KeepassXC is encrypted locally with no public servers :)

Are there really people out there not using a password manager in current year?

On one hand, those posts were way out of line as a professional representative of a company talking to one of their employer’s clients.

On the other hand, fuck Nic Chiallan for repeatedly threatening legitimate critics of the US Government with “DoD Lawyers” for using their protected first amendment rights. That’s actual government tyranny, or at least a pathetic attempt at such.

That information is easily found with a web search, so there is no need to cast aspersions. It’s funded by Brian Acton’s “activist” funding (interest-free loans of $100 million+ total to Signal Foundation over the years). I’d guess Acton used it as a huge tax write-off the year he sold WhatsApp to Facebook.

Other revenue sources include voluntary user donations and grants from many free press organizations whose members rely on Signal. Some years they report positive net income, and other years they report negative.

Signal Foundation tax forms, which list all general revenue sources: https://projects.propublica.org/nonprofits/organizations/824506840

What Signal says about how they operate: https://signal.org/blog/signal-foundation/ https://signalfoundation.org/en/

Signal Privacy Policy: https://signal.org/legal/#privacy-policy

All the code, including what runs on their servers and in their apps, so you don’t need to take their word for anything. You can compile the signal client from source if you like: https://github.com/signalapp

Article which talks about their audit history (this is their weakest point. The full results of the audits Signal paid for were never published): https://restoreprivacy.com/secure-encrypted-messaging-apps/signal/

However, anybody can check for any spooky stuff in their code, so I doubt they would purposely try to hide anything untoward there.

It kind of doesn’t matter… That’s the beauty of fully auditable open source end to end encryption.

Basically, it makes the whole platform less secure because you could accidentally send a non-encrypted message at any time. With SMS-free Signal, at least mistaken sent messages are still E2E encrypted.

Is their goal to become the new de-facto messaging app? Or is their goal to become the most secure messaging app for whistle blowers, etc for whom a single mistake could mean losing their life or their freedom?

That’s a little reductive… Lemmy Admins are users as well. And any bug reports or feedback you provide is implemented to improve Lemmy, which we all benefit from.