1) Single phone number -> person mapping means hard to compartmentalise different identities
2) Possibility of harassment tied to knowledge of phone (why people want to keep emails addresses secret too)
3) Expensive to discard phone number, so permanent identifier
4) Phone co. can map to name/address
It's almost as if tech journalists do the bare minimum of research before moving on to the next topic. Or that the tech industry has become so focused on chasing giant piles of money that nobody can remember a time when true successes on the internet were achieved by hobbyists working on passion projects with no regard for how much money they might make
At its most basic, #TootCrypt will protect against snooping of messages by any party, spoofed identities, active tampering, MITM attacks, and more.
In principle, it could do far more by trading off against UX: including protecting against meta-data analysis, evading detection within the network, and being de-coupled from any third-party API.
I wonder if it will ever prove necessary/desirable to do those things.
Whilst I kid about 'shitpost steganography', #TootCrypt is designed with resilience in mind.
One of the design precepts is that it can be made to survive *even if all of the Fediverse is actively hostile to it*, including devs, admins, users, and other actors.
Although in practice the protocol won't have this sort of resilience caked in at birth (redundant), it's important the architecture allows it to pivot that way if necessary. It's a good property for a privacy-protecting channel to have.