> We built Change Number using the foundation of more exciting features to come.
Surely this is referring to the ability to use a non-phone number ID, which they've hinted at before [1]. Looking forward to that, only because I know many others are!
I think the real question is what "usernames" will look like. There were hints dropped that this could be stronger than a typical username (like what HN has). I took a poll on reddit[0][1] to see what people wanted. I was rather surprised at how many wanted strong anonymity. I expected that the top choice would be the weak anonymity, where people just have an alternative to phone numbers. But I think if that's what Signal was rolling out then it would have been here already. So I hope they make anonymous communication available to everyone. I don't expect strong anonymity in the initial rollout, but I hope that is what they are working towards.
As I see it, there are three aspects to protected communication: privacy (no one sees what you're saying), anonymity (no one sees who's communication), and censorship prevention (no one can shut down communication). If we get strong anonymity in Signal then that is 2/3 and would be a great leap forward for free speech _everywhere_. I expect censorship prevention to be the hardest of these to tackle, even with decentralization.
> I think the real question is what "usernames" will look like. There were hints dropped that this could be stronger than a typical username (like what HN has).
i'd expect it to be much like imessages/facetime on apple products. it can use an email username or a telephone number. the telephone number predominates (because it also does sms/mms), but either can be used on any apple product.
> Surely this is referring to the ability to use a non-phone number ID,
They are promising this for years and years, I hope this time is real. Specially if we don't need a phone number to create an account: that's just incompatible with privacy.
They're great compared to the alternative of simply storing a plaintext register of every pair of communicating parties on the server, which is how other messengers work. What's "good" about phone numbers is that they're tied clientside to a "buddy list" that everyone already keeps --- their contact list. They don't want phone numbers on the merits of phone numbers.
I would much prefer a one time randomly generated GUID myself that can be used to transfer to new phones or just trash if you want a full reset on your signal contacts. Obviously 2FA like TOTP or similar to change it.
They mainly used numbers so they could leverage the social graph of phone contact lists. That way they didn't need to store any social graphs on their systems.
I hope they don’t implement it broken like Telegram’s.
If a person has your number in the contacts then your username and phone number are automatically merged together even if you were conversing to that person using your username from your perspective. That’s such a safety nightmare.
> Why would supposedly secure communicator use actual phone number as identifier is beyond me.
It's pretty simple - user friendliness and sign-up friction.
Signal's main market is not us HN user tech bros who want (pseudo)anonymity. It's main market is closer to regular people, the same people who are fine with using WhatsApp or Facebook messenger or whatever, with their phone number.
They also want it to be as easy as possible for new users to sign up. Simply enter your phone number and boom you have a signal account. With email the sign up process is not insanely difficult - but its still more steps than phone signup for the regular person.
Doesn't explain why _only_ phone numbers are (currently) supported. Having phone numbers as the default or even asking permission to import your contacts would have been fine-ish if it was also possible to register using another anonymous method like email...
One counterpoint to using phone numbers: In China mobile phone numbers are almost universally enforced as your digital identifier because it makes surveillance extremely easy for a government while making it relatively hard for platforms themselves. Registering for a phone number mandates an ID check at the point of the service provider. This means that with a phone number based login, (1) you can be largely anonymous to platforms as you can have > 1 phone number, (2) you have 2fa built in automatically, but also (3) that the government can easily figure out who owns what accounts because your accounts are directly linked to your phone(s) and your phone(s) directly to you.
It would be a great step forward if Signal moves towards alternate verifications that don't involve phone numbers...
Signal started off as a secure SMS replacement. Also, they mainly used numbers so they could leverage the social graph of phone contact lists. That way they didn't need to store any social graphs on their systems.
Keybase got it right before Zoom acquired them. They decoupled identities from your account data. Basically they allowed you to claim identities via a dozen or so different things they supported (email, phone, twitter, github, domain names, public pgp keys, etc.), and then prove that you owned it by posting some token, sending a message,. Which would then associate the identity with the account. The more identities you claimed, the stronger the proof that you were you.
Taking a new device into use was as simple as authorizing it from one of your existing devices. All the data would sync over and be encrypted with a device specific key locally. And you could disable that key from any of the other devices.
Too bad that company more or less failed. They never really figured out a business and the zoom acquisition looked more like an acquihire than a long term commitment to the product. But it's a good design that is worth copying.
