Someone made a compilation of academic reviews and blogposts here: https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243 but none of them seem to be real security audit reports, ex. compare with real security audits to Delta Chat: https://delta.chat/en/help#security-audits
You can always look at their history “complying” to government orders to hand over user data.
https://signal.org/bigbrother/
No company is going to break the law for you, so live tests seem about as good as a security audit.
IIRC by US law they are not allowed to disclose requests from US gov itself
I would rather prefer real security audits
I would also prefer a server in a jurisdiction that I choose as suitable for my needs. Or, better, a mini-computer on my balcony.
If you and your contacts are all Android, you can Use Briar. It has no central servers and all traffic go through Tor. Open Source and on Fdroid and recommended by privacyguides.org
Yeah, true - I have this installed but inactive for emergencies. It cannot, however, deliver messages when the recipient is offline, and I don’t know how much it drains the battery if left on. So not sure I’d use it as a daily messenger.
A security audit would be great, but their most recent request was from Santa Clara county, and several previous ones are also from US jurisdictions. You can read about the content of what they were able to provide to the courts.
They’re obviously private. And if you’re concerned about the app, use the fork Molly.
I guess I don’t see what more a security audit would reveal that we couldn’t deduce by examining the code or real-life examples.
deleted by creator
I only talk quietly in loud rooms, can’t trust Signal.
I only talk a mixture of Cantonese Mandarin and English in the Style of Shakespeare