It's great that Signal has devised a system that, ostensibly, obviates the need for them to keep persistent lists of everyone's correspondents. But as that same system requires the constant, repeated uploading of phone-number-identifiers, and complete trust in Intel SGX™, it misses the primary thing most want from an end-to-end, open-source solution: no reliance on remote personnel or systems.

Signal's created a fancy 'Maginot Line' that ultimately reduces to the same core flaw as much-simpler architectures: if a small number of hard-to-monitor key people or servers are compromised, even temporarily, the metadata is also compromised.

You tout that "Signal's servers store no contact lists at all". But can you prove that? Signal's servers are still sent all the same data that would be required to do that.

Meanwhile, other secure messengers manage to:

* avoid ever knowing a users' phone number, or revealing a users' phone number to their correspondents

* avoid broadcasting the fact of a user's participation to anyone who cares to query

It's important to remember these caveats & tradeoffs when alleging Signal stores no contact lists at all.

I want readers to know that your headline claim, "Signal's servers store no contact lists at all", should be coupled with the important caveat that believing that claim still requires trust in Signal and Intel personnel/servers.

And even if someone, like yourself, assumes such trust in Signal & Intel, the metadata protection Signal does offer still requires other metadata tradeoffs. That's not 'equivalent' to other options, it's different in notable ways. For some users, like say an anonymous whistleblower without a 'burner' phone number, Signal's metadata handling is arguably worse than other extant options.

You find Signal a preferable, perhaps even dominant choice; I think they're a mixed-bag once aware of all the tradeoffs.