Aren't Slack and Discord also tied to your email? I think HN and Reddit are better examples (although some dark patterns do push you towards associating with your email)
Spam protection is hard. Forcing to use phone numbers is a "easy" protection against spam. It's harder to get thousands of SIMs than thousands of usernames.
> I understand that startups are scared that they won't be able to build up userbase from scratch but come on! Discord and Slack did it.
I don’t use slack but the few times I tried to use discord it always said something suspicious was going on and asked me for my email (needless to say I immediately closed the window) I wasn’t using vpn, only my default ublock and Firefox built in track blocking.
Email is okay to me because you can actually own one.
Phone numbers though are terrible because they're tied to countries, their security depends only on your carrier, you can't run your own carrier to take it into your own hands, and sending SMS costs money. Also the underlying interconnection networks like SS7 aren't secure at all and rely on trust.
Unfortunately, you do not own your email address either.
TLDs are managed by governments or government-adjacent organizations. Domains are managed by the TLD manager. Email addresses are managed by the domain manager.
I've never had a phone number or a domain name taken from me, but I've heard of more cases of the latter than of the former.
I'm not sure if it's great. It just lets you communicate without endangering valuable resource that your phone number is.
> Can you send SMS to a regular number with this?
Why would it do that? Every phone has perfectly good sms app.
What would that even mean? Using sms as a transport layer? Or making messages passed through internet look like pseudo sms messages to someones phone number?
This is fine, but signal still doesn't tell you when the person you're sending to has uninstalled signal. Instead, your messages go into ether and you think the person is ignoring you. It blows my mind they haven't prioritized this. https://github.com/signalapp/Signal-Android/issues/11164
Applications can't determine when they're uninstalled. Or, not reliably anyway, and not while following platform guidelines. So the question becomes how to tell uninstalled vs left in a drawer, powered down, while on vacation.
They just have to tell you if a message isn't received after a day or two. This is already exposed via the check marks, so it's just something they have to amplify with a notification.
Or when you start writing a message to somebody, if they haven't read the last couple messages signal could make that obvious. Etc. Lots of easy fixes.
Yea, it seems like this is the most information they could give you without violating the addressee's privacy by revealing whether they have uninstalled the app. I suppose it could be worth it if, when the message remains undelivered for a while, Signal added an explicit note to that effect so the sender doesn't misunderstand.
Another pain point for me: when I send an SMS to someone, I expect to get replies on SMS not on Signal. Don't try to replace SMS. It's just really annoying to have half the conversation in the text messages app and the other half in Signal app.
It's been promised for years, but you still can't use a second phone as a linked/secondary device. As a result, it is literally impossible to have the same signal account on two iPhones. Since they already support using an iPad as a linked device, this would require little more than changing a flag and a recompilation. Maybe they have their reasons, but all they keep saying is 'soon'.
I think this is could be a rather complicated feature. It's easy if your second phone is just a linked device like iPad or desktop client, but I imagine this might be very confusing for users. Now you have two phones with signal installed, but one has fewer features and if you lose the main device, you're screwed. This is unexpected for most users.
On the other hand, if the second phone should have the same capabilities as the first one, key management suddenly gets extremely complicated. For instance, each device has to be able to revoke others; what happens if the revoked device had granted access to three other phones, are they revoked as well? Can a device revoke it's "parent" device? And so on. I imagine they avoid this while they can.
> but you still can't use a second phone as a linked/secondary device. As a result, it is literally impossible to have the same signal account on two iPhones.
That's not how that works. If you sign up for Signal with the same number on multiple iPhones, for example, only the last one will still be connected. The iPhone app only supports being the primary device. There can only be one primary device per account.
I stopped using Signal, along with my adult tech-oriented friends, when we all had bad experiences migrating our accounts to new phones. That plus the phone number requirement, intrusive contacts integration, and the weird crypto side projects killed my interest in Signal entirely. My friends and I use Discord now.
Discord is not end to end encrypted, and Discord, along with whoever buys them, will receive the complete plaintext message history of all of your conversations with those friends.
But for a lot of purposes, encryption really isn't that important. Most friend groups isn't a group of journalists and their sources discussing state secrets. The privacy from end-to-end encryption is a nice-to-have, but I'm not even sure if it's worth the inherent inconvenience for most friend groups.
Yup, and I don’t care. If I ever organize a protest I’ll do it on Signal, or another end-to-end encrypted platform. For daily banter I’ll use whatever a majority of my friends prefer. That’s currently Discord for the above-mentioned reasons.
