Signal knows who you're talking to (2023)

Original Article ↗ Hacker News Discussion ↗

Privacy, Confidentiality, and Anonymity

  • Several comments argue the article conflates confidentiality (protecting message contents) with anonymity (hiding who talks to whom).
  • Others counter that who you talk to is itself a major privacy concern; metadata can reveal sensitive facts (e.g., talking to a specialist doctor).
  • Consensus: Signal is strong on confidentiality, much weaker on anonymity, and its marketing sometimes blurs this distinction.

Metadata, Sealed Sender, and Threat Models

  • Many note that any centralized relay inherently sees metadata patterns (IP, timing, volumes), even with sealed sender.
  • Some call sealed sender “useless” because statistical methods can often re-identify senders and users overestimate its protection.
  • Others say it’s a meaningful hardening step: at large scale (thousands of messages/second) correlating actors is non-trivial and raises the cost for adversaries, even if not foolproof.
  • Commenters emphasize that once targets are known, endpoint compromise (spyware on a phone) bypasses encryption entirely.

Phone Numbers, Discoverability, and Abuse

  • Major criticism: tying accounts to phone numbers hurts anonymity, especially where SIMs require ID or registration SMS can be blocked or hijacked.
  • Some note Signal now supports usernames and phone-number-hiding, but registration still needs a number; burner SIM workflows are fragile and region-dependent.
  • The pro-number argument: it throttles mass account creation and spam; critics reply that cheap/temporary numbers make this only a weak barrier.

Centralization, Federation, and Alternatives

  • Debate over Signal’s choice to remain centralized and non-federated: defenders say this enables reliability, UX, and large-scale adoption; critics see it as a single point of trust and failure, akin to WhatsApp-but-E2EE.
  • Alternatives discussed: SimpleX, Matrix, XMPP, Briar/Berty, Olvid, Molly (a Signal fork), ProtonMail (seen as worse for IP privacy).
  • Matrix/XMPP praised for decentralization but acknowledged to leak more metadata at the server level and lack some advanced privacy features; SimpleX’s own docs admit residual metadata risks.

Usability vs “Perfect Security”

  • Strong theme: ultra-private, anonymous tools (PGP webs of trust, Freenet-style systems, ad-hoc Tor-based workflows) are too complex for most users and can become red flags by themselves.
  • Many conclude Signal occupies a pragmatic middle ground: significantly better confidentiality (and some metadata reduction) for millions, but not suitable for the most extreme threat models.