At my previous employer, among the 40 or so developer staff worldwide, there were only two of us who used Signal: myself (security focused backend dev) and the devops team security expert. Everyone else: just use WhatsApp so we can all communicate in the same place. Caring about privacy can be exhausting.
I believe that strong E2E encryption is critical to individual privacy, but I also believe that it doesn't really matter when most every nation state can compromise any phone at any time simply by knowing the phone number and sending a zero click SMS or MMS message to that phone.
Until laws are implemented that forbid this and/or security improves to do so, it doesn't matter how good the encryption is if it's running on a fundamentally insecure device.
It's very hard for security conscious people to attract other people to more privacy conscious platforms. People love the practicality, and don't want to trade for they can't see or understand.
I'd love to use signal, but it'd be a very silent place, and have to have WhatsApp anyway. So, instead of trying to entice others, I just try to win a one small battle at a time, reducing my cross-section step by step, where I can.
Well, Whatsapp hasn't done anything egregiously bad yet and they got a lot of goodwill/good PR from their E2E implementation vouched by Moxie et al. So what's the big issue with Whatsapp beyond that the client is not open source?
WhatsApp has already had multimillion euro fines for their privacy practices. Just because it has E2E encryption does not mean it doesn’t sell other data. A company whose business model is to sell your data is going to sell your privacy along with it.
Being open source is nice, but not required for privacy.
