> One has to trust a pretty big company...
Or a medium-sized (~50 employee) nonprofit, anyway.
Huh, it's true. I thought an organization that needs $50M yearly to function[1] would employ more people. Still, I think it's fair to call them "pretty big" looking on how much media exposure they get or their operating costs. Perhaps a bit misleading from my part with the "company" part, as I'm not english-native, every type of firm,company,foundation in my head translates to a "company", sorry about that, will be more clear next time :)
No worries, I don't think "company" is even technically wrong. But I do think given the nonprofit structure (and Moxie Marlinspike's track record), that there are fewer incentives for Signal to lie about its privacy guarantees than a messaging app backed by a commercially-driven big company.
I'm not aware of all techniques that Signal uses to somehow make the message anonymous even when if the encryption would have been broken, but sealed sender seems to be one of them:
https://signal.org/blog/sealed-sender/
So at least there's that. Unless the encrypted sealed sender messages aren't somehow being fingerprinted by the IP address of client and the timestamps of connections. Signal probably also says that they don't log these, but with self hosted mailserver I wouldn't have to trust them on that too.