Because that's the trade-off you make when you want high entropy unique usernames to prevent enumeration attacks. They become long and random. There's still a "phone number". It just looks something like 4sci35xrhp2d45gbm3qpta7ogfedonuw2mucmc36jxemucd7fmgzj3ad. You know that string and you can make a computer somewhere in the world accept some GET requests. Who knows if Flask, or whatever is part of the stack, has zero-click vulnerabilities.
And yes obviously I would recommend Signal to anyone who wants content privacy.
Since Signal offers only narrow by-policy metadata privacy (unless you're on burner hardware), I'd ask them if they wanted metadata privacy, and if so, I'd point them to the direction of Cwtch https://cwtch.im/. I wouldn't recommend TFC unless endpoint compromise was part of their threat model. It's complicated and nuanced in the deep end of the pool.
Because that's the trade-off you make when you want high entropy unique usernames to prevent enumeration attacks. They become long and random. There's still a "phone number". It just looks something like 4sci35xrhp2d45gbm3qpta7ogfedonuw2mucmc36jxemucd7fmgzj3ad. You know that string and you can make a computer somewhere in the world accept some GET requests. Who knows if Flask, or whatever is part of the stack, has zero-click vulnerabilities.
And yes obviously I would recommend Signal to anyone who wants content privacy. Since Signal offers only narrow by-policy metadata privacy (unless you're on burner hardware), I'd ask them if they wanted metadata privacy, and if so, I'd point them to the direction of Cwtch https://cwtch.im/. I wouldn't recommend TFC unless endpoint compromise was part of their threat model. It's complicated and nuanced in the deep end of the pool.