I don't agree. All I want from Signal is an e2ee, cross-platform replacement for SMS. I don't think of SMS as "social software" and to the degree Signal keeps acting like it wants to be a social network the more uneasy it makes me. I do appreciate that, unlike Telegram, I can use Signal without giving it access to my contacts but I wish it didn't try to leverage my contacts list at all.
I don't think it's an issue that it uses your contact list. Why should that be a concern? It doesn't upload them into a database like other services.
Signal is a privacy app, not an anonymity app.
I see people expressing their concern about seeing their boss using the app, etc. and I just cannot relate. Is their argument that they prefer to use insecure SMS with their boss instead? What's the point? Both parties _already have_ each other's phone number as a unique identifier.
I only have a limited # of people I can use Signal with because I don't post my phone number everywhere, though I am old enough that I remember telephone books back when people used to give out their phone number and address and nobody thought anything of it.
Today with a phone number you can:
1. Port it, steal 2FA and password resets, take over critical accounts that don't allow alternate 2FA (happened to two friends of mine)
2. Pay first party or shady second party bounty hunter cell carrier APIs to get current GPS location on a number.
I do not even have a cell carrier anymore for these reasons, social consequences be damned.
My whole point is revealing cell numbers you rely on to strangers is a bad call.
Being forced to do it by baking them into a chat protocol is idiotic.
Here's a situation I ran into: I have a stalker ex with whom I went no-contact ages ago. Years have gone by, I've been lucky enough to not hear from them in a while, it finally seems like the nightmare is over. They forgot about me and moved on to other things.
Then, they sign up for Signal. The app, for no discernable reason, sends them a message informing them that I'm also using it. Now I'm back in their head. I blocked their number on Signal, but I'm seeing "X viewed your profile" messages on LinkedIn, so it looks like the stalking frenzy might start again, all because Signal wants to be Whatsapp.
Why? It's one thing to let any signal user message me, it's another to actively remind people that I'm still around and reachable using it. SMS does not do this.
Do both parties need to have each other's phone number or is enough that one party has the other's phone number for the contact suggestion? I couldn't find it clearly stated in the article.
Practical example: someone has a spam list of phone numbers in his contact list. Will Signal suggest passively profiles that match that numbers?
If Alice installs Signal and Alice's contacts include Bob, then yes both parties will see the other suggested in their Signal app. Else no.
In the past Alice could assume Bob is capable of receiving phone calls and SMS, and now Alice could assume Bob is capable of receiving phone calls and SMS and Signal messages. Is it too revealing for people to be able to know this 1 extra thing when they already knew 2 extremely similar things?
The way I see it, you have three options:
1. Apps that upload your contact list to their server to contact match (like WhatsApp, and others)
2. Apps that use your contact list locally to match (like Signal, and others)
3. Apps that work without your contact list and let you do it manually (like Signal, and others)
Are you looking for a fourth option? If so, what is it?
(Substitute other OSes as able.)
At some point it's a problem I'd like someone to be working on, but taking on a huge amount of individual burden for a low probability scenario isn't anyway to live life.
Heck, switching to Signal wasn't high on my agenda list until the Whatsapp TC change suddenly made my entire Facebook Messenger contact list worry about these things - and now I'm completely off Messenger, but it took collective engagement.
It is 100% possible to use Telegram without giving it access to your contacts. It is even easier than Signal, because your contact can set usernames, etc. You can also chat with people without sharing your phone number.
Even if you give Telegram access to your contacts,you can disable syncing of contacts to their server.
You can also create your own contacts on telegram and add a select few people manually. Like a custom address book just for Telegram. I don't think that is possible on Signal.
I would probably just concatenate the phone numbers with the user's numbers, throw in some hard to guess salt like the Dow Jones index, and hash it with bcrypt. It's not perfect, but I would consider it good enough. And most importantly, easier for me to verify.
( Only half kidding: My favorite paranoid theory is that most security tech is thoroughly backdoored, and most of the 30000-40000 employees of NSA are actually doing parallel contruction all day long for the data they get this way.)
 Edit: from skimming the previous HN discussion, it seems that SGX relies upon Intel's remote attestation service. The code you run is signed by Intel, and you have a chain of trust stemming from a key held by Intel. It's a clever construction, but I still feel it is too clever to be comfortable with.
SGX remote attestation is, given those exploits, a super weak assurance of anything.
Centralization of security and privacy is universally a mistake.
It also leaks contact lists making it worse.
A communication medium has no need to force people under surveillance. Why not just assume you're an adult dealing with adults and let people choose. Choose their handle, need to opt in to sharing contacts. (Would also be ethical that they're forced to tell each person that they gave away their details.)
To who? The article linked is literally explaining how Signal doesn't know who your contacts are, or you.
> Why not just assume you're an adult dealing with adults and let people choose. Choose their handle,
You'll be interested to know that this is coming this year.
> To who?
To the recipient of any message you send. https://support.signal.org/hc/en-us/articles/360007061452-Do...
my main concern is that i want to be able to block contacts if needed and i can't effectively do that if they have my number
As an engineer, I appreciate the depth of this post. However, I'd also appreciate a more approachable version that I could share with a broader audience. E.g., without understanding anything about hashing, SGX, etc., how can we best explain the advantages of this approach over the "upload your contacts list" request that you encounter in other chat apps?
(1) Each client app to submit x randomly generated phone numbers for every real number, making any reconstructed social graph useless and deniable. Where x is the slowdown their very cleverly over-engineered solution introduces...
(2) As long as Signal user base is relatively small — submit n-1 digits of the number, then wait for confirmation there is at least one Signal user matching before submitting the final digit.
(3) If user base is larger - submit n-1 digits of the phone number, and receive all of the up to 10 matching users
2 & 3 seem to match the 'bloom filter' concept described here: https://signal.org/blog/contact-discovery/