So some algorithm somewhere will eventually try to parse five years of shitposts and memes between me and my friends and try to figure out what it can advertise to me based on it, I can't say I'm even mad
Can you explain this a bit more? Am I correct in understanding that you feel it hurts you when your contacts find out that you have signal installed, hence why signal shouldn't do it? What is the impact of someone who has your phone number knowing you are available over Signal?
Are there communities out there where someone being on signal is a red flag?
> What is the impact of someone who has your phone number knowing you are available over Signal?
Don't know about Signal, but Whatsapp does the same thing (advertise to your contacts that you have a whatsapp account) and I find it extremely offensive.
Context: I am an ardent anti-whatsapp activist, thus I don't have a whatsapp account. This activism has created quite a stir in my family and made a lot of people angry, yet I stick about it. I have forced many of my close family and friends to use a different communication channel with me, and I have lost the contact of quite a few acquaintances. When my dad died a few months ago, her wife needed to talk to me (and I needed to talk to her quite a lot). She was not really in the mood for listening to my techno-activism platitudes, and I was not in the mood to perform them, so I had to open a whatsapp account. Since all the people who I had forced to stop using whatsapp to talk to me would have felt alienated by this at this point, I needed to take a new phone number to talk to my stepmom via whatsapp.
This is a concrete example of why advertising the fact that I have a whatsapp account is an extremely annoying anti-feature. I'm sure there are similarly legitimate reasons for disliking the same feature in Signal. In any case, for a platform that has the privacy of users as one of its main tenets, this is a clear-cut case of anti-privacy feature. I can imagine reasonable people avoiding Signal precisely for this.
> Are there communities out there where someone being on signal is a red flag?
Absolutely. Outside of the tech industry, people have a "reason" for using Signal. My wife remarked one day that one of her coworkers (a plant operator) suddenly appeared on Signal. I mused that he is probably cheating on his wife. She found out a few weeks later that my hunch was correct.
Other people I've seen on it I've been able to deduce that they're using it for drug purchases (simply by process of elimination, nothing else made sense) even when I didn't already know they were into recreational drugs.
In some circles, Signal is used just for general conversation. But in most, it's not. So being on it is a pretty strong signal that you're doing something 'important' on it...and usually its easy for friends and neighbors to narrow down what that is.
There are subcultures that are not widely accepted where this is an issue. Take the furry subculture as an example. You might not want your family or college pals to see your furry profile picture and pseudonym, but you also might not be aware of the implications of using a messaging service where the primary ID is your phone number. Many people hand out their phone numbers permissively, as historically, they weren't very "personal" on their own - save for identifying your real name. For many people, having/juggling multiple phone numbers to maintain distinct identities is beyond their technical expertise and simply won't happen in most cases (especially on Telegram, where VOIP numbers are prohibited).
I don't know precisely how Signal does things, but I know this can be an issue on Telegram - and I assume they work similarly. I can see a lot of reasons folks might not be fans of phone-number-as-ID, especially when it alerts folks that you've joined, or gives folks who merely possess your phone number an easy way of viewing your profile details.
I think the first quality E2EE messaging service that provides users an alternative to phone-as-ID could give Telegram/Signal (not that the former is necessarily E2EE) a serious run for their money among privacy-conscious users and members of fringe communities.
Like people you don't want to have contact with but have your old number being remained that you exists and starting to annoy or harasser you again.
And pleas don't respond with "you could just block them" that not in line with how the psych of many, especially vulnerable people work.
Also pleas don't respond with "you can just change your number", for many people changing their number is hard which again for some vulnerable people can mean it's basically impossible.
Sure it's not a "my whole live will be messed up because of it" feature, but it easily can be very very unpleasant.
Like as an harmless example I know someone who completely changed their live and do not really want to have contact with anyone from their old circle of friends (not because of them being bad people, but because of the memories this includes). But they are to polite and insecure to outright block them, similar changing the number isn't an option for them. And guess what happened recently Signal told me: Hy person X joined Signal. I knew better then to contact them, but I wouldn't be surprised if this caused them quite a bit of distress/discomfort.
Anyway, I'm fine that people which have my number can write me over signal, or that their app knows when the number is changed, to warn if the old number is used and hint at you when you try to contact the old number. I'm not happy about Signal (and others) actively telling everyone "Hy this person did [join|change number]". It's unnecessary and for some people harmful.
