I think that for folks living in the West, Putin and his gang of cyber criminals is much bigger day to day threat than the NSA. So the fact that Durov is still alive (a couple days in a French prison is the least he has to worry about) makes Signal look like a much better bet than Telegram.
The mostly unelected EU regime really loves censorship. Nobody ever claimed that Putin is in any way better. That doesn't mean that the EU isn't complete shit. And if you want to focus on the EU market like Whittaker claims in the interview it only works if you are completely compromised. Also looking at her history I don't think you could find a more glow in the dark person than her.
Doesn't matter. As long as the code is open source and e2ee, Signal staff could be official NSA employees, it wouldn't matter (in the short term - in the long term, you would see these things to change, of course.)
I'd change my mind on Signal if you can demonstrate an attack that assumes an evil signal operator, or evil signal servers.
Signal know they just need to keep themselves open to the possibility of this kind of demonstration. Then any mistrust, combined with the fact that there is no exploit at the next CCC or defcon, becomes evidence that it's secure. More mistrust -> More attempts to prove its insecure + no demonstration of insecurity -> better argument that its secure. It's a negative feedback loop. It's also honest - you could actually break it. Did I miss how you can break it? Link to the demo.
Signal the program doesn't trust signal the organization, as it should be. That's the core idea. It's what lets them not get fucked by the government. They cooperate fully and ensure they have nothing to tell (privacy by design. data minimization. self blinding). And by having a lot of users they make themselves impossible to ban and thereby protect the whole concept.
Whittaker is very smart politically. The software isnt perfect, sure. It's polished and reliable and secure. Make a better one... it is fine.
Also, are you reading what she's saying? This is not what compromise looks like. Here is how compromise looks like: When you see them starting to talk about protecting people by establishing police control to fight the bogeyman. When they start talking about the threats here, threats there, enemies here, enemies there... When they say, because of big tech, we need things like DSA (enforcement regimes, access for police) [1]. Whittakter says because of big tech, we need a lot of open source projects backed by nonprofit organizations that dont advertise, dont surveill, and have no incentive to start doing it... and that build stuff that has no backdoors and makes no affordances for state or anyone else in power to compromise it.
[1] and then plugins like E-Evidence, and finally rules like in England that prohibit privacy by design... which would prohibit: Signal... but which the english are not enforcing because of protests by: Signal.
