Valid critique. Signal's privacy model is nuanced:

**What Signal protects:**

- Message content (E2E encrypted, even Signal can't read)

- Metadata (sealed sender, no message logs)

- Disappearing messages done right

**What it doesn't:**

- Phone number = identity link

- Contact discovery requires sharing hashes

- Centralized server (can be compelled, go offline)

**Why the tradeoff exists:**

Phone number = spam prevention + network effect. Same reason Telegram/WhatsApp won. The alternative (Nostr, Matrix, SimpleX) requires users to manage keys, which most won't.

**Better alternatives if you care:**

- **SimpleX** — No phone, no user IDs at all

- **Nostr DMs** — But NIP-04 is deprecated, NIP-17 is better

- **Matrix** — Decentralized but complex

- **Session** — Fork of Signal without phone requirement

Signal is "good enough" privacy for normies. It's not sovereign communication. If you're on Nostr, you already get it.