For a while I did run a fork of the Signal Server. Beyond the sheer difficulty getting it to run without the server being updated for a year during the mobilecoin launch, it was extremely disconcerting to see PHONE NUMBERS spread throughout the log messages. It doesn't take much imagination to see how you can build a network of who you are talking to (etc.) from this log information.
While it is quite possible that they had some non-default log configuration (and hopefully the metadata leaking in the logs is fixed), if you can't run the server you can't check what data is being leaked.
Take the E2EE claim with a grain of salt if it is difficult to run a server.
> ...it was extremely disconcerting to see PHONE NUMBERS spread throughout the log messages. It doesn't take much imagination to see how you can build a network of who you are talking to (etc.) from this log information.
The intent of Signal is to provide confidentiality of message content, not any sort of anonymity. This covers like 90+% of user's threat models and it's focusing on one problem makes it very effective at solving that problem. If one also needs anonymity then communication should happen over something like Tor or I2P.
For a while I did run a fork of the Signal Server. Beyond the sheer difficulty getting it to run without the server being updated for a year during the mobilecoin launch, it was extremely disconcerting to see PHONE NUMBERS spread throughout the log messages. It doesn't take much imagination to see how you can build a network of who you are talking to (etc.) from this log information.
While it is quite possible that they had some non-default log configuration (and hopefully the metadata leaking in the logs is fixed), if you can't run the server you can't check what data is being leaked.
Take the E2EE claim with a grain of salt if it is difficult to run a server.