“We’re aware of reports that access to Signal has been blocked in some countries,” Signal says. If you are affected by the blocks, the company recommends turning on its censorship circumvention feature. (NetBlocks reports that this feature lets Signal “remain usable” in Russia.)
So it knows about all metadata, plus registration with phone number, etc. got it.
you conveniently leave out how you need to use the client built by Signal, with dependencies from Google Services and the like, and you can’t use one built from the source they provide. Which at that point means they can introduce whatever they want in whichever version.
Decentralisation is the only safe way.
Metadata is encrypted on the client-side using Signal’s sealed sender implementation. The client also removes as much metadata as possible. All of this is open-source and happens in the client application.
Signal doesn’t store phone numbers. It derives a user id from your phone number along with other parameters. It’s in the open-source server code, you can check it out yourself.
No you don’t. I myself use a fork of Signal called Molly.
Not true again. You don’t need to use the official binary that includes Google libraries. These aren’t required for the app to function. You can use Signal-FOSS or Molly-FOSS, and it works just fine.
If this was true, forks like Signal-FOSS or Molly wouldn’t exist.
Stupid conclusion, because all of your previous points are false
Stop spreading false information, focus on the facts.
You can use reproducible builds to verify that the provided clients are the result of the source code and you can also use alternative clients like Molly