DireMunchkin on Nostr: nostr:note1v2cwxvtx97y3aczglugqs7j658udffspel00f2h5z5szqw8wunasgwller

quoting note1v2c…ller

The actual E2EE conversations are secure: The encryption is Open Source and well audited, and the apps have reproducible builds on all platforms were that's possible. If anybody claims Signal can read your messages that's BS IMO.

That said, Signal have copped some criticism that they still need a phone number for sign up. IIRC they said want Signal to be a drop in replacement for WhatsApp and to have easy onboarding via SMS. But the paranoid take would be that it's also a easy metadata id for everyone on the app, so you can see who is talking to who, even if you don't know what they're saying.

Personally I'm fine with the tradeoff for being easy to use and normie friendly though. Like, if you are personally targeted by a alphabet agency it's probably not safe for you to use a phone at all regardless of what app you're using.

If you're really concerned about this you can switch to SimpleX, but personally I feel like that's overkill in most people's threat model. Just don't go to Telegram instead, they cast a lot of FUD on Signal's security even though they're worse in every way.