Wire (http://wire.com) does not need a phone number (register with email on a desktop browser at http://app.wire.com, then login to mobile) and does not need a copy of your contacts. Supports text, image, files, audio, video. E2E encryption is based on Signal protocol. Funded by Skype founder.
> 5.1 Account ... You agree that if you give the App permission to access your address book, anonymized phone numbers and emails from the address book will be uploaded to the Service for the purpose of connecting users.
I just posted a sibling comment to the GP: At least in August it wasn't optional and happened automatically on Android, unless you were running M: The permissions requested during installation (contact access, to even have a way to offer this feature) of the app were exercised without asking for further consent and your contacts were shared with their server unconditionally.
There'a a on/off switch to share contacts under Wire Settings/Options and it's off by default at installation, (it was at the end of August when I started using the service).
Don't know though if the app asked for permission to access contacts like it should, since I don't have any device with M.
This is from the Privacy whitepaper how they manage the data shared [1] :
> Address books are uploaded to backend servers if users grant client applications
access to their contacts. Each address book entry is first normalized, i.e. phone
numbers are ensured to be in E.164 form. Entries are then hashed (using SHA-
256) and base-64 encoded before being transmitted to the server.
No other information, such as names, addresses, birthdates, notes, etc. are
extracted from the address books.
Address books are checked for changes every 24h by clients and changes are
uploaded again.
Uploaded address books are used to match users on Wire, i.e. to suggest new
contacts and to automatically create connections between users (see section 2.2).
The matching algorithm creates connections between users who have each others
e-mail address or phone number in their address book.
Interesting. That implies that they changed that behavior in less than a month after I opened a ticket, which is actually very nice to read.
Tried it on Pre-M and M, it worked correctly on M ("Wants to access your contacts" -> Denying didn't harm the app). For Pre-M it was as I described above: Opt-out (and worse, they have/had no way to remove contacts, at all) instead of opt-in.
I appreciate the update though - will look into Wire again these days.
> There'a a on/off switch to share contacts under Wire Settings/Options and it's off by default at installation, (it was at the end of August when I started using the service).
Oh, thanks that's good to know. And impossible to find out without just installing the app.
> Entries are then hashed (using SHA- 256) and base-64 encoded before being transmitted to the server.
This signals that they care about privacy, but it doesn't really provide much protection against someone who wants to break it. Maybe it's just about keeping honest people honest. It would be very straightforward to dictionary attack the un-salted hash. Using a password cracking program like HashCat, you could probably recover most of the numbers in a few hours.
Wire uploads your contacts to their service by default (on Android before M, because you nodded at the installation or something). No post installation popup asking you if you want to share them. (August 2016)
Wire has not even a way to remove contacts. I'm not kidding. After the faux pas above I had random 'Wire contacts' that it discovered for me, based on a combination of 'in my address book' and 'in their address book'. You cannot unfriend/remove those, at all. Talked to their support and they actually confirmed that (4th of August, doubt that it changed) you can only _block_ users.
Blocking != removing. If "random ex-coworker" comes up in my list, I might want to remove the contact without blocking the person. One's "Don't care about this contact" vs "This contact has no place in my life".
Bringing Wire up as a decent example for contact handling therefor seems .. strange.
I use Apple iOS, where the operating system allows users to default deny contact access to all apps, with explicit whitelisting from Settings. Wire worked perfectly without access to my contacts on iOS. Signal refused to work without contact access, when iOS prevented Signal from accessing contacts.
I am sorry to hear about your Android experience, but I abandoned that platform long ago because of confusing management of per-app permissions, along with Google's penchant for data collection. Wire users on Android should try to get Wire developers to improve the control options on that platform, they usually respond within a few days to support requests.
I almost bought a separate iOS phone just to run Signal without access to contacts. Since Wire came along, that is no longer necessary and I can use Wire without a phone number.
And Wire is multi-platform with multi-device sync (like Telegram, except that on Wire all messages are E2E encrypted, not just secret chats), which Signal does not provide in a similar way.
I still use Telegram for the most part, Wire for some, and Signal the least - this is mainly due to the user experience, feature set and speed of message delivery.
Wire [1], which I've been trying for the past few months, seems so. It's quite rich in its feature set compared to Signal, all messages are E2E encrypted and provides multi-device sync and multi-platform support.
The phone requirement is beyond ridiculous. How did Signal get the reputation it enjoys in the tech community anyway?