Blastoidea I stopped using Signal as a daily messenger. Since you can't remember why you stopped using it the first time, I'll give you my reasons for why I stopped using it.
This is a bit of a rant but it's something that has irked me a lot that is almost never talked about in the privacy space.
My threat model for a daily messenger, which is probably shared by most newish Signal users, is not really trusting big tech and being unsure if I can trust closed-source encryption promises - otherwise I would be fine with WhatsApp. The DeleteWhatsApp campaign promised a familiar experience with Signal, but from a nonprofit you could trust. It sounds perfect and this is how they convinced millions of people to download the app. But it was a lie.
For a daily messenger that's used to casually message friends and family, my goal is one thing: keep eavesdroppers out of our private conversations just like how we feel more comfortable talking about things in the privacy of our own home than in public. Signal developers have made it clear that they do not share this vision.
Signal's version of privacy means trust no one, not even the person you're speaking or even yourself. In the analogy above, their version of privacy means doing a mind wipe on everyone as they leave your home to eliminate the chance that they share contents of that conversation with others afterwards - and then throwing away that gift basket they gave you so that no one could guess they were there.
For high threat model conversations, I completely agree with Signal. Signal's more extreme privacy is absolutely necessary for some and I'm assuming some of this niche group may also be GrapheneOS ueers. But that's not the vision that was promised to the millions of people that naively installed it. And this is reflected by usability bugs that are defended as privacy features.
The two main problems I faced were media metadata and backups.
In my experience, normal nontechie people often default to using message apps to share photos (even if more efficient methods exist). No, they won't zip it. No they won't use another app. If you want the photos, this is how you're getting them. Period. "I already sent them, stop bothering me!" Signal though heavily compresses photos and strips their metadata, which is a nightmare situation for someone like me who is in charge of the family photo archive. Meanwhile, Signal purposely designed their user interface to appear similar to WhatsApp's, but the functionality works differently without informing the user. For example, if you send a photo as a document/file in WhatsApp, it sends the full untampered photo with full quality and all original metadata. Meanwhile, this same button in Signal still compresses it and still removes metadata. I had no luck trying to explain this to apathetic friends and family. Signal doesn't offer any way to turn this off and the lack of opt-out is considered a privacy feature. Signal also doesn't warn the user that they will tamper with sent media. I only discovered this months after using it.
The second issue is message backups. In a time when cross-platform compatibility and data portability is showcased, even in many "evil" Big Tech products, Signal has gone the other way. If Signal devs had their wishes, I'm sure they wouldn't allow backups at all and would make every conversation a disappearing message. They still don't have a way to backup messsges to a file on iOS, only to transfer to a new iPhone assuming you still have the old iPhone with you. Despite this being a such a crucial feature that has been requested for many years, nothing has been done. And their excuses make little sense. Other users have pitched iOS backup designs and even issued pull requests, but Signal straight up ignored them or even blocked these people. In short, if you lose your iPhone or move to Android, you will lose all of your Signal messages. I can't in good faith convince people I know to use Signal as their daily messenger knowing this, especially since most people I know use an iPhone.
On Android, they reluctantly created a backup solution, but this was a feature that only exists due to Signal's previous history of supporting SMS. They got rid of their old plaintext backups that could be opened outside of Signal and instead created their newer encrypted backups. Except...there is no official way to convert this new backup to something that can be viewed outside of Signal. You also can't merge backups and message histories. There are some third-party attempts to fix this on github, but it's a cat and mouse game since Signal updates will routinely break these attempts and at this point, I wouldn't be surprised if Signal devs were doing this intentionally. The third-party tools also aren't perfect, such as having a hard time with group messsages and creating duplicates. These solutions also usually require familiarity with techie things like command lines, Linux, etc, which is far from what most people are capable of using and far from the simple familiar messaging app that was promised. And just like iOS to Android, you can't transfer messages from the Android app to the iOS app.
As someone who has lost loved ones, insisting that people use Signal for low-threat conversations between friends and family is beyond cruel. Your message history is yours and you should be able to hold onto those memories for as long as you want. It shouldn't be up to an emotionless programmer to tell you that you don't need them.
As I mentioned in the beginning, I refuse to use Signal as a daily messenger and I've moved back to WhatsApp (and Google Messages for when they don't have WhatsApp). I still have some trust issues about using Meta (Facebook) and Google apps on my phone, but GrapheneOS at least helps to alleviate some of those concerns. I fully acknowledge WhatsApp isn't perfect as far as privacy is concerned, but assuming Meta isn't lying and there are no secret backdoors, it's still good enough for casual low threat-model use, which for me, make up 99-100℅ of my messsges.
One point often thrown against WhatsApp is that conversation metadata isn't encrypted on WhatsApp, which means WhatsApp and law enforcement can see who I'm messaging, when we messaged, and potentially where we were when we sent them. But as I said, this is for casual use. That's a lot of effort to find out I talked to my family today, which I do every day. As long as they can't see what we're talking about, I'm not terribly concerned.
The second part is them moving to Google Drive/iCloud for backups exclusively. While there have been attempts to backup and restore locally, I've never had luck. But, to whatsapp's credit, they offer encrypted cloud backups where you hold the password, not WhatsApp. I feel reasonably secure using it, minus the frustration of having to keep Google Drive installed on my phone. WhatsApp also offers a plaintext local export option for each conversation, which provides some peace of mind in case the backup fails or choose to leave WhatsApp in the future.
The third is WhatsApp's hungry permissions, but as mentioned, GrapheneOS comes to the rescue with this through contact and storage scopes.
I do keep Signal installed strictly for higher risk conversations that I intend to delete, which is not many since I'm a pretty boring person. Though for such a restrictive and infrequent use case, there are other apps that I could use instead like those mentioned in this thread that may offer even better privacy.
I think it's so important to consider the usability differences between GrapheneOS and Signal despite sharing similar privacy and security goals. Signal has a restrictive vision for how they want you to use the app, but still like to tease the masses that it's perfect for everyday use. The Signal community is also relentless in pushing people to stop using more user friendly messaging apps and to use Signal exclusively, which is so unbelievably toxic.
Meanwhile, GrapheneOS understands people have different threat models and gives users the choice by implementing optional usability features such as sandboxed play services. As an additional example, and a near perfect comparison, GrapheneOS's secure camera app gives you the option to not delete metadata whereas Signal does not give you this option at all.
The GrapheneOS mods have been outspoken about how GrapheneOS can be used across various threat models and that you have freedom in how you choose to use it. If you want a locked down minimalist phone, you can have it. But you're also free to install any privacy concerning app and change system settings as you see fit. Instead of telling you that you can't, they actually try to help you do it in a way that is more privacy respecting. GrapheneOS has even censored people in this forum that try to gatekeep this OS to only restrictive threat models. Even when users talk about doing something that poses additional security risk, the mods response is to first jnform people of the risks, but then say it's still ultimately up to the user, just don't blame GrapheneOS if things go wrong, which is very fair.
GrapheneOS is also not shy about stating what doesn't work (like play integrity attestation) instead of trying to trick users into thinking that everything works just like they're used to working. If things don't work, GrapheneOS devs appear upset that they don't work, even if it's for a feature that they may not use themselves. They want things to work, but have limited resources, so they encourage the community to create third-party solutions, to add to the codebase, or to post workarounds on their official forum - unlike Signal that purposely ignores user feedback and code suggestions.
GrapheneOS GETS it. Signal doesn't.
