The thing with "just use Signal" is that it isn't actually suitable for larger (public) rooms, and so isn't a wholesale replacement for other messenger and chat platforms.
Like, sure, re-encrypting the message for every individual recipient, which AFAIK is what Signal does, is easier to implement right than having a shared room key. But it also hard-caps how many people you can plausibly be messaging at once.
@joepie91 what kind of governance issue are you referring to? Anything I can search for to learn more about it?
@ben A couple that come to mind: the total reliance on phone numbers for a very long time (with all the issues that caused), the dubious defenses of centralization (there's a whole story here with them repeating already-debunked talking points), the magical (misleading) claims of metadata privacy through 'sealed sender' that don't seem to have any verifiable technical basis...
They have been a less-than-perfect steward of the platform, and that is a very big problem when it's being marketed to high-risk users like activists while also being heavily centralized and actively hostile towards eg. forks.
Basically, there's enough dubious stuff going on over the years that they've refused to acknowledge and fix, that I do not feel comfortable trusting them with my or anyone else's safety.
@ben Or to phrase it slightly differently: "platform that has a really good reputation because of a few high-profile privacy/security things while dropping the ball on the bigger picture and ignoring criticisms" is *exactly* the kind of profile I would expect from a hypothetical organization that is trying to entrap high-value targets.
@ben (Another organization which fits this profile, incidentally, would be Cloudflare)
@joepie91 thanks for elaborating! I know of these things but didn't catch that's what you've meant.
(And this is not even going into the governance issues which somehow always seem to get left out from the security discussion, even though that is *absolutely* a security-relevant factor.)