[newscracker]

I read through this. I don't think Proton Mail is a good replacement for Signal (it's worse because Proton does log and share IP addresses of users with a court order).

One thing I dislike about Signal on its privacy posture is that the moment you register, anyone who already has Signal and has your phone number in their contacts list will get a message saying you're on Signal. This is a good way for others with bad intentions to know about your presence on the platform. The options to hide your phone number are available only after registering on Signal (after this broadcast has already happened) and when the user figures out that this is possible somewhere deep in the settings.

On registration Signal could ask whether to inform all random people who happen to have your number. But since unused/discarded phone numbers are recycled by carriers to other customers within a matter of weeks or months or years (depending on where you are), your presence on Signal may be sent to someone you've never ever known or has known you. Signal ought to remove this broadcast on registration. Telegram (and I guess WhatsApp) also suffer from the same issue.

[udev4096]

That's false. You can set your phone number discovery to None and even your contacts cannot find you unless you explicitly message them or share your username

[Fiveplus]

So...who's right? This comment or the parent comment? I don't use signal and these are contradictory to me. Just wanna know what's the actual policy.

[nextstep]

udev4096 is correct. Discoverability via your phone number is optional and opt-in.

[baxuz]

Why do you even need a phone number in the first place?

[baiac]

To curb abuse.

[baxuz]

Number spoofing is trivial, and SIM cards can be bought retail for as little as 1€ in the EU and many countries around the world.

You can buy them in bulk on shady sites for as little as 5c per pop.

Most abuse happens on an industrial scale, and it's trivially easy and practically free to bypass this kind of "security" feature.

[sliken]

Right, but 1€ isn't free. So if you manage to spam 1M people and make less than $0.05 * 1M = $50,000 then you are losing money.

Thus no spam on signal.

[johnisgood]

And to curb privacy / anonimity.

[udev4096]

Hardly an actual mitigation. Temp phone numbers are in abundance and a dedicated spammer can definitely overcome it

[baiac]

No system is perfect. It’s about making it time-consuming and financially expensive to the spammer.

[sandblast]

What types of abuse it really curbs?

[Arnt]

Those that depend on creating new accounts to replace blocked ones.

Getting a new phone number isn't expensive, but it's infinitely more expensive than zero. And if a service is willing to block the phone companies that offer the cheapest new numbers, the price rises again.

[shevy-java]

NSA will know.