Signal to leave Sweden if backdoor law passes
160 comments
·February 25, 2025vaylian
throwaway28409
> The idea, that companies or politicians can force the user's machine to work against it's owner, is wrong.
You are hinting at something important here. Let me strengthen your point: to own an object means to subject it fully to your own will. If the object can act in a way that favors someone else's interests over yours, you do not own it. This is true of pretty much any device running proprietary software.
A litmus test: can you make your device lie to the manufacturer's servers? Regardless of the legality or morality of doing so.
However this article is really about something else: the vulnerability of centralized services in the face of government oppression. Signal only has the ability to log messages because it is a centralized service that controls both the client and the server. The benefits of E2EE is greatly reduced if the client and the server is controlled by the same entity (tomorrow Signal can push out an update that would send a plaintext backup to their servers, and you wouldn't know it until later). Moreover, the non-free distribution mechanisms on mobile phones (stores) limits a company's ability to resist.
tuukkah
Also only possible because we use Signal as compiled by themselves and not by trusted third parties from a source kept clean of any future client-side backdoors. The client is open source, right? https://github.com/signalapp
(Reproducible builds is a cool technique.)
lupusreal
Yes, this is part of the problem. Application developers and the packagers should be distinct unrelated entities to reduce the chance of a malicious update being pushed to users if the developer sells out.
F-Droid and Debian/etc show how this is done.
dijit
I have unpopular opinions about this, because Signal has been so hostile to anyone other than Signal themselves being involved.
But to be specific: "open source" claims go out the window when they're;
1. Not reproducible (before anyone links me to the "reproducible steps" please actually read them because they tell you directly that they will not create a reproducible output).
2. Able to hide development of mobilecoin (somehow) from us for nearly a year. To be clear: There were updates to the Signal app on iOS and Play, otherwise there would have been security bugs, but those patches did not make their way into the repositories.
Signal operates on a "trust us bro" mentality, and no matter how trustable they seem to be- something about that doesn't sit right with me and never has.
lxgr
> to own an object means to subject it fully to your own will
Not by a long shot. Just a few counterexamples from the top of my head: Destroying currency, altering passports, reproducing copyrighted images.
I'm not saying I'm a fan of even more exceptions of that kind, but I don't think there are any particular inherent rights arising from property ownership beyond from what society agrees on there are (e.g. the first sale doctrine for physical media). That's what makes it even more important to codify these rights.
lolinder
> Just a few counterexamples from the top of my head: Destroying currency, altering passports, reproducing copyrighted images.
These aren't counterexamples, they prove the rule. A US passport literally has the text "this passport is the property of the United States" printed inside of it, and I imagine the same is true in most countries: you are the recipient of a passport, not the owner of one.
The same applies to copyrighted images— when you purchase a book you own the physical copy and can fully subject it to your own will, but you don't own the right to make additional copies of it. You own the copy, not the intellectual property.
As for currency, it may not legally be the possession of the US government, but I would argue that the fact that you can't modify it does in fact mean that you don't own the bill, the bill is a representation of an abstraction of "money" that you do own.
throwaway28409
Note that I said "can", not "legally can". You can destroy currency, alter passport, reproduce copyrighted images if you want to. There may be legal consequences but you can. You can also stab a person with a knife you own, even if you will be punished for it. I'm not talking about rights, but capabilities.
You can't make your phone lie to an app developer about its location, rooted status, etc. You can't make your HP printer print with unsanctioned ink. Therefore, you do not own them.
marcinzm
> Invading the privacy of one's digital space is a violation that goes as deep as reading someone's diary when we look back and the time when life was more analog.
Which police with a warrant can very much do.
hedora
There’s no warrant protection in this bill. They want to keep a copy of everyone’s data so they can look back at old stuff after the fact.
Even if there was warrant protection, I’d still be against it. People have traditionally had the right to speak to each other without giving a transcript to the police. I think it’s unreasonable to make that illegal.
