To use Signal, you need a phone number. That has been true since Signal launched, and despite years of requests from privacy researchers and users, it remains true in 2026. Signal added usernames in 2023, but phone numbers are still required for registration — you just have the option to hide yours from contacts who don't already have it.
This seems like a small thing. It's not. A phone number is one of the most identity-linked pieces of information in the modern world, and building an encrypted messaging identity on top of one creates problems that no amount of cryptographic sophistication downstream can fix.
What a Phone Number Actually Is
A phone number is a government-licensed identifier issued by a carrier. In every country with functional telecommunications regulation, carriers are required to collect and retain subscriber information: your legal name, address, and payment details. This information is available to law enforcement through standard legal process — subpoenas that carriers routinely comply with, often without notifying the target.
When you register with Signal using your phone number, you create a direct link between your encrypted communication identity and your carrier subscriber record. The contents of your Signal messages may be invisible to everyone except your recipients. The fact that you use Signal, and the phone number associated with your Signal account, is not.
When served with a subpoena in 2016, Signal responded that the only data they could produce was "the date and time a user registered for Signal and the last date of a user's connectivity to the Signal service." They could not provide message contents or contact lists. That's a strong result — but note what was producible: registration timestamp, and connectivity dates. Both tied to a phone number.
The SIM Swap Problem
Phone number ownership is more fragile than most users assume. SIM swap fraud — where an attacker convinces a carrier to transfer your phone number to a SIM they control — is a documented, recurring attack vector. Carriers have improved their defenses, but it remains viable enough that security researchers continue to treat phone numbers as weak authentication factors.
If an attacker SIM swaps your number, they can re-register Signal with your number, destroying your existing Signal identity and potentially accessing any accounts that use Signal for SMS-based two-factor authentication. Your encrypted message history is gone (it's local, not backed up to Signal's servers), and the attacker now controls your Signal identity going forward.
This is a less exotic attack than it sounds. High-profile SIM swap cases have targeted journalists, cryptocurrency holders, and political activists. The attack scales with motivation — if someone wants your phone number badly enough to call your carrier's support line with the right social engineering script, they may get it.
Contact Discovery Leaks Your Social Graph
Signal has done significant work on contact discovery — the process by which your contacts are matched to Signal users without revealing your full contact list to the server. Their current implementation uses Oblivious RAM and secure enclaves to minimize what Signal learns about your contact graph.
This is genuinely impressive engineering. But the underlying issue remains: contact discovery works by matching phone numbers. When you open Signal, it checks which of your contacts' phone numbers are registered Signal users. Your social graph is encoded in those phone numbers. Even with secure enclaves, Signal must receive your hashed phone numbers to perform discovery. The metadata structure of who you communicate with, derived from phone-number-based identities, remains a privacy consideration that the cryptography cannot fully eliminate.
The Professional and Activist Use Case
For journalists protecting sources, activists in high-risk environments, or anyone whose real-world identity is relevant to an adversary, the phone number requirement is a functional barrier to using Signal.
Work-arounds exist: prepaid SIMs purchased anonymously (increasingly difficult in many jurisdictions), VoIP numbers (many Signal-like services reject them), or burner phones. These add operational complexity that undermines the whole point of using an accessible, widely-adopted secure messenger.
Signal's own recommendation for high-risk users includes a note from the EFF's Surveillance Self-Defense guide suggesting that users consider the phone number trade-off carefully. The advice to journalists and activists from most security trainers is: use Signal for the cryptography, but understand that the phone number creates an identity linkage that Signal cannot protect.
What Email-Based Identity Offers
An email address is not a perfect alternative identity anchor. It also carries metadata — registration information, IP addresses used to access it, and potentially real identity links if you use a commercial email provider.
But email addresses have properties that phone numbers don't:
- You can create them without government-licensed infrastructure — no carrier, no SIM, no physical address required at registration for most providers
- They are not tied to a single device in the same way — a SIM swap cannot transfer an email address
- Multiple addresses are trivial to manage — phone numbers are one-to-one with people in a way that email addresses are not
- They work as identifiers across email and chat — one identity for both communication modes
Haven uses an email address as your identity. Your Haven address (username@havenmessenger.com) is your contact point for both encrypted email from any PGP-compatible client and encrypted MLS chat with other Haven users. There is no phone number in the architecture.
The Right Tool for the Right Threat Model
This isn't an argument that Signal is bad. Signal is excellent software built by people who genuinely care about privacy, and for most people in most situations, it's a significant improvement over iMessage, WhatsApp, or Telegram.
The argument is that the phone number is a meaningful limitation that shapes what Signal can protect and for whom. If your threat model is "I don't want a corporation reading my messages," Signal handles that. If your threat model includes "I don't want my identity as a Signal user to be linkable to my real-world identity," Signal's architecture makes that much harder to achieve.
Understanding what tool you're actually using — and what it does and doesn't protect — is the foundation of good operational security. Signal is an excellent tool for one set of use cases. For users who need identity separation between their communication and their real-world identity, the phone-number requirement is a fundamental constraint that no update to the app's cryptography can fix.