By the way: why Signal/Wire/WhatsApp? (That being your earlier question):
* End-to-end encrypted by default, to the point that it's difficult to send plaintext.
* Radically simplified UX that doesn't meaningfully involve key management, which lawyers and activists cannot handle.
* By-default support for message log grooming / "disappearing messages".
* Modern cryptographic primitives.
* Extensively vetted cryptographic design.
* Works on phones, which are (1) the platform of choice for ordinary users, and (2) almost always more secure than desktop computers.
If you narrow the list down to Signal, you get to further add:
* Serverside privacy optimization / metadata minimization, so there's no targetable repository of all-pairs communicating parties, which is extremely valuable information for state-level adversaries.
* A commitment to not releasing features that don't square with those privacy objectives, so that for instance you can't share GIFs in the app until Moxie and his team figure out how to tunnel Giphy requests to foil traffic analysis, and you don't even get user profiles until a year or so ago, when Moxie and his team figure out how to provide them without generating a serverside database of identities.
* A multi-year track record of deep security auditing and a high-profile recipient of volunteer auditing unmatched by any other messenger.
I agree with your list of benefits. Only thing I really want to comment on (but see my response elsewhere) is
> My interest in strong privacy engineering means, frankly, I don't give a shit about federation.
I think the point of federation is that I don't know any way to get all three of the following:
1. I can run my own server, and keep my own account on it. (Last I checked, Signal couldn't realistically do that, but maybe things have changed or I was mistaken.)
2. I can communicate with one of my sources without them having to sign up for an account on my server (which may not be possible in certain conditions).
3. The protocol is not federated.
But maybe we mean slightly different things by federation.
Anyway, I'm sorry you've been targeted by people overly enthusiastic about the merits of PGP. I'm certainly not one - it's absolutely a very flawed approach.
I can see the case for a central server w.r.t. matching conversation pairs.
My objection is this: Signal (and others) seem to only support smartphone clients well. There's a genuine use-case for a more advanced user who wants to control every aspect of the platform he is using, including exactly when and what packets are being sent to whom. More importantly, the user may not want to process data on a von Neumann machine designed & administered by Apple/Google/Samsung. It would be nice if there were a supported command line interface, where the plaintext & encryption aspect of the protocol were handled separately from the ciphertext network traffic.
* End-to-end encrypted by default, to the point that it's difficult to send plaintext.
* Radically simplified UX that doesn't meaningfully involve key management, which lawyers and activists cannot handle.
* By-default support for message log grooming / "disappearing messages".
* Modern cryptographic primitives.
* Extensively vetted cryptographic design.
* Works on phones, which are (1) the platform of choice for ordinary users, and (2) almost always more secure than desktop computers.
If you narrow the list down to Signal, you get to further add:
* Serverside privacy optimization / metadata minimization, so there's no targetable repository of all-pairs communicating parties, which is extremely valuable information for state-level adversaries.
* A commitment to not releasing features that don't square with those privacy objectives, so that for instance you can't share GIFs in the app until Moxie and his team figure out how to tunnel Giphy requests to foil traffic analysis, and you don't even get user profiles until a year or so ago, when Moxie and his team figure out how to provide them without generating a serverside database of identities.
* A multi-year track record of deep security auditing and a high-profile recipient of volunteer auditing unmatched by any other messenger.