If you allow user-generated usernames, what's to stop me signing up as Linus Torvalds or Hillary Clinton, and creating drama for the lulz?
Using the phone number as a unique and verifiable identifier seems like a pragmatic - if not perfect choice. By using the SMS confirmation it makes it much more difficult for me to impersonate Linus or Hilary - because I'd need to impersonate their phone number _and_ respond to an SMS sent to it. Not nation state secure, but better than nothing...
The other problem Moxie's trying to solve is the discoverability problem - which jwz _doesn't_ want solved (nor do people with abusive exes or other categories of users Signal if often very vocally advocated for "Use TOR. Use Signal. Use a VPN!!!"). Moxie wants to be able to calculate the intersection of your contact list with every other Signal user's contact list, so it can prompt you to let you know you can use Signal to communicate with them which you'd otherwise probaby no know. And as he says, to be most valuable, e2e encrypted messaging needs to become the default messaging channel under normal use, so it'll not need to be installed/setup/learned under stress when it's need becomes critical.
I think Signal's got the "soundbite message" of what they do very carefully crafted and it's very enticing, but by nature soundbite sized or elevator pitch sized message inevitably leave out the complexity of edge cases.
I'm 99.99% sure Moxie isn't lying about what we could all read in the sourcecode if we cared enough to spend the time reading it - all the people jwz is concerned about sending him Signal messages already had his phone number in their contact list so could have already been sending him text messages. Moxie's view is jwz is better off having all those people know they can _also_ contact him using e2e encrypted messaging as well. jwz doesn't agree, and doesn't think letting all those people know he has installed an encrypted messaging app is "privacy protecting". There's certainly merit in both points of view.
The "interesting" bit (to me) of Moxie's explanation of what happens is that Signal sends "truncated sha256 hashes" to the Signal servers so it can compute the intersection of all the numbers it scrapes from your contact list with everyone elses.
Seems to me there's just not enough entropy in phone numbers to make that nation-state secure.
If Moxie gets served a warrant (and a NSL) it wont take _too_ much effort to reverse out all those truncated SHA intersections into a social graph...
But then Moxie's POV seems to be "those people would get that same info from your telco records if you use SMS, and at least that's the _only_ metadata we leak, your telco probaby hands that over without a warrant along with at least the date/time of every SMS you've ever sent or received and quite probaby the contents as well...
I lean a lot towards jwz's argument that they're _way_ overselling the privacy-preserving nature of Signal. Especially if one of your adversaries is someone who knows your mobile number and would benefit from knowing you choose to use encrypted communication (like, say, everybody in the UK right now...)