It seems useless to me, at least regarding the cybersecurity aspect. Of course, it’s helpful when people ask for my contact information, and I don’t want to share my phone number or email address.
But they still require information that could be used to prove or be linked to my identity for registration, right? This means a hacker could still reveal your IP address, phone number, email, and your passcode. Likewise, the development team can access these as well.
I know I’m overly cautious about my privacy, but that’s just how I am.
I use Signal because there are few viable alternatives, but I absolutely hate that it requires a phone number at all. Nothing should require a phone number, much less use it as a primary account ID. Phone numbers are not user IDs. They do not belong to users, they can be reassigned to different people by third parties, they are frequently controlled by corporations with horrible security practices.
Ironically, iMessage is much better in this regard. You can actually use it with just an Apple ID, which does not require a phone number, only an email address.
It sounds like Signal will still require a phone number but merely allow you to hide it. That’s a big improvement, but still bad.
It’s disappointing, I wanted to have desktop signal without depending on an application in another device.
I currently use Waydroid to use it without a smartphone, and it is very annoying that I have to bother like this.
All the personal information you mentioned should be hashed or encrypted. For any given phone number, see how little information they have: just an account creation timestamp and a last access timestamp.
There’s so much FUD about Signal it’s ridiculous. I’m starting to believe those glowie memes are true it’s just the “lol like I’d ever trust Signal!!!” folks who I think might be the glowies. 🫣🫣🫣
spoiler
(No I don’t actually believe they’re glowies lol).
My main complaint is that they officially prohibit 3rd party clients including 3rd party builds of their official ones. They also don’t have reproducible builds for their clients. It leaves the door wide open for inserting some telemetry via an update to completely bypass their otherwise good encryption and (lack of) data retention.
