numbers to usernames as unique identifiers[0] since at least 2019. As they have mentioned multiple times, though, it is a complicated change.
Your links do not demonstrate that they "care", nor do they even show it is "complicated". I have been following the Signal project since well before it was even called Signal, I talk with a lot of Signal advocates at the events where I speak, and I have spent lots of time digging through issue trackers and conference proceedings to get some concept of what goes on in the mind of a Signal developer (particularly Moxie, who has made himself the enemy of decentralized systems and even open source clients): they seem to only be doing this--and lazily to boot--because people are upset about it, not because they believe in the use case; they are extremely opinionated in their specific model of chat and generally insist that using phone numbers was necessary in order for network effect to work (along with commensurate defenses of all of the privacy SNAFUs related to it, some of which they have attempted to address, but half-heartedly). Put another way: you don't spend so many years shitting on an idea and claiming it would be actively harmful to your cause just to eventually say "ok, fine: we're working on it" without any explanation that "we made a mistake and hope the community can forgive our prior misunderstanding here" if you actually "care" about something.
I don't disagree but OP was specifically talking about Signal "snooping" one's phone number, so I was talking about a different attack vector.
Besides, to answer all those comments saying that they would set up a separate anonymous email address in heartbeat, we should not forget that the HN crowd is a rather unique group of people. How many of our grandmas would get themselves a new email address just for the purpose of signing up for Signal?
Finally,
> Signal doesn't seem to care
doesn't seem to be true. The Signal developers have been working on switching from phone numbers to usernames as unique identifiers[0] since at least 2019. As they have mentioned multiple times, though, it is a complicated change.
[0]: https://mobile.twitter.com/moxie/status/1347359346301157376
[1]: https://community.signalusers.org/t/signal-introducing-usern...