[Andrew_nenakhov]

Conversations, Xabber, Chatsecure. Any of these is more secure than Signal: they are not tied to phone numbers (means: way more privacy), work with TOR easily, and starting a secure conversations is no more difficult than 'add contact' (enter contact XMPP id) -> 'press lock' -> you're ok, chat is private, and your phone number is not exposed.

Actually, this phone number thing is the main reason why I find it hard to suggest using Signal to anyone who's life is on the line.

[joshuamorton]

Can you explain why any of this is more secure than signal with sealed sender? What is the privacy impact of tying to a phone number, beyond the one bit: I have signal?

As far as I can tell, sealed sender leaks less metadata than omemo currently does, which makes tor etc. Mostly irrelevant. Plus, I'm not going to fuck up signal, while I will misuse Tor.

[pseudalopex]

Tying to phone numbers makes identities expensive.

[joshuamorton]

What's the threat model that requires multiple identities?

[Sami_Lehtinen]

From privacy point the standard is using separate identity for every action, if possible. - That's also a major bummer for Briar.

[joshuamorton]

That's not a threat model, and not generally possible (or even desirable) with something like a messaging app. So again, what is the threat that you wish to address that you believe is only solvable with multiple identities?

This is an important question, because cryptographic repudiation and secured metadata prevent most of the dangers that I can think of, but I might be missing some.