Yeah, those announcements on Signal and Telegram are super-annoying and awkward.
You draw the attention of people with whom you have perhaps decided to let the relationship cool, and suddenly: "Hey, [YOURNAME] is here! Remember him? And how you have unfinished business? Why don't you message him right now?" :-(
This is outright ridiculous. I refuse to get into most "social" networks for this type of crap and now this practically confirms me I should never get into these crappy centralized IM networks.
How do you reconcile this with the ability to see, when you start to message someone, if they're using signal?
Can't a person who wants to know if you are on signal do so simply by starting a message to you?
Are you suggesting that simply making this less convenient on the client will somehow discourage someone who is determined to figure this out about you?
That's exactly what happen to my SO and I can see how this can be an issue to many people. The unexpected and unwanted convo with a particular person happen just because he had mobile number saved in phone's address book and despite of not giving Signal access to contacts, the presence of SO was announced.
That would be a really nice option now that you mention it. Like a "fresh start" where you could pick who can actually see that you're on signal especially with a new number/phone. Lots of people are often a negative in your life.
I never understood using phone # as a permanent ID. phone numbers change (heck, I effectively have 2 whatsapps, because I have a US phone # and an international phone # because of this).
ID shouldn't matter to most users (it can be hidden behind the scenes). Phone # is great for looking up the ID, but users should be able to remap it at will.
Example:
register with your phone #. This generates a new ID (you don't know or care about it). If you have to login from a new device, that doesn't have the ID stored, can you login with your phone #, but all this does is look up the ID and uses that ID to try and then authenticate you.
If someone wants to find you, they use the phone number to look up your ID. Once its looked up and mapped, the phone number never needs to be used again.
If I change my phone #, all I have to do is update the mapping of phone # -> id (i.e. add a new entry, remove the old entry). Anyone contacts who have me already, will not be bothered by this (they only care about the ID, which they already have). new "contacts" will also behave correctly, as I no longer have that phone #, so it shouldn't be able to be used to find me (it might be someone else's # now).
Users would be able to move phone #s and their existing contacts would be able to follow them. New telephone users would be able to get recycled old phone #s without getting messages from the old owner of number's contacts (assuming they had previously contacted).
the only places I see people think this might fall down (but I think are wrong) is
1) if the same user creates a new id with the old phone #. However, the solution seems pretty simple, you just need a way to invalidate the old ID (i.e. never to be used again) and force the contact to get the new id for the phone number.
2) what happens when a user moves devices. i.e. they might have to redo the mapping of phone # -> id. However. at its worst, this is no worse than the current system (which effectively does that update on every single message). In practice, there are ways to move data between devices which would just move the mappings with it (examples being a cloud cache backup, the ability migrate data from device to device, or probably other ways as well).
Readit News
Surely this is referring to the ability to use a non-phone number ID, which they've hinted at before [1]. Looking forward to that, only because I know many others are!
[1] https://www.reddit.com/r/technology/comments/kt91qk/comment/...
As I see it, there are three aspects to protected communication: privacy (no one sees what you're saying), anonymity (no one sees who's communication), and censorship prevention (no one can shut down communication). If we get strong anonymity in Signal then that is 2/3 and would be a great leap forward for free speech _everywhere_. I expect censorship prevention to be the hardest of these to tackle, even with decentralization.
[0] https://www.reddit.com/r/signal/comments/skoaf6/poll_why_do_...
[1] Yes, I realize there are issues with the poll. Polling is hard.
Quite a bit of code related to usernames has already been checked into Signal. Here's the username regexp and the method that checks if a username is valid: https://github.com/signalapp/Signal-Android/blob/a5e5a735800...
They are promising this for years and years, I hope this time is real. Specially if we don't need a phone number to create an account: that's just incompatible with privacy.
If a person has your number in the contacts then your username and phone number are automatically merged together even if you were conversing to that person using your username from your perspective. That’s such a safety nightmare.
And everybody does that, either phone number or email.
The only software I could find for anonymous communication was old Polish communicator http://gg.pl which uses arbitrary numbers as identifiers
I understand that startups are scared that they won't be able to build up userbase from scratch but come on! Discord and Slack did it.
It's pretty simple - user friendliness and sign-up friction.
Signal's main market is not us HN user tech bros who want (pseudo)anonymity. It's main market is closer to regular people, the same people who are fine with using WhatsApp or Facebook messenger or whatever, with their phone number.
