But wait – it gets much, much worse
As I was finishing up the above post, I noticed something a little strange in the code – something I’d glossed over earlier. There are a ton of references to what looks to be functions related to Google’s #Firestore database.
No messaging platform exists where zero metadata exchange will happen, and the only way to reduce metadata exchange is via centralisation. Federated platforms by design will leak a lot of metadata. It is only for developers and users to decide what is acceptable.
It’s not about metadata exchange, but metadata exposure.
Two of those platforms use self-hosted node servers. Behind a VPN with multiple customers, this is virtually untraceable. And certainly far less easily traced than by giving away your cell phone number to a company.
This is why I said it is for developers and users to decide what is acceptable. The sensitivity of what you are doing, and the required threat model, determines what elements are acceptable to leak.