Signal uses phone numbers as identifiers because it controls spam. There's no reason - at all - they couldn't just throw the gates open and say "we hand out GUIDs per account and you do some auth process to tie them together to a master key" - but that's not why they're not implementing it.
Signal without the phone number requirement becomes THE way to move data from anything to anything - malware would be written which setup a Signal account and used that for command and control. I'd wire all my service messages on servers to go via Signal - it's the perfect mechanism tied to the device I want them too.
The answer is, Signal doesn't have a way to offer "usernames only" which wouldn't almost immediately explode the services usage far, far beyond what they can plausibly sustain in server costs.
EDIT: Signal desperately need to figure out an actual monetization scheme for use-cases which do not need absolute privacy. Billing businesses for verified access to the service would be one way. Ideology and all is great, but if they can't pay the bills none of it is going to matter.
Users aren't personally identifiable by contacts or their address
Communication is authenticated and private
No person or server can access contact lists, message history, or other metadata
Resist censorship and monitoring at the local network level
Resist blacklisting or denial of service against users
Accessible and understandable for non-technical users
Reliability and interactivity comparable with traditional IM services
OK, the accessibility part is not implemented, but that is besides the point. I am not arguing in favor of using Ricochet here, so it does not matter anyways. FWIW, it has been audited.
> The answer is, Signal doesn't have a way to offer "usernames only" which wouldn't almost immediately explode the services usage far, far beyond what they can plausibly sustain in server costs.
Why can’t they let heavy users run their own servers?
> Signal without the phone number requirement becomes THE way to move data from anything to anything - malware would be written which setup a Signal account and used that for command and control.
Element doesn't require a phone number and I have no malware issues... also email doesn't.
I do not even know what the problem is. Being able to create as many accounts as one wants? How is that used for "command and control" though? I am missing something here I think.
I don't see it either.. maybe a Signal employee posted this comment to try to justify phone number collection because they can sell those at a premium (or a secret order from the Gov. forces them to do it).
Also, what I want is accounts protected solely by username and password (actually, just a 50 character password without login would satisfy me)... this is one reason why I am slowly moving away from gmail. 2FA doesn't help me because I use my own device to login and if they get compromised, I am screwed either way.
i call this a bs strawman. this is just nonsense because as you said, element and email are perfect examples of decentralized networks. you also have fediverse that woks on trust between a local network as well as any trusted servers, still that system doesn't just explode.
> Signal uses phone numbers as identifiers because it controls spam.
Signal uses phone number as identifiers because it's the easiest way to find other users. There's no other reason Signal uses phone numbers as a primary ID.
I wonder if I ever needed contact discovery, as in, actual contact discovery, such as: you start typing foo, then you get "foobar, "foobaz", and so forth. It definitely complicates things.
In India at least unused numbers are recycled back to new subscribers after 6 or so months of no activity. Blocking merely on the basis of the phone number would create issues in the future though
Signal without the phone number requirement becomes THE way to move data from anything to anything - malware would be written which setup a Signal account and used that for command and control. I'd wire all my service messages on servers to go via Signal - it's the perfect mechanism tied to the device I want them too.
The answer is, Signal doesn't have a way to offer "usernames only" which wouldn't almost immediately explode the services usage far, far beyond what they can plausibly sustain in server costs.
EDIT: Signal desperately need to figure out an actual monetization scheme for use-cases which do not need absolute privacy. Billing businesses for verified access to the service would be one way. Ideology and all is great, but if they can't pay the bills none of it is going to matter.