The problem with Signal is the savior complex of its creator, who insists he and only he can correctly implement secure messaging, and it can only be done if he's permitted to handle all your data himself.
This is a gross misinterpretation of his thoughts. Its not that he and only he can implement it. Its that he believes that security must be seamless and take basically no configuration in order to be used by the masses. Things like federation, key control, protocol control, and a million other things makes the effort required to use the service be far greater than most people would put forth. So he's made something seamless, and it's being used by more and more people every year, unlike, say, PGP, which is a UX nightmare.
> Its that he believes that security must be seamless and take basically no configuration in order to be used by the masses.
He is basically saying the same as people who said "Let's accept self-signed, and broken SSL certificates, or "the unwashed masses" will not understand." Remember how it went.
We ended up with a situation that is still far better than using http everywhere. Remember, IT security doesn't have to be absolute. What you do is largely dependent upon your threat model. Not everyone needs to be defended against three-letter agencies, but this is still probably good enough to defend against your local police department or a script kiddie.
> Remember, IT security doesn't have to be absolute.
The field of applied cryptography is absolutely reliant on near physical unbreakability of its algorithms, or it doesn't work at all. (you need n-times the life time of the universe to have a working bruteforce, and as much overwhelming mathematical proof of non-applicability of non-bruteforce approaches as possible.)
And it was actually found to be extremely hard to make crypto algos which are only "slightly" unreliable. Either they are a complete mathematical iron wall, or their deemed weakness is too glaring to be hidden.
That's the wrong point. Key distribution is the weak point in many (most? any?) crypto systems (and analogously, SSL certs), and that's where you have a trade-off between super-high security (opengpg ring of trust) and decent security (lets encrypt).
The protocol has a good reputation, problem is that you can't tell that the app is identical to the source, and each new update has the possibility of breaking things.
Many people were angered by the recent update that forced users to have pins, which many didn't want. Doubly so since there's no recovery method.
The pin issue highlights that future updates could make things less secure and/or add backdoors. Various legal efforts in various legal jurisdictions are trying to enforce backdoors and it remains to be seen if whisper systems will pull out of a jurisdiction if forced to compromise on security.