Signal introduced usernames earlier this year. See here for a discussion on this forum about it.
My question is, is it safe to publicly reveal a Signal username?
Would it just attract spam, or are there also privacy or security issues? What else could go wrong? Would you feel safe to publicly reveal your Signal username? Are there certain threat models where revealing one’s Signal username is dangerous?
I reveal my Signal username. I’ve got 1 spam message so far (and I think phone numbers might be the more major factor in attracting spam). It could tie your account to your real-life identity, but that’ll depend on how careful you are in your other usage (groups, etc.).
Should be fine unless perhaps you have the highest level adversaries.
If you get spammed just change your username.
All depends on what you want. Anyone will be able to message you but that might be desirable. Other than that there shouldn’t really be any privacy issues.
Absolutely. It’s not necessarily something the average person needs to worry about, but WhatsApp was a vector for infecting users with the Pegasus spyware. Signal does little hardening to prevent similar exploitation. Every opportunity an untrusted party has to communicate with your device adds to the overall attack surface.