Edward Snowden has a vastly different risk profile than anyone else.
It it without a doubt that he is under constant electronic and physical surveillance by the Russian and American governments. His phones and computers are also very likely compromised. At that point your choice of messenger app matters about as much as the color of your socks because the interception is happening at another layer.
How does Edward Snowden acquire a laptop or phone in a way that he can trust it? I don't think it matters what protocols and applications he uses: he does not enjoy privacy.
I order to get a device that is not explicitly compromised with custom targeted malware one could: take a walk, enter a random shop, buy a device. Now you only have the standard malware that everyone gets preinstalled on their devices.
How to keep it free of custom targeted malware? That is another question!
With a target like Snowden who is under constant surveillance and lives at the whim of his host country, he could expect that any off the shelf hardware he bought would be immediately compromised. His hosts would just make up some bullshit reason to part him from the device for several minutes and do an evil maid attack. Or from afar his hosts or another country's actors could exploit undisclosed vulnerabilities in his device's wifi or bluetooth layer that they have in their toolkit.
Two key words in your comment are both spectrums: trust and privacy.
Most people implicitly trust their hardware more than Snowden does now -- they overestimate the security from the factory and he probably has better expectations of the likelihood of hardware compromise.
On the privacy spectrum, one point is how much privacy you think you have, and the other (unknown) point is how much you actually have. Similarly, I think Snowden's situation and prior experience helps him more accurately understand where those points are; the rest of us are up on the first peak of the Dunning-Kreuger chart.
Can one use Signal via Tor? If so, a URL would be useful.
But one can use Session (a fork of Signal) over Lokinet (an onion routing network, which is similar to Tor).
Even the updated version of Signal merely relays stuff through a proxy. That is, there's just one hop, and that's trivial to deanonymize. With Lokinet, there are multiple hops, so adversaries must compromise multiple nodes.
Also, Session requires no PII for account creation. That's great for anonymity, but there's no built-in authentication. So users must authenticate contacts in meatspace or via other communication channels.
Lokinet seem to claim (https://medium.com/@LokiNetwork/lokinet-b8f738fefe7a) that their network is more resistant to sybil attacks by introducing different incentives (an internal cryptocurrency) and not having a central authority (which TOR does have, and which users have to trust). It's unclear how this helps against a wealthy adversary determined to control the network via its own nodes.
As I understand it, there's a slowly increasing supply of Loki, a private cryptocurrency. Basically, service nodes earn Loki for caching messages, and relaying traffic. I gather that's analogous to mining in Bitcoin etc.
Creating a new service node requires a providing a stake in Loki, which I believe currently costs on the order of $5000. And the only source is Loki held by existing service nodes. So arguably, as the creation rate for new service nodes increases, the price of the requisite Loki stake increases, perhaps supra linearly, or even exponentially.
There's also the issue that service nodes that behave maliciously lose all of their Loki, both the initial stake, and anything that they've earned.
I don't know specifics, however. So I don't know just how high the bar is for malicious service nodes.
It it without a doubt that he is under constant electronic and physical surveillance by the Russian and American governments. His phones and computers are also very likely compromised. At that point your choice of messenger app matters about as much as the color of your socks because the interception is happening at another layer.