This is such an uncharitable interpretation of what I was saying that it's basically a straw man.
If you're required to use ID to get a SIM (as K2L8M11N2 stated in the parent comment I replied to), then what I was saying follows - that the person is already tied to the phone number anyway.
In this context Signal revealing the only data they have (that a phone number signed up on X day) really doesn't matter or reveal anything new.
K2L8M11N2's other response to my comment is a helpful clarification, it's less about what can be compelled from Signal the company and more about what can be turned over if a user's device is compromised. In that context the name to number connection is more serious because they also have the content.
I'm sorry but absolutely nothing about this is a straw man or uncharitable, and I'll explain why.
>If you're required to use ID to get a SIM (as K2L8M11N2 stated in the parent comment I replied to), then what I was saying follows
Yes, and this is what I was responding to. You want that "if" to be taken for granted as an unchallenged starting premise to your entire argument. And that amounts to a massive privacy concession. And the fact that I'm challenging that premise, and bringing up the privacy concerns that are associated with that "if", that is the thing that you're describing as uncharitable. Even though you don't appear to dispute that it is indeed a privacy concession. And it only follows if you don't contemplate alternatives to using a phone number, which is what I took to be their point about the problems associated with a phone number.
>and more about what can be turned over if a user's device is compromised. In that context the name to number connection is more serious because they also have the content.
That's going true in any context where your number can be revealed, which is why it has unique disadvantages that usernames wouldn't have, under any conceivable hypothetical scenario. I'm glad that you benefited from their clarification but that struck me as a truism about the nature of phone numbers versus the nature of usernames.
> "You want that "if" to be taken for granted as an unchallenged starting premise to your entire argument."
I don't want that 'if' to be anything. It was the premise, because the parent comment I was responding to was stating it as a fact for where they live.
My point is that signal revealing your phone number and when you signed up doesn't reveal anything new about you. The issue is the case K2L8M11N2 mentioned when they have compromised a device (and can now tie content to IDs via the phone number).
> "That's going true in any context where your number can be revealed...under any conceivable hypothetical scenario."
This is just false? Without access to the content on a compromised device a phone number alone doesn't reveal much (that's the entire point of the e2ee), if it limits the ability for Signal to hand over the social graph or any other metadata (which does reveal a lot) that seems like a win.
Obviously revealing the phone number still reveals more than a username would, and if you can get all the benefits of not having to upload your social graph to their servers or share metadata without having to use phone numbers that would be better - I think they're working on that.
People using apps that upload their social graph and collect their metadata so they don't have to use their phone number are probably making the wrong choice when considering the trade-offs.
"The social graph" (your phone book) is most likely already uploaded somewhere by third-party app or even Google/Apple themselves. Using separate contact list (even uploaded to some server) seems more secure to me than using your phone's one.
The phone number is much more valuable to any authority than other metadata because they are more likely to have access to cell service than to messenger services.
In the context of the post, signal is much more vunerable than even basic things like email or web chats because police can effortlessly identify anyone in the group chat with a single request to cell company.
If you're required to use ID to get a SIM (as K2L8M11N2 stated in the parent comment I replied to), then what I was saying follows - that the person is already tied to the phone number anyway.
In this context Signal revealing the only data they have (that a phone number signed up on X day) really doesn't matter or reveal anything new.
K2L8M11N2's other response to my comment is a helpful clarification, it's less about what can be compelled from Signal the company and more about what can be turned over if a user's device is compromised. In that context the name to number connection is more serious because they also have the content.