@metalune I wouldn't use Signal for secure messenger to begin with, for that purpose is XMPP better. I guess he's a pragmatic user who have some important friends on Signal. :)
@hund @metalune I'm not talking about file transfers. I'm talking about address books, group memberships, and vcards (profile data) which are saved uncenrypted on the servers. In the case of federated servers, all of them.
Also OMEMO is susceptible to MitM attacks because XMPP doesn't support certificate pinning. The only way to prevent this is manual key acceptance which I doubt many people use. Most will use automatic and call it a day.
Signal doesn't suffer from any of these problems.
@hund @metalune now what Signal *does* suffer from, as we recently were so rudely made aware of, is having a single point of failure and not being self-hostable. That's bad, and is a clear advantage of a federated system like XMPP that you can run yourself if needs be and/or scale out relatively easily.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.