I do not have any information about the current state of messenger, so I cannot comment.
Here is my issue with WhatsApp though:
How will I know that Meta is still shipping an application based on an uncompromised version of the Signal protocol, without malicious modifications?
Auditing is the normal answer.
Sadly, Meta is not ISO27001 certified, so there's no trustworthy external audit trail.
Barring that, who is capable of auditing Meta to confirm this? Who can see the client and server sources to confirm that there is no MITM? Only Meta, on both counts.
I have to trust their word for it and I'm incapable of trusting them.
Here is my issue with WhatsApp though:
How will I know that Meta is still shipping an application based on an uncompromised version of the Signal protocol, without malicious modifications? Auditing is the normal answer.
Sadly, Meta is not ISO27001 certified, so there's no trustworthy external audit trail.
Barring that, who is capable of auditing Meta to confirm this? Who can see the client and server sources to confirm that there is no MITM? Only Meta, on both counts.
I have to trust their word for it and I'm incapable of trusting them.