Why do people assume Signal messenger isn't spying on you? Yes, it has open source code, yes it uses end-to-end encryption. But we can't check which code runs in the version from Google Play or the App Store. And also their APK (IPA) build process is essentially a black box, it doesn't use GitHub Actions or some other transparent build system. I also heard from Techlore that they add a proprietary part to the apk to filter bots. The only thing I can assume is that people scanned the traffic coming from the app (Android), phone (iOS) and checked whether encryption keys were being sent to Signal or not. But it seems to me that this can be also circumvented. What do you think?
P.S.
I myself use Signal to communicate with relatives and friends. Definetly not a hater.
Never really thought much of Techlore (no offense if you see this, but to be honest I haven't even thought to click on a single one of your videos, sorry)...
I use the APK directly from the site and I haven't heard of this build situation, etc. I also think we could think the same about many other private chat apps --- are they really keeping their promises?
My gripe with Signal is that it still needs that phone number to onboard. I know about the forks, and I even used Pigeon on the Punkt phone. Now that Moxie has stepped down from his role at Signal, things may change again.
I guess the best you could get is something like Session or Briar right now? XMPP?
I live in France, and another problem is rearing its head: asking to ban or weaken encryption in the name of national security.
They care about protecting user data at least, and they have made attempts to keep some of the giants in check. Threads™ isn't available here yet because of these laws. So with one hand they give us some pretty awesome rights and protection, and with the other they are spying quite a bit.