[smacktoward]

I'm not sure it really matters -- if Apple wants to log your conversations they don't have to put a backdoor into Signal, they could just put a backdoor into iOS itself. An attacker with privileged access to the guts of the operating system doesn't have much need to muck around with hacking the applications that run on it.

Which is to say, security-minded users should strive to trust as few parties as possible, but since at the end of the day you have to trust somebody if you don't trust Apple the only really secure move would be to not use iOS devices at all.

[acqq]

Exactly: as soon as you use Apple, you can as well use iMessage and FaceTime with the other iOS users. You just need something to be able to communicate a bit safer with the users who don't have iOS.

But if the user has another OS, then you can believe those who get control of that OS/device can read your messages to that user and record your calls to him/her.

It's turtles all the way around. The more communication the less can you expect to remain "private." Come to think, it is so without computers too.

[widforss]

But one should never consider oneself secure from targeted attacks. What Signal et. al. protects from is dragnet surveillance, which Apple can perform remotely with iMessage without having to install an exploit on every iOS device. They do not have that opportunity with Signal.

[acqq]

> What Signal et. al. protects from is dragnet surveillance

Can it be claimed if

- the user has to log in with his phone number to Signal servers in order to communicate

- no user can use any other but Signal servers, which are hardcoded in the apps?

It seems that it's perfectly designed to at least collect the metadata and the owners of it don't want to let you change these rules.