We build Signal in the open, with publicly available source code for our applications and servers. To keep Signal a free global communication service without spam, we must depart from our totally-open posture and develop one piece of the server in private: a system for detecting and disrupting spam campaigns. Unlike encryption protocols, which are designed to be provably secure even if everyone knows how they work, spam detection is an ongoing chore for which there is no concrete resolution and for which transparency is a major disadvantage.
THIS! We have no way of knowing what they are actually doing on their servers so I don’t 100% trust them. Maybe like 90% trust. This really doesn’t change anything.
I don’t know where did you get that 90% from but IMO people shouldn’t trust them at all and should use decentralized platforms instead.