They also want it to be as easy as possible for new users to sign up. Simply enter your phone number and boom you have a signal account. With email the sign up process is not insanely difficult - but its still more steps than phone signup for the regular person.
One counterpoint to using phone numbers: In China mobile phone numbers are almost universally enforced as your digital identifier because it makes surveillance extremely easy for a government while making it relatively hard for platforms themselves. Registering for a phone number mandates an ID check at the point of the service provider. This means that with a phone number based login, (1) you can be largely anonymous to platforms as you can have > 1 phone number, (2) you have 2fa built in automatically, but also (3) that the government can easily figure out who owns what accounts because your accounts are directly linked to your phone(s) and your phone(s) directly to you.
It would be a great step forward if Signal moves towards alternate verifications that don't involve phone numbers...
They just wanted to piggyback on already existing network of people contacts.
Standard startup "growth hack".
Taking a new device into use was as simple as authorizing it from one of your existing devices. All the data would sync over and be encrypted with a device specific key locally. And you could disable that key from any of the other devices.
Too bad that company more or less failed. They never really figured out a business and the zoom acquisition looked more like an acquihire than a long term commitment to the product. But it's a good design that is worth copying.
Decentralisation and all that - again, other people.
I remember looking into this a few years back and the only issue I found was that the company that owns it now itself wasn’t entirely trustworthy.
Spam protection is hard. Forcing to use phone numbers is a "easy" protection against spam. It's harder to get thousands of SIMs than thousands of usernames.
I don’t use slack but the few times I tried to use discord it always said something suspicious was going on and asked me for my email (needless to say I immediately closed the window) I wasn’t using vpn, only my default ublock and Firefox built in track blocking.
Phone numbers though are terrible because they're tied to countries, their security depends only on your carrier, you can't run your own carrier to take it into your own hands, and sending SMS costs money. Also the underlying interconnection networks like SS7 aren't secure at all and rely on trust.
TLDs are managed by governments or government-adjacent organizations. Domains are managed by the TLD manager. Email addresses are managed by the domain manager.
I've never had a phone number or a domain name taken from me, but I've heard of more cases of the latter than of the former.
> Can you send SMS to a regular number with this?
Why would it do that? Every phone has perfectly good sms app.
What would that even mean? Using sms as a transport layer? Or making messages passed through internet look like pseudo sms messages to someones phone number?
Or when you start writing a message to somebody, if they haven't read the last couple messages signal could make that obvious. Etc. Lots of easy fixes.
I found out many months later when we ran into each other by chance that they don't use Signal anymore and my messages had gone to a blackhole..
On android it easily replaces messages app and you do all messaging, SMS and signal in one chat.
Complain to Apple. Not to Signal.
On the other hand, if the second phone should have the same capabilities as the first one, key management suddenly gets extremely complicated. For instance, each device has to be able to revoke others; what happens if the revoked device had granted access to three other phones, are they revoked as well? Can a device revoke it's "parent" device? And so on. I imagine they avoid this while they can.
Quite a workaround, but should work ;-)
I use my google voice number on multiple phones.
Almost never is this true, even on small projects, which Signal is definitely not.
I have only a handful of people that know and we negotiated that face to face prior, Signal breaks that trust
Are there communities out there where someone being on signal is a red flag?
Don't know about Signal, but Whatsapp does the same thing (advertise to your contacts that you have a whatsapp account) and I find it extremely offensive.
Context: I am an ardent anti-whatsapp activist, thus I don't have a whatsapp account. This activism has created quite a stir in my family and made a lot of people angry, yet I stick about it. I have forced many of my close family and friends to use a different communication channel with me, and I have lost the contact of quite a few acquaintances. When my dad died a few months ago, her wife needed to talk to me (and I needed to talk to her quite a lot). She was not really in the mood for listening to my techno-activism platitudes, and I was not in the mood to perform them, so I had to open a whatsapp account. Since all the people who I had forced to stop using whatsapp to talk to me would have felt alienated by this at this point, I needed to take a new phone number to talk to my stepmom via whatsapp.
This is a concrete example of why advertising the fact that I have a whatsapp account is an extremely annoying anti-feature. I'm sure there are similarly legitimate reasons for disliking the same feature in Signal. In any case, for a platform that has the privacy of users as one of its main tenets, this is a clear-cut case of anti-privacy feature. I can imagine reasonable people avoiding Signal precisely for this.
