- Still need a phone number
- They refuse to post the app on f-droid (directly)
- No 3rd party clients allowed on their servers.
- Crypto thing they attempted
- I don't trust Moxie, he rubs me the wrong way.
Jitsi Meet is pretty good for video, and relatively easy to self-host, though you'll need some decent resources for it. The docker-jitsi-meet project[0] can get you started quickly
Signal's "source available" infra can be self-hosted but it's huge effort and relies on a bunch of cloud-specific services which need to be replaced with self-hostslable alternatives. It's also extremely poorly documented and the code quality is fairly mediocre. I wouldn't recommend trying to host Signal infra yourself; it can be done; I've done it at work and it took some months of effort, and maintaining it is a nightmare (or was, then at least) because they'd only push one huge update to GitHub quarterly or less often.
keybase.io has been great, although it's not without its risks either since it was acquired by Zoom. It's still up and seemingly maintained but AFAIK there's no new feature work.
I've heard WhatsApp recommended from people I trust, but I have never personally used it so can't speak from experience.
The legal team at the company I work for are suggesting to remove keybase and treat it as compromised as there is no way of knowing of keys and other data has not been shared with the Chinese government. No proof at all of course, just the world we live in I guess :)
None of these suggest you shouldn't use signal - or that it's not meeting its goal of secure communication (except the last one I suppose).
Signal is not without flaws as you say, but if you have a phone number and can access a binary, there's every reason to believe it will securely and privately transmit your messages. You are also, ofc, free to fork their client and run your own service (as others have done).
Signal has repeatedly been audited[1] so there's more reason to believe the protocol has the capacity to be secure than other options. Obviously if you believe the company is actively subverting their goal, you should use your own fork.
Edit: to be clearer - signal both publishes a protocol (that is thought to be secure) and provides a public service (that claims to use the signal protocol). Signal has claimed that the binary blobs they add to their public client (and the other restrictions) are required to run a public service (anti-abuse, etc). You are free to believe them or not - I do.
At the protocol level, which you are free to use, none of the problems you or the ancestors have pointed to apply. All of the alternatives people are pointing to here are at the "protocol" level - accessible only if you or someone you trust has setup a node. There's nothing wrong with that - it's a good idea - but it's no reason to attack signal's service for not being a protocol (which they also provide).
[0]:https://www.theverge.com/2022/1/10/22876891/signal-ceo-steps...