[nullc]

Signal's software is timebombed to force you into taking automatic updates. These updates could be used to force targeted users into backdoored builds.

Additionally, the signal has had a long history of being feature hostile to strongly secure use, through things like making it very difficult to cryptographically verify the identity of the party you're talking to... or automatically resending the last message you sent when the far end merely claims its key has changed.

I recommend people treat signal as unencrypted communications-- _actually_ unencrypted private communications are too absurdly insecure to use. But in practice signal does not provide the kind of strong security that we would associate with 'encrypted communication', and maybe UI considerations make that an unrealistic goal. Instead signal provides the kind of security we should expect from _ANY_ communication, but which isn't actually provided due to pervasive surveillance.