[gaius_baltar]

They should sell the ability of creating an account not attached to a phone number.

Pay $5, get a code that allows creating a single account, enter the code somewhere in the app to allow using a user name in place of the phone. This limits spam and, as this code can also be sent to another person, there is a way to hide the relationship between payer and final user. No need for cryptocoins, NFTs, or other stupid things.

[hwhelan210]

You might be interested in the technical reasons for requiring a phone number to use Signal. Not sure if there have been any updates since this blog post. https://signal.org/blog/secure-value-recovery/

> One challenge has been that if we added support for something like usernames in Signal, those usernames wouldn’t get saved in your phone’s address book. Thus if you reinstalled Signal or got a new device, you would lose your entire social graph, because it’s not saved anywhere else. Other messaging apps solve this by storing a plaintext copy of your address book, social graph, and conversation frequency on their servers. That way your phone can get run over by a car without flattening your social graph in those apps, but it comes at a high privacy price.

[gaius_baltar]

This can be solved with a backup that store the address book (but not in the cloud, please!). Signal for Android already have a safe and encrypted backup feature, I use it to keep my message history safe.

Not being forced to add a contact to the phone address book is an extra advantage, as address books are one of the first victims of spyware apps...

Also, with usernames and a desktop app, there is no reason to require a smartphone at all! Seriously, my Android phone is the least secure platform that I use at the moment (lots of proprietary stuff, spyware prone, ...)

[Spivak]

Wait what? You specify a username and at least one user-chosen "challenge" in order to verify ownership of it -- phone number, email, password, TOTP, public key which is stored with Signal. Then when you register a new phone you verify the username exactly like you verify the phone number but with the user's challenge.

Like it's more effort, but not some intractable problem, at least stated like this.

[zeagle]

I feel like that issue could be solved by creating a random unique say 16 digit UID that users could then add as a phone number for contacts. As long as it does not map to a real routable phone number a phone dialer won't have issues if you call it by accident. Smarter dialers like that in calyxos could recognize it for signal calls if it has a unique prefix.

They could even sell existing users UIDs so they could share their contact info without sharing their phone number if they so desired, e.g. via a website. If they charged some nominal fee users could reset their UID. Maybe with escalating prices if done in short succession to make revenue and discourage abuse.

[kitkat_new]

so pay for privacy?

I thought privacy was supposed to be available for free?

[gaius_baltar]

> so pay for privacy?

Correct. They are asking money already.

Signal justifies not allowing usernames as (partially) an anti-spam measure and I assume they also be doing it to limit the amount of accounts created and, so, the use of server resources for which they pay. Selling these accounts solves both problems.

Also allows us to actually use Signal for groups, I don't like the idea of large groups knowing my phone number.

[defaultprimate]

Requiring a phone number is literally my only complaint about Signal, I used to just use a Google Voice number but then I learned about TextNow and have been migrating away from Google as much as possible

https://www.textnow.com/how-it-works

[zaik]

My other complaint is that it's just another walled garden.

[onychomys]

That's true of all messaging apps besides base text messages, though, isn't it? It's not like I can send a message on facebook messenger to somebody who reads it in telegram.

[Tepix]

RCS / JOIN is an open standard, but it lacks important features like E2E

[kitkat_new]

you don't seem to know Matrix and XMPP

[defaultprimate]

It's very difficult not to be if you want truly secure messaging.

It seems unlikely that big tech and telecom corporations, whose lifeblood is personal data harvesting, or government, with surveillance states becoming the global norm, are going to agree to adopt a genuinely secure end to end encrypted messaging standard or protocol on the best devices ever to facilitate their practices.

[barbazoo]

I was able to use a US number from Twilio for that purpose. Interestingly, the Canadian numbers I tried didn't work.