I don’t know that it is “tangibly better for privacy”. Not saying it isn’t, just that I don’t know. It’s definitely better for anonymity/pseudonymity. The main benefits, in my opinion, are:
No phone number needed for sign-up. Signal wants people to be able to easily find who is available to message on Signal, and they’re leveraging the phone numbers in your personal contacts to build a private “social graph”. This is actually really nice, but also can be a huge hurdle for a variety of reasons I won’t go into, none of which are privacy, as others have repeatedly alleged, because there is nothing connected to your phone number, as Signal has demonstrated in their public subpoena responses.
SimpleX let’s you have multiple profiles. For example, a work profile, a personal profile, a public/social profile, and an anonymous/pseudonymous profile. They also support business profiles. This is, in my opinion, a huge problem for Signal. Sometimes Signal is used to do things like organize protests. If that group is public, anyone can join and see exactly who you are, and you’re essentially doxing yourself in that group. Really not ideal. In the case of something like Session, I can use Shelter to create a work profile and install a redundant copy of the app for another profile, but due to #1, this is not possible.
I also see orgs like EFF and 404 Media using Signal as a comms method. You can’t message them either without doxxing yourself, unless you just erase/pseudonymize your profile, which would then just completely confuse your actual friends and family.
No one can message you that you have not invited to message you. Due to #1 (again) people can and do use Signal to send spam/scam messages. Now they could do so just using SMS, but my personal SMS app has spam filters, Signal does not.
If you want to create a public invitation, you can do so, and share it wherever you want. I share mine on my personal Linkstack site. If, in some hypothetical future, spammers/scammers start scraping the web for invitations, and that invitation gets collected and sold/shared, I can simply rotate it out with a new invitation, but, importantly, without losing any of the connections to people I’ve already messaged. You can do similar with Signal usernames, but only for the 1 profile, and you cannot stop people from messaging with your #. You can also set it in a group to disallow private messages to other members, which is a huge problem in places like Discord and Matrix.
This doesn’t really matter so much today, as certainly the # of users are so small as to be a waste of time for any spammers, but it matters so much on a fundamental level, in a hypothetical future where it becomes widely adopted.
You can also create 1-time invitations so that you can be 100% sure that the person messaging you is the person you invited, as opposed to Signal’s “safety number” approach.
They don’t use Google/Apple notifications. This is both a pro and con. Ideally they would just support UnifiedPush but instead they run their own notification server. This hits your battery life, as well as causes problems with notifications. I often open the app and just watch it update messages for several seconds and then get a wave of notifications, but I also don’t utilize the “always on” notification service. The fact that Signal just uses Google/Apple is appalling but you can get around it using the FOSS Molly app. To reiterate, there is no way to receive notifications in the Signal mobile app without going through Google/Apple’s servers. It really chaps my ass to see supposed “private” apps that make no option available to circumvent the servers of tech oligopolies. I understand very few people would utilize this but I still think it’s extremely important, and the fact that Molly devs actually provide this shows that it’s entirely feasible. Google FCM notifications is the only remaining reason I absolutely need Google Play Services installed on my device, and it frustrates me to no end.
I don’t know that it is “tangibly better for privacy”. Not saying it isn’t, just that I don’t know. It’s definitely better for anonymity/pseudonymity. The main benefits, in my opinion, are:
No phone number needed for sign-up. Signal wants people to be able to easily find who is available to message on Signal, and they’re leveraging the phone numbers in your personal contacts to build a private “social graph”. This is actually really nice, but also can be a huge hurdle for a variety of reasons I won’t go into, none of which are privacy, as others have repeatedly alleged, because there is nothing connected to your phone number, as Signal has demonstrated in their public subpoena responses.
SimpleX let’s you have multiple profiles. For example, a work profile, a personal profile, a public/social profile, and an anonymous/pseudonymous profile. They also support business profiles. This is, in my opinion, a huge problem for Signal. Sometimes Signal is used to do things like organize protests. If that group is public, anyone can join and see exactly who you are, and you’re essentially doxing yourself in that group. Really not ideal. In the case of something like Session, I can use Shelter to create a work profile and install a redundant copy of the app for another profile, but due to #1, this is not possible.
I also see orgs like EFF and 404 Media using Signal as a comms method. You can’t message them either without doxxing yourself, unless you just erase/pseudonymize your profile, which would then just completely confuse your actual friends and family.
If you want to create a public invitation, you can do so, and share it wherever you want. I share mine on my personal Linkstack site. If, in some hypothetical future, spammers/scammers start scraping the web for invitations, and that invitation gets collected and sold/shared, I can simply rotate it out with a new invitation, but, importantly, without losing any of the connections to people I’ve already messaged. You can do similar with Signal usernames, but only for the 1 profile, and you cannot stop people from messaging with your #. You can also set it in a group to disallow private messages to other members, which is a huge problem in places like Discord and Matrix.
This doesn’t really matter so much today, as certainly the # of users are so small as to be a waste of time for any spammers, but it matters so much on a fundamental level, in a hypothetical future where it becomes widely adopted.
You can also create 1-time invitations so that you can be 100% sure that the person messaging you is the person you invited, as opposed to Signal’s “safety number” approach.