Braxton1980
Testimony under oath can be compelled
ghaff
Or, for that matter, analog correspondence or notes can absolutely be subpoened in many sorts of court proceedings, including civil.
the8472
That is a significant hurdle. They have to do it for each individual target, show up in person and each case can be contested in court.
Scalable surveillance is different, just as scalable weapons are different.
Tepix
Unfortunately, when we switched from letters to emails, the legal privacy protections we enjoyed back then, were not carried over do the digital realm. We're still suffering and have to use encryption to protect ourselves from the lack of legal protection.
hx8
Legal protections are great and everything, but if I had to choose between abstract legal protections or concrete protections based on physical properties, I'll choose the later every time. Obviously both is ideal, but I'd use encryption for most of my correspondence regardless of my levels of legal protection.
skybrian
This principle seems out of touch with most people’s reality: products hardly ever do everything you want and often work against you. If someone has a device that doesn’t do what they want and there’s no setting to change its behavior, replacing it is usually the only practical option. (Or if it’s a problem with an app, they might be able to install a different app.)
If there is a free software license, it’s of no direct use to them. Only software developers care about such things. (There is an indirect effect on what software is available.)
louwrentius
It may be wrong, but it proves that technology can't beat politics and policy.
The issue with Apple caving to UK demands regarding encryption, and now Signal being in a similar situation, shows that you can't just focus on technology and ignore policy and politics.
And you'll find out that a ton of people here on HN will care, but most of the public won't.
People should take XKCD 538 really to heart (The 5$ wrench one). It's not the same point, but very similar. https://xkcd.com/538/
lxgr
> technology can't beat politics and policy.
It often only can't in a world of mandatory centralized app stores. That's not the only possible world.
louwrentius
We technologists will probably be able to circumvent any Signal-ban. But we don't exist in a vacuum, we are a small part of a larger society. Who's at the other end of your conversation?
Most 'regular/normal' people won't and most importantly - don't want to - jump through the technical hoops to keep using Signal.
Although the downside of the official app stores is clear, the alternative might result in a swift return to the '90s and '00s where malware and viruses were rampant. Pick your poison.
throwaway28409
> It may be wrong, but it proves that technology can't beat politics and policy.
It very much can. In a battle between human force and physics, physics win every time. If I send an encrypted email to you, you have the choice to not give up the key, even if you'll be in jail. With physical letters, you don't have this option. Technology gives you the ironclad ability to keep a secret, only limited by the fortitude of your character.
louwrentius
You clearly haven't felt a 5$ wrench on your body. Giving up your secrets under torture isn't a character flaw, it's what will happen to 99.99% of people under torture. I can't help you if you don't believe that this is true.
And I hope you understand that 5$ wrench is a euphemism for what would 'really' happen.
All this to say that no, technology does not triumph over politics and policy.
johnmaguire
Did Apple cave to UK's demands? I thought instead they removed their product from the market, like Signal.
We're talking about companies though, not technology. Something like Bitcoin or BitTorrent can be regulated, but not stopped.
lxgr
Not fully, but making transacting in Bitcoin outright illegal would probably go a long way to making it completely unattractive to 99% of all potential users.
And if Apple and Google were forced to remove all wallets from their app stores, it would largely be game over.
EGreg
I think that this highlights exactly why we need decentralized, open source software.
Back when Moxie Marlinspike made a thoughtful critique of Web3 (the most thoughtful one I had read, actually), I put together a reply. It’s worth a read for anyone on HN who cares about user freedom and how society is structured:
https://community.intercoin.app/t/web3-moxie-signal-telegram...
