That's definitely bad for privacy, is there a workaround that can be deployed or it's infeasible with its current architecture?

It's the whole point of hole punch so I think working around it means not using it

Wait, really?🤣

Not exactly as data usually relays, but use a VPN if you are worried. Tbh people that raise this point are you not worried about other apps too? and already use a VPN? Also are you not concerned ips are not being logged at the network level up stream from signal because that is literally what the NSA does

There has been discussion to add ways to hide your IP in keet in future like onion routing

I'm sorry I thought hole punching bypasses VPN but apparently it doesn't.

You can use split tunneling if you want anything to bypass a vpn Hole punching is for opening ports thru nat and firewalls

I can't completely visualize how it works with a VPN in the middle, or whether the VPN provider needs to (not) do anything to allow it to work. i just need to try it out.

in the privacy sections of settings is a toggle for indirect calls. Routes them over signal servers

The VPN just relays all your traffic including keet, keet is designed so you don't need to do anything for it to work, if you did it would be too difficult for people to adopt Keet has a process of hole punching to make connections which is the key to its success and why they named the company holepunch This is a great video on the tech and hole punching There is connections that are more compatible with keet and they show as green in the keet profile page, there is yellow connections which require other peers to help but obviously still work