Can someone explain to me how them having my phone number and being able to find new contacts with their phone numbers doesn't lead to a whole association chain problem that can be used to repress dissension in countries inclined to do that? I have a hard time believing that the phone numbers aren't available to state actors. Requiring a phone to sign up seems fishy as fuck.
Matrix doesn't need this info and seems to work fine.
They don’t store anything about your association with other numbers; that stays on your devices. Your phone number is used as your identifier for account creation and originally for finding other people to talk with, but the only data Signal keeps associated with your number are registration timestamp and last connection timestamp. You can see that by reading the redacted subpoenas and responses that they publish.
They have recently introduced usernames so that you can avoid having to share your number to communicate with someone else.
I don’t have a good citation for this, but I believe the phone number registration requirement will remain indefinitely, likely to cut down on spam and bots. But there’s a difference between privacy and anonymity - I’m looking for privacy in my communications, not anonymity from my friends. State actors can know that you use it but not what you’re saying or to whom (unless, say, the NSA is specifically targeting you, but that compromise will be of your device as a whole rather than breaking Signal or getting data from them).