A note to the younger HN crowd who may have grown up with locked-down devices: the “hacker ethos” used to mean the freedom to tinker and buuld your own. It wasn’t always the case. The Personal Computer and Apple came about through the Homebrew app. And before that, Steve Jobs and Wozniak were even building blue boxes for “phreakers”:
https://www.youtube.com/watch?v=HFURM8O-oYI
Before he became a corporate golden boy, Mark Zuckerberg built Synapse for regular users and open sourced it instead of selling it to Microsoft and wanted to build Wirehog, but Sean Parker proudly said he and Peter Thiel “put a bullet in that thing”
https://techcrunch.com/2010/05/26/wirehog/
I don’t want to just be the “wake up sheeple” guy or some unkempt Stallman clone. But there is a real culture clash between the hackers and the corporations, and I feel like the HN denizens who knee-jerk downvote of anything decentralized today don’t get the point of open source decentralized hacker ethos and how the people who practice it produce the next big thing. Working for FAAMGA and “the cloud” ain’t it folks. Here’s why “the cloud sucks” by Steve Wozniak: https://gizmodo.com/why-the-cloud-sucks-5932161
In short — read my rejoinder to Moxie Marlinspike, in my first link. It is ironic because all these years later, I end up being right: it is exactly his company that’s getting hit with this, exactly because it is centralized.
And if you are Moxie or Durov and think your centralized company has somewhere to run… here is the bigger picture around the world — governments are coming for you and the war on user freedom is coming through you: https://community.qbix.com/t/the-global-war-on-end-to-end-en...
smokel
Unfortunately, the philosophy of Free Software does not account for the scale at which software is being run now.
Having the source code to a printer driver available is a completely different thing than being dependent on a platform, because all your friends and relations are using it.
Personally, I'd only trust a governmental agency to provide such services, which makes the article we're discussing ironic at the least, or complicated.
genewitch
A government run social anything would be the most milquetoast experience, wouldn't it?
I suppose if I needed to make sure there was a public immutable record of something it would be useful. Like "I made this thing no later than this post"
But who would use it?
einpoklum
> Personally, I'd only trust a governmental agency to provide such services,
I can't see why you'd say that.
Governments (and private corporations) are not operated to faithfully serve the public, certainly not the public as a set of individuals and small groups of people. It's not that "government services are bad", but rather, than governments, even democratically-elected ones, are practically certain to wiggle out of the straightjacket of strict protection of individual needs and interests for legitimate or illegitimate "greater good"; specifically, they will not resist the desire and the interest to spy on you. And the potential for government abuse of private information is quite high.
gloosx
Bakunin put it best:
"There is only one essential difference between a monarchy and even the most democratic republic—in the former, bureaucrats oppress and plunder the people in the name of the monarch; in the latter, they do it in the name of the people's will." - God and the State
The core problem isn’t the form of government, but the concentration of power itself.
kikokikokiko
"Personally, I'd only trust a governmental agency to provide such services" I understand where you're coming from, "the ultimate goal of a company is to profit and so we can not trust it to protect their users/consumers interests instead of their own" but... you know that it is always the government that will put you in prison, or send you to war right? That it is a blob of power, controlled by people right? This goverment = good that you see people believing these days is such a childish view of reality.
jlkuester7
So much this! The internet does not have to be a monolith controlled by the mega-corp/govt flavor-of-the-month. It originally was (and still can be) a network of smaller federated ecosystems controlled by individuals or smaller groups.
amalcon
Government and charity can be corrupted (and usually are, to at least a small degree). Private industry is corrupt bt default: to the extent possible, it will intentionally serve owners at the expense of other stakeholders.
This is not a knock against private industry in general. Capitalism's greatest strength is precisely that it harnesses corruption toward productive ends through private industry.
Nonetheless, it's unsurprising that people would take a chance at less-corrupt versions of key infrastructure. My preference would be to do this through charity, which worked pretty well for e.g. Mozilla for a while - but I wouldn't call other directions naive.
gloosx
There are a lot of pragmatic pro-government people here, holding tightly to the "51% > 49%" core principle of democracy, which sadly turns into a mess at the scale of humanity, just like any other model we've invented so far. There isn't a real alternative for us collectively now but to submit to power – so any even slightly anarchistic views are not welcome here most of the time...
nonrandomstring
> This government = good that you see people believing these days is such > a childish view of reality.
