> What leaked was that I was a signal user, and that the person on the other side was a signal user.
Clearly, either this was before Signal had its username-lookup-only feature, or you opted into letting people find you by your phone number. At that point, the information is already effectively leaked in the same way (it’s easy for anyone to enumerate all phone numbers, let alone for you to enumerate your own contacts or vice versa), and if the notification surprised you then the absence of the notification would simply have been giving you a false sense of security.
Communication by non-phone-number identifiers is critically important, and I’m glad for recent Signal developments in that direction and hopeful for more in the future, but opting into phone-number-based communication and complaining that your contacts were merely notified about the communication option they would have been able to access anyway on a security or privacy basis is silly. The fact that this information (your contacts) passes through Signal is much more objectionable to me, even though they do the SGX thing, and I would never recommend allowing it access to your contacts for that reason.
Clearly, either this was before Signal had its username-lookup-only feature, or you opted into letting people find you by your phone number. At that point, the information is already effectively leaked in the same way (it’s easy for anyone to enumerate all phone numbers, let alone for you to enumerate your own contacts or vice versa), and if the notification surprised you then the absence of the notification would simply have been giving you a false sense of security.
Communication by non-phone-number identifiers is critically important, and I’m glad for recent Signal developments in that direction and hopeful for more in the future, but opting into phone-number-based communication and complaining that your contacts were merely notified about the communication option they would have been able to access anyway on a security or privacy basis is silly. The fact that this information (your contacts) passes through Signal is much more objectionable to me, even though they do the SGX thing, and I would never recommend allowing it access to your contacts for that reason.