[sgtnoodle]

It seems like the phone number is used mainly for matching you up to your contacts, and secondarily used for a first level of authentication. Signal has always encouraged independent verification of folks' public keys for sensitive communication.

Whether or not AWS is risky, I don't think signal has any increased risk hosting their infrastructure on it vs. any other service. The whole point is that comms are end-to-end encrypted from handset to handset, and so any data in Amazon's hands is encrypted.

[Jkvngt]

Seems like using a phone number as an account identifier is a huge risk to privacy. Has Rosenfeld admitted this? It’s just weird to require a phone number unless you’re talking about some big tech botnet like Facebook or Google.

[irscott]

The Rosenfeld stuff is weird, man.