> - compared to Signal, it does not snoop your phone number
Great, leaking the user's email address which, more often than not, contains their real name is so much better. /s
Seriously, though, I don't think this comparison accurately reflects the differences between Delta Chat and Signal:
Signal uses your phone number for account lookup but not for addressing participants. Moreover, it uses a feature called Sealed Sender[0] to conceal even the cryptographic address of a message's author. In contrast, Delta Chat leaks the email addresses of the people participating in a [group] conversation[1] (and, thus, their social network) not just to one provider (as in the case of Signal) but to all email providers involved in hosting the conversation, meaning that, as a user, you have to trust not just a single but multiple entities. Meanwhile, Signal doesn't even know how many people there are in a group conversation.
You seem to care about whether the messaging provider knows your phone number / email address... but that simply isn't the attacker model most people have: they want the people they are talking to to not have their real phone number / real email address, and couldn't care less if Telegram or Snapchat or Google or even Facebook knows who they are taking to; essentially, they want a trusted provider to protect them against untrustable contacts, not to speak with their trusted contacts using an untrustable provider. Now, can you solve for both of these problems at the same time? I think so--and maybe Three.ma is exactly that!--but Signal doesn't seem to care, as they have a somewhat strange model of how people chat. The question, then, is mostly about how well the application supports creating unrelated accounts / aliases: what you really want is just some kind of separate user identifier (such as you get with Three.ma, or with services like Wire/Kik); but, barring that (as federation makes that weirdly hard), email addresses are way better than phone numbers, as it is way way easier to get throwaway email addresses--even ones from unrelated hosting companies--than throwaway phone numbers.
> You seem to care about whether the messaging provider knows your phone number / email address... but that simply isn't the attacker model most people have: they want the people they are talking to to not have their real phone number / real email address, and couldn't care less if Telegram or Snapchat or Google or even Facebook knows who they are taking to
I don't disagree but OP was specifically talking about Signal "snooping" one's phone number, so I was talking about a different attack vector.
Besides, to answer all those comments saying that they would set up a separate anonymous email address in heartbeat, we should not forget that the HN crowd is a rather unique group of people. How many of our grandmas would get themselves a new email address just for the purpose of signing up for Signal?
Finally,
> Signal doesn't seem to care
doesn't seem to be true. The Signal developers have been working on switching from phone numbers to usernames as unique identifiers[0] since at least 2019. As they have mentioned multiple times, though, it is a complicated change.
Your links do not demonstrate that they "care", nor do they even show it is "complicated". I have been following the Signal project since well before it was even called Signal, I talk with a lot of Signal advocates at the events where I speak, and I have spent lots of time digging through issue trackers and conference proceedings to get some concept of what goes on in the mind of a Signal developer (particularly Moxie, who has made himself the enemy of decentralized systems and even open source clients): they seem to only be doing this--and lazily to boot--because people are upset about it, not because they believe in the use case; they are extremely opinionated in their specific model of chat and generally insist that using phone numbers was necessary in order for network effect to work (along with commensurate defenses of all of the privacy SNAFUs related to it, some of which they have attempted to address, but half-heartedly). Put another way: you don't spend so many years shitting on an idea and claiming it would be actively harmful to your cause just to eventually say "ok, fine: we're working on it" without any explanation that "we made a mistake and hope the community can forgive our prior misunderstanding here" if you actually "care" about something.
> that simply isn't the attacker model most people have: they want the people they are talking to to not have their real phone number / real email address, and couldn't care less if Telegram or Snapchat or Google or even Facebook knows who they are taking to
Are you sure you're not extrapolating from your needs to that of "most people"?
I don't doubt that there are people for who need anonymous communication (whether just sender-anonymous or sender-anonymous, recipient-pseudonymous). But so far, I've never had the need for it.
Quite the opposite, actually: I wouldn't want to receive anonymous messages on Signal, at least not without opt-in.
No: I am not (in fact, I am really strange: I am a super famous person who has decided to have a single public phone number and email address that he gives to everyone). I think part of the problem here is that you seem to think leaning heavily into the anonymous communication scenario, but that isn't how other people conceptualize wanting to not have their real phone number or email address given to random people: the real play is almost entirely about being pseudonymous, where you might have your name (or a "well-known alias") and a photo of yourself attached to the account... but not a real phone number or email address (which tie your identity together to other systems). This use case is so common that even tech people whom I feel "should know better" opt for solutions like Apple or Facebook login rather than giving away their real email address to a random website!
