I currently use Telegram for my friends and family, but have reluctantly come to the conclusion that the UK Government is either reaching agreement for backdoors with messaging services, or is trying its hardest to.
I’m also on Element/Matrix. Before I try to get my contacts to join me on there, should I be aware of any privacy issues or is that a good place to head?
At least (to my knowledge) the Signal messages are decrypted on the client end, so buying the company doesn’t give them automatic access to messages.
Having said that, I’m sure a hostile new owner could update the app to decrypt and then send the messages as plaintext to the servers if they wanted…
Well, you can still insert client side decryption into the app.
But it isn’t really about the messages, it is about the control of the servers and the accounts. You cannot easily move away from their servers, because you will lose your contacts. This gives the people controlling the servers power over you. A sort of vendor lockin.
In the 1990s US ISPs would “give you” an e-mail account with their service: you@isp.com. Of course, this is insta-lockin for that e-mail address, you can never port it.
Owning your own domain name and running e-mail service through that worked, for a few years, but the big players have made whitelist / blacklist such a frustrating whack-a-mole game in the e-mail space that running your own e-mail server quickly became impractical.
That’s why all clients are fully open-source. You can also use a fork like Molly.
AFAIK, Signal does not want anyone to use alternative clients, has that changed?
As far as I know moxie, signals lead dev, considers only the use of the officially build and distributed client authorized to use their servers.
So if they ever manage to detect someone using their services with an alternative client, they might delete your account.
https://techcrunch.com/2016/11/07/signal-app-maker-rebuts-criticism-of-dev-direction-by-calling-for-more-community-help/