Can we agree that for privacy/security we want: free and open source software on both the server & client side, end-to-end encryption without server having keys, audited software/crypto-algorithms, ergonomic software/interfaces?
Granted that nothing seems to properly address all these. Even though Signal “has” a desktop client it is not really functional in my experience. And agreed that Signal has significant ergonomic issues (though increasingly improved).
Why would you not want end-to-end encryption on by default? Clearly noobs have been confused thinking they were having encrypted sessions when they weren’t. Furthermore increased properly encrypted traffic in general makes it harder for malevolent agencies to sift man-in-the-middle signal from noise.
Re signal being run by someone hostile to F-Droid…can you elaborate as I don’t know anything about this? Doesn’t sound like Moxie.
Telegram seems like a joke for security, e.g. https://www.reddit.com/r/privacytoolsIO/comments/6r655i/telegram_isnt_safe/ or https://cs.au.dk/~jakjak/master-thesis.pdf It seems like cryptographers are shitting on Telegram because Telegram devs seem to not know what they are doing (marketing aside). I can’t understand why it is being marketed as privacy/security focused. “We promise to open source everything” as per their FAQ is just absurd and offensive from a FOSS/security perspective. Would this site exist if Purism said that? There is a reason why “trust, but verify” is a ubiquitous mantra.