So, first, to address this: it is frankly extremely rare to have a realistic attacker model that cares about eorher governments or a chosen large corporation having access to your chats, at least "in the West". Like, seriously: sit down and list who you think falls into this category... this is a list which starts with "political dissidents" and continues into some really strange low-likelihood scenarios, as the entire premise surrounds a government or law enforcement agency subpoenaing your messages.
Most of the people I know who are in this category are simply people who want to believe they will one day be targeted by governments for being too dangerous. I can still motivate this software for people, based mostly on scenarios involving bad people getting jobs at large companies to access your information (this is a big issue with Facebook), but even those scenarios barely work against companies like Google (which have good internal information controls). I have gone into this in more detail before (with someone shilling Signal who hilariously ended up just admitting that Signal doesn't work here as it is a "privacy issue").
The ironic thing is that, without also solving the untrusted contact problem, this set barely even includes political dissidents: I have tons of friends who do stuff like coordinate protests, and the #1 realistic concern is that the police--whom I also talk to a lot (I am an elected government official), and I know they do this--have managed to infiltrate their giant group chat and are just watching it all happen and writing down phone numbers. There is a big gap between anonymous and trusted, and it is where most use cases actually happen.
So, on the other side, pretty much every "normal" person constantly meets people with whom they want to communicate without giving away their real phone number / email address. How do I know this? Because that's what most people want to talk with the people whom they are casually dating. This is a big reason why everyone uses Snapchat for almost everything (and Instagram or TikTok for everything else): because it gives you a feeling of control over what people know about you.
Just earlier today I was watching someone on TikTok--in a video about dating communication--say "using Snapchat as the only form of communication during the talking stage is the move: I'm not giving you my phone number... we just met! I would sooner give you a urine sample" (this is an exact quote). The comments mostly agreed with everything she said (and she only had like three supposedly-"unpopular" opinions that were actually quite popular ;P); here are some of the strongest comments about the Snapchat mention.
> Yes! Snapchat! The only way they can’t use one type of social media to find you on other social media
> Yes about the snap vs phone number. I started online dating after a 15 yr relationship and I got a phone stalker that texts me with new numbers
> yeah idk why ppl hate on snap. I prefer it bc they don't have my last name or extra info on me and I can see more what they look like beyond a few pix
Were there people who disagreed with her? Sure, but they were all either advocating for refusing to leave the dating app in the first place (which is itself a trusted provider protecting you from untrustable contacts), were advocating for a different but similar solutions (that still don't involve giving out your phone number), or seriously said "I don't know if I am just old or what"... to which I will note "yes, you are apparently quite old :/".
> Snapchat is dead there are apps like Text+ that create burner numbers...that’s what I use
> Yeah you’re right about this but the Snapchat thing is enlightening as somebody who was an adult before Snapchat lol
> Great, leaking the user's email address which, more often than not, contains their real name is so much better. /s
So, how good is your spam filter for SMS/calls? /s
Personally, I rather give my mailaddress than my phone number. I can set up a new address rather quick. I cannot switch my phone number that effortless.
Maybe worth noting that spam calls/SMS are primarily a problem in the US.
In the European countries that I've had phone numbers in, these basically don't exist, and my phone number has been part of several data breaches. (That said, I am curious if this is a problem occurring in almost all or almost no other countries!)
As far as I understand, these problems are also in the process of being fixed in the US via caller ID authentication (to enable carrier-level filtering), which seems like the right approach: In the long term, it's more or less futile to keep a phone number out of data breaches or advertiser databases.
Would much rather use an email vs a phone number, 100%. Most email has good spam blocking compared to phone numbers. And you can hold multiple addresses without paying more per month on a cell plan.
Great, leaking the user's email address which, more often than not, contains their real name is so much better. /s
Seriously, though, I don't think this comparison accurately reflects the differences between Delta Chat and Signal:
Signal uses your phone number for account lookup but not for addressing participants. Moreover, it uses a feature called Sealed Sender[0] to conceal even the cryptographic address of a message's author. In contrast, Delta Chat leaks the email addresses of the people participating in a [group] conversation[1] (and, thus, their social network) not just to one provider (as in the case of Signal) but to all email providers involved in hosting the conversation, meaning that, as a user, you have to trust not just a single but multiple entities. Meanwhile, Signal doesn't even know how many people there are in a group conversation.
[0]: https://signal.org/blog/sealed-sender/
[1]: https://delta.chat/en/help#how-does-delta-chat-protect-my-me...