It's not just content inside messages, Signal actually knows nothing. The metadata about your user, your contacts, every group, and who is in a group, or who sent a message, all encrypted. The only thing Signal knows about a user is when they registered and their last login time.
Telegram just stores everything on their servers in Dubai, in the clear.
> The only thing Signal knows about a user is when they registered and their last login time.
Really? Why do I need to provide a phone number in order to register for the username test?
Well yes, obviously your phone number since it's how they handle accounts. Their argument is that it makes you the owner of your social graph because it uses the existing contact list on your device.
https://signal.org/bigbrother/cd-california-grand-jury/
Because your account is currently your phone number, so if they want to open the service to a limited number of power users, it makes sense to restrict it to folks who already are signal users, IMO.
As I understand it, the phone number requirement won't be going away - it's just the requirement to share it with your contacts that they're abolishing.
Seems like the right level of tradeoff to prevent abuse and enabling privacy, did you have a different expectation in terms of balance?
No, that's perfectly fine for me too, just wanted to be accurate and manage expectations :)
(In fact, I do still expect public phone numbers to be the "default", i.e. encouraged, experience, because of its viral properties. This is also fine by me, as I want Signal to be used by as many people as possible.)
You don't see any conflict between that and the claim "The only thing Signal knows about a user is when they registered and their last login time"?
Not at all, a user is a phone number.
Do you have a recommendation on how they would prevent fraud and abuse w/o using a phone number while also maintaining the same level of low friction?
What fraud and abuse? They can prevent fraud and abuse by doing anything, including by doing nothing, because those aren't concepts that apply to their product.
Spam is one kind of abuse.
So? What's the threat model? How does having phone numbers help?
You're making assertions about what Signal needs, and you're doing it without knowing their threat model.
s/user/phone number/
Signal claims to know nothing. However, for a few years now users' contact lists are uploaded to Signal's servers with the notoriously insecure Intel Secure Enclave being the only protection. It is likely that a state actor has access to that, which is already highly desirable information for mass surveillance.
Is it really?
I once worked for a company that happened to find itself in possession of a nearly complete social graph of one of the rich countries. The goal of the project was a different one, that graph was a kind of side effect. The graph was never actually used, but the company did have it.
Producing the graph was neither difficult nor expensive. I believe the complete project cost only a little over €1M.
If you want to gather data like that, you can do it without any expensive intelligence operations or attacks. You can spend a million on writing a desirable free smartphone app that needs contact permissions and another few hundred thousand on promoting the app, then sit back while the data is uploaded to your servers. To me that appraoch sounds a lot simpler and cheaper than breaking into Signal, Intel/SGX or a DC hoster.
I suggest that attacking anyone to get their contact data isn't really desirable.
> the notoriously insecure Intel Secure Enclave being the only protection
While I share your concerns about Intel SGX, your statement is not exactly true: SGX is only meant as an additional measure to secure insecure PINs.