Either way signal’s main identifier is phone numbers, which is tied to your identity. So even if the message contents are properly E2EE, they still have a connection map, as in names and addresses, of who contacted who at what time. And of course its a US company so that makes it inherently insecure.
They do, which is illegal to verify, because any US based company isn’t allowed to notify the public if its been asked by the US government to hand over its data. Many of us are not going to be surprised when signal turns out to be Crypto AG all over again.
Either way signal’s main identifier is phone numbers, which is tied to your identity. So even if the message contents are properly E2EE, they still have a connection map, as in names and addresses, of who contacted who at what time. And of course its a US company so that makes it inherently insecure.