There are plenty of immature ideas about running human affairs going around. History has shown that a social contract obtained by popular assent is the only viable choice, unless you relish war, insurrection, terrorism, and social collapse [0].
Government is good almost by definition because we grant its existence on that basis of benevolence. Indeed one should be ready to defend good government and lay down ones life to make it good, including overthrowing existing bad government.
This was well established 80 years ago and we seem to have forgotten.
I know there are some around here agitating for tyranny and dictatorship. That in my opinion is the "childish view", a result of too much screen-time and a lack of life experience.
Would you be willing to fight for good government? [1]
metayrnc
> The Armed Forces, on the other hand, are negative and write in a letter to the government that the proposal cannot be realized "without introducing vulnerabilities and backdoors that can be exploited by third parties
First time I am seeing an organization against this. Kudos to them for standing up.
diggan
According to the original article (Swedish: https://www.svt.se/nyheter/inrikes/signal-lamnar-sverige-om-...), the reason for the armed forces to be against it is because they recently started advocating for its personnel to start using Signal to reduce eavesdropping, so backdooring Signal would decrease the armed forces security.
> Men Försvarsmakten är negativa och nyligen uppmanade försvaret sin personal att börja använda Signal för att minska risken för avlyssning.
giancarlostoro
Makes sense, the entire point of Signal is no backdoors. If you add one, you might as well make the app illegal.
hav
In fact, they are negative because they say that this can't be done without opening up the service to vulnerabilities that could be used by others.
> I ett brev till regeringen skriver Försvarsmakten att lagförslaget inte kommer kunna förverkligas ”utan att införa sårbarheter och bakdörrar som kan komma att nyttjas av tredje part”.
> In a letter to the government, the Swedish Armed Forces writes that the legislative proposal will not be able to be implemented "without introducing vulnerabilities and backdoors that may be utilized by third parties."
diggan
That specific quote is in the original comment of this thread :)
squigz
This was already commented by the original comment in this thread and is not mutually exclusive to GP's comment. What is your point?
bee_rider
TOR was sort of famously contributed to by a dude in US Naval research early on, right?
They are militaries, not police or intelligence forces. The job is to be ready to do war, not nanny and snoop on civilians (Some of that might be a necessary side effect but it isn’t their reason for being).
zaggynl
I question the use of an instant messaging service hosted in another country for your armed forces, is that a good idea, especially now?
As good as Signal is I mean, you will want something under your control.
diggan
They're not using/advocating to use Signal for their military control/communication:
> This week, Brigadier General Mattias Hanson, the Swedish Armed Forces' CIO (Chief Information Officer), decided that calls and text messages that do not concern classified information should, as far as possible, be made using the Signal app. The decision aims to make it more difficult to intercept calls and messages sent via the telephone network.
https://www.forsvarsmakten.se/sv/aktuellt/2025/02/forsvarsma...
Seems people were using SMS for those messages they are now advocating to use Signal for.
Also, seems they've done a review (obviously) but unclear if they had access to something internal from Signal to do the review, feels like they had to:
> The Signal application has been deemed by the Swedish Armed Forces to have sufficient security to make it difficult to intercept calls and messages.
Thorrez
Is Signal hosted in just 1 country?
zaggynl
Good question! I assumed it was US only but things have changed a while back after it becoming popular it seems. Going by https://signal.org/blog/signal-is-expensive/
>Because everything in Signal is end-to-end encrypted, we can rent server infrastructure from a variety of providers like Amazon AWS, Google Compute Engine, Microsoft Azure, and others while ensuring that your messages and calls remain private and secure.
