Right. Exactly my point? Phone numbers are not, like, the only way to identify a user. You have to know who they are. You posted an xkcd but failed to derive the conclusion that if a user is ‘compromised’ and they know who they’re talking to, then so are the people they’re talking to, regardless of whether phone numbers are involved. There’s no practical way to mitigate against that, it becomes a paranoid’s nightmare.
No the most important thing a chat app needs to do is send messages between the intended recipients making them unavailable to anyone else. Signal does this. You’re worried about ppl receiving messages and knowing who they’re from. Generally knowing where a message is from is considered a feature – if you want anonymous broadcast, pick a different technology that’s geared towards that
If your threat model is deanonymisation of chat users via phone numbers after one chat is fully compromised, then yeah I guess you need to register the accounts with relatively ‘untracable’ phone numbers (ie unregistered or incorrectly registered burner sims), but that’s not my threat model. I’m more concerned about server-side broad-spectrum government surveillance than I am about targeted device seizures. And of course there are mitigations even with data access on device seizure, provided you’re unwilling to provide device passwords. But, like, if you’re cooperating to the point of providing passwords you’re probably sharing what you know about other users identities anyway, so it’s a very niche case this applies to.
Just one of the many perks of a stable monogamous relationship.