[lrvick]

I have run my own identity servers for private deployments without issue.

This is, granted, not as easy as it should be, but it is an issue the matrix team is working on improving.

You also don't need to use the identity service at all. It is totally optional for user discovery.

Third party implementations of the identity server already exist too.

Someone could even write their own replacement that uses SGX if they really wanted ;)

[cwyers]

Optional security isn't security. Especially with the sort of metadata that is in _someone else's phone_. Basically, everybody who has my phone number probably has it in their iOS/Android contacts. I can't opt out of _them_ using a bad identity server.

[Reelin]

But you already can't opt out of them sharing their entire address book with the latest sketchy app they downloaded. What's the difference?

They either have your phone number and other contact details in their phone or they don't. They either make good decisions or they don't. You choose how much to trust them and what with. Federation and third party implementations of identity servers for one particular app changes absolutely none of that.