It's cool. Easy mistake. WhatsApp implemented the Signal Protocol in their app but as you said it's closed source. Their particular implementation also leaves metadata unencrypted. Signal itself is the most secure E2EE messenger around.
Discussion
I'm a big fan of conversations.im
That's a good one too. And decentralised if you setup your own XMPP server. OMEMO is based on the Signal Protocol too. Very good.
what are your feelings on threema and simplex?
Threema has a lot of vulnerabilities in the implementation of the NaCl cryptography library last I heard - basically the cryptographic algorithms it uses are good but they've been implemented in a sloppy way, leaving it open to side channel attacks (exploits to bypass the encryption without needing to break the encryption itself).
I have been meaning to look into SimpleX, seen it mentioned on Nostr a fair bit, I'll try getting around to looking into the details and testing it this weekend because I've been curious. But as of right now, can't give an opinion on something I haven't tried.
No - signal is not the most secure Messenger!
All traffic of the SignalApp goes over the clouds of Google, Amazon, Microsoft & Cloudflare. And they say: "Thank you stupid Signal Users for your MetaData"
Check:
www.securemessagingapps.com
Rate the security:
🟩 = 3
🟨 = 1
🟥 = 0
Results:
1. Threema = 85 = the most secure one
2. Session = 79
3. Signal = 77
4. Element / Matrix = 59
5. WhatsApp = 34
6. Telegram = 29
7. Apple iMessage = 25
8. Facebook Messenger =25