If you don't care to share your phone number with Signal and a third-party company (Signal refuses to state what company it is) that send the text message with the activation code to you. And if you don't care that everything will be saved on servers maintained by Amazon in USA.

Then yes, Signal is the right app for you even in 2026.

But if you do care (ans you should) about your phone number and the location of your data, you should focus on something more privacy like XMPP (Snikket would be the easiest way to setup your own server) and SimpleX.

XMPP (for an example Snikket) uses OMEMO and OMEMO is based on Signal Protocol.

Signal for people I know IRL, Simplex for those I don't.

Many people have already commented saying it's good to go, but I also wanted to add, I have dug into their actual encrypted group messaging protocols a few years ago because I was interested in using it for a different use case, and I would say it's pretty well thought out. I trust it, I use it daily, and I've looked at the code. I'm not, nor have I ever been, an auditor, but I have been paid to do cryptography and red teaming/cyber security from big orgs, so I would say I have some professional experience in the matter.

The stories I've heard where Signal messages have been extracted or otherwise accessed was from beyond either end. Someone invited a journalist to a private group chat. Someone handed someone else an unlocked device. The most alarming one is apparently Apple uploads every push notification your device gets to their servers. So if you are concerned about privacy there's a feature in Signal to set push notifications to only say "you got a message" and not include the sender or message contents in the notification.

I haven't heard of Signal itself leaking messages.

Who do you want privacy from and why?

That's not a rhetorical question. It matters. If you want privacy from corporations and governments doing mass surveillance because you're against mass surveillance in principle, Signal is great! As long as you don't give janky apps permission to read your notifications, or you limit what Signal shows in its notifications, your device won't leak to those kinds of threat actors. You can't be sure everyone you talk to is as fastidious though.

If the cops, gangsters, or similar are likely to target you and the people you're talking to directly, there's a good chance just using Signal without a security plan won't keep them from getting the contents of the conversation as in this recent incident where the FBI extracted deleted messages from notification logs. To defend against that specific attack, everyone needs to configure Signal to keep message content and contact details out of the notification. Dedicated devices for secure communication set up by someone who knows what they're doing are ideal in this situation. Signal is still a good choice here, but Signal alone won't guarantee privacy.

If you're being targeted by an intelligence agency from a rich country that has allocated a significant budget to surveil you in particular, you're probably screwed. There's plenty of public information about how US government officials and contractors are required to work with classified information to get a sense of how you might try to mount a defense. It's guaranteed to be inconvenient.

PRODUCT PITCH: Hey everyone, I have a great idea for a secure / private messaging service.

It's hosted in the US, subject to its pervasive spying laws including national security letters.

Also I need all your phone numbers.

Also no you can't host this yourself, I run the only server.

Everyone who uses signal and supports it, is falling for this pitch.

Why not signal?

As per usual, the answer is "depends on your threat model". For a lot of sensitive communications, the centralised design and therefore ability to correlate metadata is a no-go. But if you're just using it e.g. as a WhatsApp replacement to message your friends, it's fine. It's still the most polished and normie-friendly e2ee foss messenger.

use xmpp like me

if you are super private person or want to be anonymous, maybe you can choose SimpleX.

Signal is the only thing I can get normies to use. Its that, or SMS, fb, or WhatsApp. And i refuse to use those.

The client is open source, so it doesn't matter what the server code is, you can see everything the client sends and therefore tell what possible data is being collected.

It's run by a non-profit so there's no shareholders to please.

Your messages and decryption key are not stored on their servers.

It's been independently audited.

They have publicly posted responses to user information requests where they only provide the account creation date and last access time.

The (admittedly incompetent) US government recommends using Signal (for non-classified information) and top officials have been caught using it (Houthi Working Group).

You can never be 100% sure, but it appears to have excellent security and privacy.