[jeroenhd]

I this case, Signal could give users the option to protect their privacy by giving users the option to disable/mask/randomize timings on delivery receipts. I think there's a way to do it.

Thanks to this leak, surveillance states don't need to work around sealed sender stuff, though. They can just mass collect the Signal data and figure out IP patterns over time. Without proxying your traffic through ever-changing proxy networks such as Tor, it's only a matter of gathering data. Especially if someone accidentally hits the call button, which arranges a peer to peer setup immediately identifying the two parties.

Signal is still the best general purpose messenger out there if you value privacy and security. My government uses it as a communication mechanism between people and embassies in places with terrorist presence.

It looks like SimpleX has some protocol advantages but reading the reviews, the app doesn't seem good enough for the general population. It's probably because they value privacy above usability, but with problems like "messages don't get delivered if the other party doesn't open their app for a few days", that app isn't going to work for the people I talk to. I also can't really find who's paying for SimpleX, all I can find is anonymous donation links and a company listing in the UK (the country known for forcing Apple's hand in disabling E2EE backups). Probably fine, but once again, no messenger is perfect.