I’ve already addressed this but i guess i’ll expand on it.
Signal would not be able to add backdoors to all its users. Security researchers would see pretty quickly (more below) and that would be pretty big news because Signal is quite popular with people who care about their privacy.
They could in theory backdoor an individual’s Signal app but, again, that’s pretty inefficient. If anyone ever noticed it would be a big black mark against Signal, though they may not have much choice in the matter if it really came to it. However, we know that big governments and other sophisticated attackers usually prefer to just stick spyware on your phone. It’s easier, more comprehensive, and doesn’t require collaboration with Signal.
In contrast, you don’t need to do any of that with Telegram because it’s not E2EE. Your argument is basically “security features can be defeated by a sufficiently advanced attacker so use this other service that doesn’t have them to begin with.” This makes no fucking sense.
I don’t know what you’re talking about with FOSS stuff. Yeah, Telegram is open source. Signal is too. Some Signal forks (particularly the ones with “Signal” in their names) have been killed but others still exist, ex molly.im.
Signal client does have reproducible builds and has since 2016, as far as i know. This is another point against Signal being backdoored.
Beyond that, Signal has gone through a number of formal security audits. As far as i know, Telegram has not.
Finally, Telegram itself. Telegram could simply enable E2EE for all chats. They choose not to and that is concerning if you care about your privacy or security.
Yeah Signal could be better but that isn’t a case to use Telegram over Signal when Telegram is worse in almost every respect.
True.