I completely understand the difficulty, but so far I haven't heard of whether or not Signal is even working on getting rid of phone numbers.
Also worth mentioning that Matrix isn't just working on encrypting contacts databases. They are also working on decentralization, which is a much more difficult problem. So I'm not surprised that they are running into issues every once and a while (though Signal has had security problems in the past too [1])
It sure seems to be a much more difficult problem, because they're working right now to recover from disastrous protocol breaks that allow servers to decrypt messages in groups. I'm not so interested in what novel stuff they're working on; they don't have the table stakes stuff nailed down.
This is secure messaging. It has to work, or it's just LARPing. Can the Matrix team honestly say that their system is ready to handle life-or-death secrets?
Hackers were able to get at least one person via the Twilio hack in OP's article (which wouldn't have happened if Signal was not reliant on phone numbers). So I wouldn't say Signal is great for life-or-death either. And afaik the Matrix vulnerability we are discussing was not actually shown to have been exploited
Do you mind elaborating? I think OPs article was pretty clear
> By default, Registration Lock is disabled, as was the case for at least one of the hacked accounts. As such, the cybercriminals managed to pull off the attack by impersonating the victim of the attack for roughly 13 hours
Also worth mentioning that Matrix isn't just working on encrypting contacts databases. They are also working on decentralization, which is a much more difficult problem. So I'm not surprised that they are running into issues every once and a while (though Signal has had security problems in the past too [1])
[1]: https://thehackerblog.com/i-too-like-to-live-dangerously-acc...