I trust that it can't read my messages. It seems to be doing a good job at also not collecting metadata although that's hard to prove. They had a court order a couple of years ago and could only give a teenie tiny amount of data. If that is still the case who knows? I suspect if it weren't then something would've leaked that that has changed. All of Signal's new features focus on minimising/nullifying Signal's ability to collect any data about its users.
Signal is awful. As of writing, you require a phone number to register. This was done for accessibility reasons i.e for getting many people onto the service and as a natural way to stop bots. You didn't have to create a username. Your contacts were all connected to your number so Signal didn't need to store anything. The issue is it's starting to get harder and harder to get SIMs/phone numbers that aren't connected to you. Many countries require ID cards to purchase SIMs you could always find a Cryptoparty and trade SIM cards
It's promising that their E2E encryption protocols have essentially become the standard for secure messengers. The client and server code is open source. Signal has been audited.
From having used it for a couple of years and reading about it for some time now, I would say Signal has two main focuses: Privacy + accessibility to normalfags. That second point is good and bad. It's a lot easier to get your group of friends onto it because it's "like WhatsApp" apparently. I don't use WhatsApp so I don't actually know
. However, it also means that sometimes work goes into adding stickers and private ways to get Giphy previews in-client instead of more important improvements. The clients aren't great. It can sometimes feel a little slow to sync up. The desktop one is Electron, so it's basically running a full browser for a messaging program.
The project is also just another walled garden (you can only communicate with people inside it like WhatsApp and Telegram) and the project is hostile towards user run versions on the grounds that having many clients/servers means that some won't keep up with security/privacy standards/features.
Signal is currently in the process of coming up with a way to remove the reliance on phone numbers and a way for new/lost phones to get all the data back and the current situation has caused a bit of turmoil. The current solution is to force users to make a PIN basically a password, although many will just have a 4 digit number because it's called a PIN and the default input interface is a number pad
from which a strong key is derived in an Intel "enclave" an isolated location for code to run where not even the programmers have access to it
and that's used to encrypt lots of user data like contacts/settings so that when someone loses their phone and gets a new one they can have all their data back instead of starting from scratch again. This has two issues. Firstly, reliance on the enclave's being actually secure - it has been shown to have security issues. Secondly, this is a shift in the project philosophy. They used to store basically no data about the user and will no start storing basically everything although it will be encrypted. The first issue can easily be overcome by just having a strong PIN e.g. 20 digit alphanumeric random string, but then again 50 year old Bill won't do that will he? The second issue is interesting. Having an encrypted user account stored on the server means you won't need phone numbers and can seamlessly use it on new devices but like I said it's stepping into something it said it won't.
If you want to get your friends/family off WhatsApp/Messenger because of privacy reasons, this is currently the best way to do that.