Depends, who do you want to shield what information from? Signal knows all of their users’ phone numbers. You can hide it from other Signal users. All depends on your threat model.
Right, then Signal might not be the best option. The NSA can easily track who’s using Signal, and possibly do some traffic correlation to reveal who’s talking to who.
But to state that there is no privacy on Signal at all is a bit of a stretch.
Yes but, I ain’t joining a random group I found on Internet on a service which has my phone number. Which can be easily traced back to me. Because I don’t know who all the members are then if someone is on the list then that will put me also on the list. If it was something like matrix where even though the group could be unencrypted and open to all. I can use Qubes and whonix to make sure that some stupid idiot doesn’t put me on a watchlist I don’t want.
But if I know all the members and I or someone I trust controls who can join then anonymity isn’t a concern security is and in that scenario yes I’ll definitely be using signal. I already am. But not here.
How exactly is it hashed? There aren’t that many possible phone numbers, so it might be viable to just try every valid number until you find one that matches
Depends, who do you want to shield what information from? Signal knows all of their users’ phone numbers. You can hide it from other Signal users. All depends on your threat model.
The NSA
Right, then Signal might not be the best option. The NSA can easily track who’s using Signal, and possibly do some traffic correlation to reveal who’s talking to who.
But to state that there is no privacy on Signal at all is a bit of a stretch.
Yes but, I ain’t joining a random group I found on Internet on a service which has my phone number. Which can be easily traced back to me. Because I don’t know who all the members are then if someone is on the list then that will put me also on the list. If it was something like matrix where even though the group could be unencrypted and open to all. I can use Qubes and whonix to make sure that some stupid idiot doesn’t put me on a watchlist I don’t want.
But if I know all the members and I or someone I trust controls who can join then anonymity isn’t a concern security is and in that scenario yes I’ll definitely be using signal. I already am. But not here.
Only the hash of your phone number.
How exactly is it hashed? There aren’t that many possible phone numbers, so it might be viable to just try every valid number until you find one that matches
Here’s what Signal says: https://signal.org/blog/contact-discovery/
Good correction, thanks