Open source would not help without the reproducible builds of Signal (I wonder who check them on each release?). And only builds like Molly include no binary blobs of Google [1], which could IMHO at least be used to extract some metadata. Leaving the OS still as a risk, even for Molly or Matrix clients. Even with transparency around linked devices, I would believe that few people would notice silently linked devices. Simplest thing is I guess social engineering which happened in a coordinated attack on Signal messagers of German politicians recently (I guess there should be an official signal app version not supporting linked devices for such people) [2].

[1] https://news.ycombinator.com/item?id=46081855 [2] https://www.politico.eu/article/hackers-attack-phone-of-germ...

> WhatsApp claims to be end-to-end-encrypted, but it's not open-source

And explicitly does not encrypt metadata.

Meanwhile NSA top brass publicly stated, "We kill people based on metadata."

telegram may not be end-to-end encrypted by default but it does support end-to-end encryption. the generous reading is that this encryption, if used, should be broken.

so as i read it the article doesn't suggest that all of telegram is end-to-end encrypted only that it has support for it.

Yes and the secret chats in telegram are super clumsy. Both parties need to be online at the same time for the key exchange, it only works on one device at each side. Nobody I know uses them.

I sent some people a password reset through them but half of them couldn't get their head around it.

So yeah while it has secret chats, they aren't very useful at all.