For both MobileCoin and Signal the TEE are not relied upon for the security of the general application but only for some convenience feature that are required for mass adoption but that you can go without using them.

Also, while TEE are not bulletproof, in such a server situation, it means that getting user data means much more invasive compromise than just querying the database. It’s an imperfect solution, but an improvement nonetheless.

If you don’t understand the cryptography enough that you have to ask about telegram, just use Signal. It’s the best designed app for the security of most people, it doesn’t have any privacy/security footgun, and has a pretty good threat model while not cutting corners on usability.

There’s no debate. The CEO is a compulsive liar who misleads people about how encryption works. Every one who knows how encryption works and have looked at Telegram will tell you Telegram is not encrypted

Signal is well designed enough that Jurisdiction doesn’t matter much. The only things you’ll find that can br arguably better than signal are fully decentralized apps that go over TOR like Briar or Simplex but these have a lot less usage because they’re so slow and terrible for your battery.

And now you can have it through NAT-PMP on ProtonVON

The post specifically mentioned POIs, and as far as I have tested (in France at least), Magic Earth has the same incomplete/missing POI database as organic maps, coming from OSM.

But they don’t have more data than organic maps since they’re using OSM too.

ongoing conversation in plaintext

This one is incorrect, wording was confusing as hell.

matrix stores your profile info

Profile picture and usernames are public, no way to make them private in anyway.

group membership

Your home server and the home servers of every other member of the group can tell exactly who is part of the group

ongoing conversation in plaintext

I actually meant who and when you send message to and receive messages from.

Matrix doesn’t have profiles. It has usernames, and it has avatars if you choose to upload one.

That’s what I call a “profile”.

I believe this was true when I last checked. They plan to fix it.

Call me when it’s fixed.

That’s just plain false. Please stop spreading misinformation.

Yeah my wording was incorrect, see edit.

What I meant by that is not the actual message content, but who you’re talking to and when is stored on the home server.

Signal goes very far to protect even the tiniest bits of metadata.

For example see sealed sender, private contact discovery and group v2.

On the other hand, matrix stores your profile info, group membership, and ongoing conversation metadata in plaintext, some of them replicated across homeservers. In addition to metadata that matrix doesn’t encrypt, they also do not encrypt some actual data like emoji reactions.

Edit: clarified that conversations are not in plaintext. My wording what confusing as hell sorry.