[mmooss]

> Leaking contact info appears to be part of the design.

Those people already had your contact info, probably.

Also, I think there is a setting in Signal to prevent that - and via the OS you can block Signal's access to your contacts, of course.

[robot-wrangler]

> Those people already had your contact info, probably.

What leaked was that I was a signal user, and that the person on the other side was a signal user. The security implications are obvious, and by itself, that's already enough to get someone who really needs to care about privacy killed.

> Also, I think there is a setting in Signal to prevent that

False. It happened without my permission as soon as the app was installed, and there was no way to opt out. Maybe they changed it since then, but the fact remains they obviously cared more about network-effects and user-counts than user privacy.

Sigh, there's just no need for this kind of apologism. You could just admit that a) it's bad behavior, b) they did it on purpose, and c) it's not possible to trust someone who does something like this. I'm aware they are nonprofit, so I don't know why it's like this, but the answer is probably somewhere in the list of donors.

[lukeschlather]

How would you suggest Signal allow you to communicate with your contacts without leaking the fact that both of you are Signal users? Should it just blackhole the message if the other number doesn't have an account?

I understand the unease about the notifications, but there are some hard tradeoffs between how you can store as little information as possible, remain as decentralized as possible, while getting the same benefits as centralized systems like Facebook.

I'm really of the opinion that a messenger similar to Signal but more centralized in the fashion of WhatsApp or even Facebook Messenger should exist, but I also understand why Signal works the way it does.

[notfed]

Suggestion: it should, at very least, not show a UI a notification "_ is now on signal!" As a nice to have, yes, it should blackhole a message until at least one reply happens.

[mmooss]

That's a lot to pile on people who disagree with you. Maybe other people have perspectives that are both 1) different from yours and, 2) valid?

[robot-wrangler]

> Maybe other people have perspectives

Yeah, no. The whole "every perspective has some validity" thing won't really apply to most safety/security issues. The most charitable thing to say here is that the workflow is completely broken. Less charitable but also valid is pointing out that it's actively harmful, and deliberate. I would be really surprised if this hadn't ever caused serious consequences whether a whistle blower was fired, an abused spouse got extra abused, or an informant was killed. If you think you've got a "valid perspective" that prioritizes mere user-discovery over user-safety, then you should not be attempting work that's close to safety and security, full stop.

[mmooss]

Others are equally confident in their beliefs. By your reasoning, why should they listen to you?

> Yeah, no.

Nobody reads past this part. It reflects a lack of judgment, and also who wants to talk to someone in this context?

[robot-wrangler]

Welcome to shop class. Safety goggles are required here, primarily for eye-safety but that said, all use-cases are equally valid. If you feel they clash with your style then feel free to leave them around your neck while operating the machinery.

Notice that if you go this route you get no additional safety, and actually introduced an extra hazard.. don't lean in or your goggles get caught in the machine and drag your neck closer to whirling blades! Sorry if it's rude, but there's no nice way to say that this is bad to do and even worse to advocate for. If you don't get it, ok, go be as unsafe as you want when it's your ass on the line. No need to take the next step towards also trying to kill safety culture.

[minitech]

> What leaked was that I was a signal user, and that the person on the other side was a signal user.

Clearly, either this was before Signal had its username-lookup-only feature, or you opted into letting people find you by your phone number. At that point, the information is already effectively leaked in the same way (it’s easy for anyone to enumerate all phone numbers, let alone for you to enumerate your own contacts or vice versa), and if the notification surprised you then the absence of the notification would simply have been giving you a false sense of security.

Communication by non-phone-number identifiers is critically important, and I’m glad for recent Signal developments in that direction and hopeful for more in the future, but opting into phone-number-based communication and complaining that your contacts were merely notified about the communication option they would have been able to access anyway on a security or privacy basis is silly. The fact that this information (your contacts) passes through Signal is much more objectionable to me, even though they do the SGX thing, and I would never recommend allowing it access to your contacts for that reason.