[Vinnl]

> Signal appear to have been making efforts to switch unique identifier to an arbitrary ID, I believe this is a move towards removing the phone number requirement. I can't say for sure.

It is: https://mobile.twitter.com/moxie/status/1281353119369097217

> Our goal with PINs is to enable non-phone # based addressing. Since that will mean your Signal contacts can't live in your address book anymore, they're Signal's responsibility. Every other messenger does this by storing them in plaintext, but that's not private, so we built SVR.

[alias_neo]

Thanks for that. I had a quick look through their blog but couldn't find anything to reference.

It's been a few months since I worked with their codebase but at the time it relied on Intel SGX for the contact storage Enclave, which is now considered compromised[0]. Additionally, if you wanted to run your own, the requirements to get licensed to use the Enclave are non-trivial.

Opinions are my own, I represent no one, etc, etc.

[0]https://arstechnica.com/information-technology/2020/03/hacke...

[Vinnl]

Yeah I think that's still true. That said, as I understand it, the enclave is used as "proof" that they're running the server-side code they say they do (which should be protecting the data), not the data itself. I could definitely be wrong there though.

[alias_neo]

Yes, that's how I understand it to work; TEE (Trusted Execution Environment).