Schiendelman
Apple took the same stance during the San Bernardino case!
nickslaughter02
FYI the EU wide proposal to scan all your private messages using an AI agent on your devices also originated in Sweden by EU Commissioner Ylva Johansson in 2022.
> EU Commissioner Ylva Johansson has also been heavily criticised regarding the process in which the proposal was drafted and promoted. A transnational investigation by European media outlets revealed the close involvement of foreign technology and law enforcement lobbyists in the preparation of the proposal. This was also highlighted by digital rights organisations, which Johansson rejected to meet on three occasions. Commissioner Johansson was also criticised for the use of micro-targeting techniques to promote its controversial draft proposal, which violated the EU's data protection and privacy rules.
slac
Some background: Lots of stories in the media in Sweden recently about how murders are now ordered via chat apps. Today in fact, there was one about a Snapchat murder. https://www.aftonbladet.se/nyheter/a/8qL3A1/uppgifter-missta...
JmsPae
You know it's a banger proposal when even the Swedish armed forces tells you "Please don't".
bad_user
European armed forces should know best, given that Signal has seen actual use by Ukrainian military personnel, with Russian forces trying their best to target those encrypted communications (right now mostly by getting those smartphones from dead bodies).
mrweasel
The fact that proposals like this get this far, without anyone checking with the defence department and actual experts is really weird. It's not just Sweden, this is clearly a problem in many other countries.
I'd really like to know why it's so hard for politicians and police forces to understand that backdoors are dangerous.
mjburgess
It will be waring factions within government (which is never unitary in any country) --- here these laws/proposals/etc. probably come from domestic spying agencies and police forces in most countries. I suspect that signals intelligence agencies and offensive forces have probably mostly moved to "encryption is good" stance given the number of foreign attacks upon domestic assets (gov, biz, etc.).
However, we shouldn't underestimate the desire for foreign intelligence agencies to bait one's own domestic agencies into "spying for them". So i imagine there's some pressure from, eg., the US sigint agencies to have the EU compromise EU citizens in ways that even those very agencies may today not wish to compromise their own.
At a complete guess, I wouldnt be supried if, eg., the NSA (, CIA, et al.) were goading EUROPOL which was demanding domestic anti-encryption laws.
As an empirical matter, encryption makes agencies like EUROPOL's jobs extremely difficult -- i imagine also because they probably struggle to get coop from domestic police forces, so cannot easily do "the physical police work necessary" to get device access.
In the end, I imagine we'll have china to thank for the end to this nonesense -- since any backdoor will immediately be a means of mass corp/gov espionage.
genewitch
> At a complete guess, I wouldnt be supried if, eg., the NSA (, CIA, et al.) were goading EUROPOL which was demanding domestic anti-encryption laws.
The exact purpose of Five Eyes?
I'm shocked, shocked! there's gambling going in here!
pavlov
They haven’t been in a war since 1814, so they’ve had lots of time to develop other competences.
I hear they also make amazing sourdough and can discuss the Beatles catalog at depth.
bryanrasmussen
as a general rule countries that succeed with a policy of neutrality do so by having their military strong enough that they're mot worth fucking with.
diggan
> having their military strong enough
That's not how Sweden remained "neutral" though, although I'm not sure I'd agree Sweden been neutral since 1814, wasn't exactly neutral before/during the second world war. https://en.wikipedia.org/wiki/Sweden_during_World_War_II
42lux
While I don't personally agree with the law, I genuinely hope we witness a major corporation withdraw from a market just so we can finally observe the concrete impact of these types of threats. (Even though their position is understandable in this particular case.)
disruptiveink
Google ultimately did that for China. The outcome in that case is that the domestic market filled in the gaps, while complying to all relevant authoritarian legislation. I do not believe that the same would happen for every market where these stunts are being pulled off, at least not to the same level of quality.
