It could be said but with Signal the peer-reviewed audits and recent attempts by government to gather user data from its servers show that they collect the bare minimum metadata possible. Signal also doesn’t have reproducible builds except for android. You can’t signup anonymously or add a contact without trusting a centralized server. if you want to avoid this, choose something that offers E2EE by default, strong metadata protections, doesn’t require a phone number/data plan and that is audited and well documented and within reach of anybody even the technically unsavvy. The infrastructure of most services you use can be reverse engineered and backdoored but with Signal they make sure they collect no raw messages or other PII that can be used by government or state actors. Only the signup timestamps and last message timestamp are collected.
1 Like