Exactly. The most important reason to use Signal is the trustworthiness of the developers. Moxie is a highly esteemed security researcher / public figure. I trust him to (1) implement the protocol properly (which is really hard) and (2) respect my privacy and (3) not sell out like WhatsApp did.
The thing is, as long as we're using phone numbers as user handles, you have to trust the provider with your phone book. Signal tries as hard as possible to avoid it (all phone numbers are hashed), but if they wanted, they could simply brute force all the hashes since the search space is so small. There's no good solution to this.
No, they're doing that already. The issue is that phone numbers are so short that you can just calculate the salted hash for all of them. You don't need any rainbow tables for that.
I agree on that point and would rather prefer something that is a viable business. But it doesn't seem feasible to implement because most people wouldn't pay for messaging anymore. As another data point, Signal doesn't have a monetization strategy either.
It seems like we (most humans who use communication devices) are doomed to be stuck in advertising-based-single-corporate-walled-garden solutions.
> Signal doesn't have a monetization strategy either
They don't have to - Open Whisper Systems is a non-profit with strong community support. It works out so well that they actually pay any contributor a few dollars per commit. That's the best monetization there is for an organization which serves the community.
Wire is VC funded by Iconical/Janus Friis (Skype co-founder who is also the co-founder of Wire) and will monetize with premium features. Can't share more at this point, I'm afraid.
The thing is, as long as we're using phone numbers as user handles, you have to trust the provider with your phone book. Signal tries as hard as possible to avoid it (all phone numbers are hashed), but if they wanted, they could simply brute force all the hashes since the search space is so small. There's no good solution to this.