[filleokus]

If I understood the article properly, this is about Messenger voice calls, which are not E2E encrypted:

> However, end-to-end encryption is not an option for Messenger voice calls.

Hence, the FB infra is in a position where they can actually retain the key, which Signal is not:

> This differs in a major way from other secure messaging applications like Signal, WhatsApp, and iMessage. All of those apps use protocols that encrypt that initial session key—the key to the voice data—in a way that renders it unreadable by anyone other than the intended participants in the conversation.

However, Signal could of course modify the client applications to siphon off the keys and send them wherever. Especially since it's hard/impossible to verify the source code running in the binary on your phone, this is somewhat scary and forces me to trust Signal.

But if I understand everything correctly, Signal could not be coerced into revealing keys from the backend side. (Please correct me if I'm wrong)