Could you provide documentation of that version of how Signal operates? You can see the links from Signal and Matthew Green that I supplied.
> I'm talking about contact-discovery, wherein the client regularly sends (hashed versions of) all the phone numbers from your contacts (if you've shared them with the app) to Signal's servers
If they are hashed, why do you need to trust anyone?
Note it relies on SGX for privacy. (Anything they did earlier may have involved even more trust of Signal Inc's servers.)
Hashes across the (tiny!) space of all phone numbers are easy to reverse via brute-force.
But also, again: how do you think Signal is able to notify you when any phone number in your contacts – even if you're not in theirs! – first joins Signal?
> I'm talking about contact-discovery, wherein the client regularly sends (hashed versions of) all the phone numbers from your contacts (if you've shared them with the app) to Signal's servers
If they are hashed, why do you need to trust anyone?