You’ll hear no arguments from me on that point, US tech companies are toxic af.

Good to know!

Maybe. They could also be doing things like paying attention to input cadence and typos/pre-send typo corrections to use as part of a fingerprint associated with the identifying information a user gives them when creating an account so that they can then attempt to detect the user elsewhere on the web whether they are using an identifying account or not.

This may be out of date, since it’s been a while since I last tested this, but: will Signal on desktop still store media in an easily accessible folder where the only security is the use of random strings to identify each individual media file with the file type extension deleted? So, for example, if you’ve had the desktop Signal client synced with your account for a period of time and have running conversations that include sensitive media, that media can be accessed and viewed without even opening the desktop app (which also, last I tested it, lacks most of the locking/security mechanisms found in the phone versions of Signal).

Most media viewers can open the files without the need for adding the file extension to the end of the filename, albeit you would be browsing the files in a pseudorandom fashion if you didn’t try to sort by date or size.