@@ -146,6 +146,7 @@ If you are currently using a proprietary chat app, something without any encrypt
* *It requires the installation of Google Play*. If you already have Google Play installed on a stock Android OS then this doesn't increase your security problems, but for other more secure Android variants it's a massive increase in attack surface.
* *It depends entirely upon the Google message pushing system*. That means that Google /at least knows who Signal messages are being sent to and may be able to infer the rest via your (insecure) Android phone contact list or via timing correlation of alternating deliveries/. Remember that for an adversary metadata in aggregate is much better than having the content of messages. At any time Google could decide that it doesn't want to support Signal, or in adverse circumstances they could be leaned upon by the usual agencies or government cronies.
* *Their privacy policy indicates that they will give whatever server data they have to third parties* under some conditions. Of course this is always claimed to be /for the very best of reasons/ - such as combating fraud - but once that sort of disclosure capability exists it may be abused without you ever knowing about it.
* *Forking isn't really an option*. A fork was tried, but Moxie got annoyed when it still used his server. At the same time the level of interest in federating the server is not detectable with our best intrumentation, and is suspected to be negative. That's a catch 22 which effectively means that independent implementations of Signal will always leave some users unable to communicate with each other.
To give credit where it's due Signal is good, but it could be a lot better. The real solution for private chat is to run your own XMPP server, as you can with Freedombone, or to have someone within your community do that. /There is no substitute for a decentralised solution which is within the control of your community/.
* What is the most secure chat app to use on mobile?