Why are European countries trying to pull one off from the China playbook, while simultaneously being shocked that companies react to authoritarian moves in the exact same way as they have done in the past, is beyond me. Is the hubris so large that they honestly can't conceive their "requirements" as being "literally the same as China?"
hx8
Having to build local alternatives probably had a positive impact on China's software industry. We're at a point today that major Chinese software/tech companies are routinely talked about on nightly news.
Schiendelman
Have you ever read the book The Corporation? It goes into some detail about why corporations can't do that. Not "won't" - can't.
frontalier
i did not read the book but i did read the news when google gave up on serving censored search results in china
bramhaag
Unlike a certain big tech giant who pretends to care about privacy until it cuts into their profits.
ragnese
All of them?
bramhaag
Well, only some claim to "remain committed to offering our users the highest level of security for their personal data" while turning off E2EE cloud storage for an entire country.
docdeek
What other choice did Apple have? To ignore the law of a country where you operate just because you don't agree with the law is a terrible standard to set.
null
Schiendelman
What else could they have done?
einpoklum
No, some of them don't even bother pretending they care about your privacy.
ronbenton
What would even be the point of Signal if there’s a backdoor? This isn’t just principled, it’s necessary for business.
genewitch
Once Signal is backdoored successfully (in this alternate timeline) you go after WhatsApp, RCS, whatever other encryption you can't bypass. Other countries follow suit because Sweden did it (like an infamous single study out of the Netherlands that affected global health policy.)
The goal is no privacy. Because terrorism. Or the children. Or espionage. Just pick one and speak against them directly and you'll find many arguments why the government needs access for any of those reasons. People love going to bat for giving up rights.
I forget who said it but you cannot have a civilization without secrets.
pr337h4m
Signal is headquartered in the US and presumably has no employees in Sweden (and perhaps the entire European Union).
There is utterly nothing the Swedish government can do to stop Signal except for pressuring app stores and/or ISP-level censorship. Preemptive surrender is extremely disappointing, especially for a non-profit - there isn’t even any revenue that can be ‘fined’ by the EU!
Aurornis
> There is utterly nothing the Swedish government can do to stop Signal except for pressuring app stores and/or ISP-level censorship
They can go after executives and employees of foreign companies, too. The charges may not mean much unless those employees travel through Sweden, but if the political winds change in the future then they may be able to convince other countries to enforce their charges against employees as well.
It’s reasonable for a company to avoid risking their employees becoming targets of detention for international travel.
It also more effectively highlights the political issue within Sweden if people there see the consequences of the laws of their elected officials rather than having those laws silently ignored by a company that takes the legal risk upon themselves.
willvarfar
The app stores are run by companies with a presence in the EU.
walrus01
What's funny is that it's other EU laws from totally different parts of government which are, at the same time, pushing to allow for side loading of apps and alternate app stores on iOS and Android.
https://www.google.com/search?q=apple%20eu%20alternative%20a...
The end result of which, if done at large scale, means that an EU government couldn't ban signal, short of forcing all its domestic ISPs to be downstream of a China type great firewall, or simply null route all the IP space where signal's servers are located.
ben_w
All the alternative app stores can easily be subject to the same legal requirements as Apple.
Side-loading is harder to enforce any rules over, of course.
Blocking domains is well-established at this point, thanks to the copyright industry doing a 21.5-year whack-a-mole-waltz with The Pirate Bay. Of course, this also demonstrates the limited effectiveness of domain blocking.
diggan
I keep seeing this idea that because a company is headquartered in some place, means they don't have to follow the laws of the countries where they operate.
Yes, Signal may be headquartered in the US, but that doesn't mean they can just ignore the laws of other countries, which is exactly what may happen here, depending on the outcome.
Sweden may propose a backdoor (a utterly shitty idea, I agree) which Signal may decline (which this submission is about). Then the next step is either Sweden giving up on the request, or placing fines on Signal until they comply or outright ban it, or Signal deciding it isn't worth it (prevent Swedish users from using Signal).
