More specifically and also generally than this related question, I'm curious about the privacy implications of prominent secure messaging apps (marketing themselves as protecting users' privacy) requiring identification via a phone number.

Signal, Telegram and TextSecure are the top-rated EFF secure messaging apps, earning green checkmarks in all categories. Yet all three require you to sign up with a phone number. The are two common reasons given for this:

Ease of use - I understand a phone is the easiest physical second factor to obtain, and there's certain value in making privacy and security available to the less computer-savvy, but it's not like usernames are "complicated" - we've had more than a decade of username-based messaging apps like AIM, Yahoo! Messanger, and even the current Google Hangouts. Preventing abuse and spam - again not really an issue. To prevent abuse, the messaging services could use strong CAPTCHAs. SIM cards are 50 cents a piece, and that's after about a minute of searching on the US eBay. They're probably far cheaper in Asia or on the darkweb, and are routinely used to attempt to defraud various services that offer promos (e.g. free ride/delivery) to first-time users. However, messaging apps don't really offer high-value services. Also, it's easier to mass-IM all phone numbers in a range, offering geographic targeting even (by phone area code) than randomly generate user IDs (albeit I'd feel sorry for early adopters like joe and sam ).

I still don't understand why all these apps don't offer an option to just create a username, without ties to a tracking device the user carries in their pocket. (Note that many services specifically prohibit signing up with VoIP numbers like Google Voice, and ban free SMS verification services.)

Anyway, given that it seems we're stuck with secure messaging apps using the user's phone number as the identifier, what are the security and privacy implications of this? I see,

Oppressive regimes can block services that rely on registration connected to the telecom infrastructure of a country. Iran apparently has just done this to Telegram. A highly increased risk of phone account hijacking, and hence complete account takeover and impersonation (which can be trivially used for example to lure a whistleblower into the hands of violent regimes) Since SMS traffic is collected by the NSA to the tune of 200M texts a day (in 2014), any user receiving an authentication code via SMS from these "secure" messaging systems will very likely be flagged. Signal confirmed that it's possible to determine an SMS user is a Signal user, by design. Blatant exposure of relationships between users via metadata. Prof. Kieran Healy wrote an excellent story showing how metadata (here, belonging to a group that meets, vs. the content of the meeting) can be used to identify key individuals - Using metadata to find Paul Revere. This means that if I Signal about something completely innocuous with an individual I had no idea was on a watchlist, I could very well be associated with them as a suspect. In that case, I'd prefer my communication were not encrypted, so it would be visible that I'm not talking to the suspicious identity of the individual. Yet phone-number based secure messaging apps will do just that - associate my identity with that the of the suspect. Your phone number inevitably is leaked to the other party. You don't generally want that when posting a classified or dating ad - which is why the popular messaging platform in these sensitive situations is not a secure messaging app, but Kik, which lets you create a username.

As an innocent individual, it seems phone number-based secure messaging apps might bring more concern than security, due for example to the very real possibility of mistakenly ending up on a terrorist watchlist, or being flagged for the sole reason that you're using technology that was advocated in extremist forums.

Where am I wrong? What have I missed?