[yannovitch]

I, personally, think that neither Telegram nor Whatsapp, nor even Signal, are good for privacy.

Even if Pavel Durov say that Telegram has verifiable builds and open source client, as long as you're not in control of the whole chain (server+client), you're not in control at all. Even with e2e, an adverse party can always have access to lots of metadata, or with vulnerabilities as disclosed in this blog post, get access to the actual content.

Now that OMEMO is widespread in the XMPP world, I try to push in that direction, but as an other user has said, the hardest part is to get users to move to your "new" solution.

[_nalply]

Maybe publish source and let people compile their clients themselves. For mobile platforms offer reproducible builds and a tool to checksum both your build and the package on the mobile. Caveat: I don't know whether totally reproducible builds are possible at all, and the checksum tool must be compiled too and uploaded as a test package to the phone. Probably only useful for groups of paranoid tech-savvy people.