Closed S5NC closed 1 month ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been closed due to inactivity.
About this beta feature
Does this means that even if the user A is added using via their username by user B, if user B had user A's phone number in their contacts previously, that it would be revealed in the app that user A's phone number corresponds to a contact on user B's phone?
If so this could be used to reveal the phone numbers of Signal users. An attacker could store all possible phone numbers as contacts on their phone, then add users. If phone numbers are revealed if a phone number is added to a contact after the username is added, it would still reveal phone numbers corresponding to users.
Perhaps this is just vague wording in the article, and doesn't specify that this is only the case for contacts that you add via phone number? Of course, this is only an issue if "Who can find me by my phone number" is set to "Nobody".