Absolutely. Outside of the tech industry, people have a "reason" for using Signal. My wife remarked one day that one of her coworkers (a plant operator) suddenly appeared on Signal. I mused that he is probably cheating on his wife. She found out a few weeks later that my hunch was correct.
Other people I've seen on it I've been able to deduce that they're using it for drug purchases (simply by process of elimination, nothing else made sense) even when I didn't already know they were into recreational drugs.
In some circles, Signal is used just for general conversation. But in most, it's not. So being on it is a pretty strong signal that you're doing something 'important' on it...and usually its easy for friends and neighbors to narrow down what that is.
I don't know precisely how Signal does things, but I know this can be an issue on Telegram - and I assume they work similarly. I can see a lot of reasons folks might not be fans of phone-number-as-ID, especially when it alerts folks that you've joined, or gives folks who merely possess your phone number an easy way of viewing your profile details.
I think the first quality E2EE messaging service that provides users an alternative to phone-as-ID could give Telegram/Signal (not that the former is necessarily E2EE) a serious run for their money among privacy-conscious users and members of fringe communities.
Let people decide for themselves what in their lives is OK to share with others. You don't need to know the reason why.
And pleas don't respond with "you could just block them" that not in line with how the psych of many, especially vulnerable people work.
Also pleas don't respond with "you can just change your number", for many people changing their number is hard which again for some vulnerable people can mean it's basically impossible.
Sure it's not a "my whole live will be messed up because of it" feature, but it easily can be very very unpleasant.
Like as an harmless example I know someone who completely changed their live and do not really want to have contact with anyone from their old circle of friends (not because of them being bad people, but because of the memories this includes). But they are to polite and insecure to outright block them, similar changing the number isn't an option for them. And guess what happened recently Signal told me: Hy person X joined Signal. I knew better then to contact them, but I wouldn't be surprised if this caused them quite a bit of distress/discomfort.
Anyway, I'm fine that people which have my number can write me over signal, or that their app knows when the number is changed, to warn if the old number is used and hint at you when you try to contact the old number. I'm not happy about Signal (and others) actively telling everyone "Hy this person did [join|change number]". It's unnecessary and for some people harmful.
You draw the attention of people with whom you have perhaps decided to let the relationship cool, and suddenly: "Hey, [YOURNAME] is here! Remember him? And how you have unfinished business? Why don't you message him right now?" :-(
Can't a person who wants to know if you are on signal do so simply by starting a message to you?
Are you suggesting that simply making this less convenient on the client will somehow discourage someone who is determined to figure this out about you?
But who knows, the private contact discovery is quite magical so maybe there’s a way….
https://signal.org/blog/private-contact-discovery/
I use a virtual number for Signal and any such services, and it's a different virtual number than the one I give to humans.
On the other side of associating me with people, I'm also looking for an Apple iOS update that lets me upload just some contacts, when an app asks.
Deleted Comment
ID shouldn't matter to most users (it can be hidden behind the scenes). Phone # is great for looking up the ID, but users should be able to remap it at will.
Example:
register with your phone #. This generates a new ID (you don't know or care about it). If you have to login from a new device, that doesn't have the ID stored, can you login with your phone #, but all this does is look up the ID and uses that ID to try and then authenticate you.
If someone wants to find you, they use the phone number to look up your ID. Once its looked up and mapped, the phone number never needs to be used again.
If I change my phone #, all I have to do is update the mapping of phone # -> id (i.e. add a new entry, remove the old entry). Anyone contacts who have me already, will not be bothered by this (they only care about the ID, which they already have). new "contacts" will also behave correctly, as I no longer have that phone #, so it shouldn't be able to be used to find me (it might be someone else's # now).
Users would be able to move phone #s and their existing contacts would be able to follow them. New telephone users would be able to get recycled old phone #s without getting messages from the old owner of number's contacts (assuming they had previously contacted).
the only places I see people think this might fall down (but I think are wrong) is
1) if the same user creates a new id with the old phone #. However, the solution seems pretty simple, you just need a way to invalidate the old ID (i.e. never to be used again) and force the contact to get the new id for the phone number.
2) what happens when a user moves devices. i.e. they might have to redo the mapping of phone # -> id. However. at its worst, this is no worse than the current system (which effectively does that update on every single message). In practice, there are ways to move data between devices which would just move the mappings with it (examples being a cloud cache backup, the ability migrate data from device to device, or probably other ways as well).