The short answer is that I feel very comfortable recommending Signal, and all security researchers that I know also recommend Signal.
But I would like to dig into this question a little bit more, because you are absolutely right to raise this question. You should be skeptical about all apps and devices. We know that the government does sneaky things.
For example, a few years ago there was a phone called the “Anon” phone, and it was sold as a fully secure, encrypted mobile phone that promised the user total secrecy in communications.
Five years later it was revealed that this phone was actually part of a sting operation by the FBI in which they captured all conversations and data on each of the phones.
On the other hand, every privacy-oriented app has similar rumors about them, which could be started by the government to prevent people from using them.
The key is to separate rumor from reality.
Here’s how this is done…
- We look for software that is “zero-knowledge, end-to-end encrypted”. This means that the data is encrypted from you to the receiver, and even workers at the company can’t see your data.
- The software should be “open-source”, which means that researchers can see exactly what the software does and doesn’t do.
- This allows security researchers to “audit” the software. They should also be allowed to audit the company’s servers.
- There is a very strong online community of security researchers who analyze privacy-oriented software. We try to look for information from trusted security researchers.
Many security analysts have thoroughly looked through the source code of Signal, and they use and recommend Signal. I feel very comfortable with Signal. On a final point, I can guarantee you that Facebook and the government ARE looking at your texts on Facebook Messenger and Whatsapp, so get rid of them.