people often confuse privacy with anonymity, like in this article.

the question was if signal is secure and private, and the answer is about anonymity

is it secure and private - it is, is it anonymous - it's not, or at least, to some degree

You can't have end to end encryption without ends. That said, I have managed to write encrypted end to end communication, using wireguard no less, that doesn't tell a third party server who is talking, or what they are saying.

This is single user talking to single user, though. I know it gets more complex when you have more users than that.

First question after Moxie Marlinspike talk at the CCC conference was: "When will Signal not base itself on a mobile phone number, I am an activist from Iran"

https://media.ccc.de/v/36c3-11086-the_ecosystem_is_moving

The critique of metadata being hard is fair, the claim that sealed sender is “totally useless” is not. It’s a small, incremental hardening step in a very messy design space, not a magic invisibility cloak, and judging it as the latter sets the bar unrealistically high for anything that still wants to be a drop-in WhatsApp replacement.

I thought you can register Signal with a virtual number, then in settings simply hide the phone number, and create new chats with your username?

Also, what about Briar/Berty as alternative?

https://play.google.com/store/apps/details?id=org.briarproje...

https://apps.apple.com/app/id1535500412

Since a lot of people might not reach the conclusion at the bottom of the post:

Just use SimpleX.

I always thought sealed sender was something they implemented for their own sake. The less metadata they can see is better. As a user that means you have to trust them in what they say regarding the data they keep anyway.

Regarding sealed sender I don't think they ever fixed the statistical method of identifying sealed senders described in the "improving sealed sender" paper from 2019 (?), meaning it is pretty useless anyway if signal decided they wanted to identify senders.

Signal is in an impossible position. On one hand, it needs to appeal to the crowds currently using WhatsApp and happily syncing their entire contact list to Facebook/Meta, so that they can be profiled and a social graph can be built. That crowd needs it to be super simple and "just work". If it doesn't do that, people will criticize it for being difficult to use.

On the other hand, it needs to provide ultimate security, even though there is always a compromise between security and convenience. If it doesn't, geeks will criticize it for not being secure enough.