All within their capacities and rights, even though I again think it would very stupid approach.
arcbyte
There are only a few instances where institutional powers pass judgements that they cannot enforce. Generally doing so makes that institution look weak because it puts them in a position to have their rulings openly flouted. That's at the core of what jurisdiction means.
Sweden can fine Signal all they want but if they can't enforce the collection, they weaken their power and foster disrespect.
genewitch
Singal is centralized? Can't they just block it at the border? I understand VPN or whatever, but if they're serious I hear there's a couple of countries with "pretty good" border firewalls.
Doing that would eliminate so many Swedes from Signal...
I haven't found a VPN solution for iPhone users in a couple of US states. It's like iphones are actively hostile to the very idea of a VPN. Or at least "self-hosted VPN", maybe the $20/month VPN work but that's... Sketchy.
throwaway28409
> they operate?
How are they operating? It might as well be viewed as citizens of Sweden interacting with a foreign service out of their own volition.
In general, laws are backed up by the threat of violence. To the extent that Sweden's police can't confiscate Signal's assets in the US, they do not have to comply with anything. The only leverage Sweden's government may have is ISP level censorship, which is likely to cause unintended disruptions. Signal is in turn free to attempt to circumvent the censorship.
brookst
Not familiar with Swedish law, but in most of the world the courts have a concept of jurisdiction. Otherwise a small country could just fine Apple $1T and solve its budget woes, and probably build a giant waterslide.
I would be surprised if Swedish law allowed for prosecuting a foreign company with not one bit of operations in the country.
TheCapeGreek
> a foreign company with not one bit of operations in the country.
Borrowing from how tax & law is usually applied for companies trading outside of their incorporated country, at least in many places including the EU: If you have users/customers in a certain country, even if your product is purely software, you can be considered to have operations in that country.
walrus01
> I keep seeing this idea that because a company is headquartered in some place, means they don't have to follow the laws of the countries where they operate.
My friend's medium size regional ISP is headquartered in the US and as a hosting company certainly has customers who violate any number of censorship, blasphemy, etc laws in Iran, Russia, Myanmar, Pakistan, Bangladesh, just to name a few.
Signal doesn't "operate" in Sweden any more or any less than any other internet based service which has zero servers, offices, bank accounts or other physical presence in the country.
focusgroup0
If the purpose is to stop the gang violence, why not remove the gangs from the country?
krowek
How would that be?
mediumsmart
Swedenherald and their 807 vendor buddies value your privacy.
danieldk
What is the state of peer to peer messengers with E2EE? Over ten years ago, Bittorrent Inc. (now Rainberry and Resilio) made a serverless chat client (Bleep IIRC). But I don't think there is anything new that is also user-friendly? (Drop-in replacement of WhatsApp, Signal, iMessage, etc.)
undotoday
Jami is supposed to be encrypted, distributed, opensource, and cross platform, though I haven't personally used it:
jeroenhd
Peer to peer communications are difficult to combine with mobile phones (at least if you value battery life). There are various messengers out there, but they're incredibly niche and I doubt they'll ever get any decent user bases.
Tox is peer to peer and encrypted, but its UX will probably drive away anyone who wants the ease of use of Signal or WhatsApp.
I think Matrix experimented with the concept of running a server on-device, and that's one of the few alternative chat systems with decent UIs available, but AFAIK that never made it beyond the proof of concept stage.
Veilid Chat, developed by the Cult of the Dead Cow, promises to be an interesting option, but it's currently in beta and has been for a while.
There is a reason why Free Software (as in freedom) was invented: To ensure that those who create the software do not overpower those who use the software. The idea, that companies or politicians can force the user's machine to work against it's owner, is wrong. And it is wrong, because to be a human in the 21st century means in most cases, that your digital devices and your digital interactions are a core part of who you are as a private person. Invading the privacy of one's digital space is a violation that goes as deep as reading someone's diary when we look back and the time when life was more analog.