Kudos to Niccolò for openly speaking about his mistake of incorrectly stating his video was not sponsored. However I think he made a second mistake which is more serve. As a content creator he must pay more attention to what companies he's accepting sponsorship from. Given the track record of malibal, this should have been a red flag in the first place.

Signal forks can have unexpected behaviours like retaining deleted messages and also they don’t get updated at the same rate that Signal get updated.

There are ways to save messages before they are deleted even if the stock app is used. Do not ever rely on this feature to work in a "safe" way.

Every couple of years I hear a story about hackers disturbing signal with backdoors, which would be impossible or very hard to be done If they blocked third party clients. (Ex: 1)

That is a problem the users who prefer 3rd party clients have to deal with. Obviously if you care enough to not use the official build, you of cause have to take care of using a trustworthy source. That is not "your problem" though.

The amount of people who use third party Signal clients are very few anyway.

That sounds a lot like "I don't use it, so none else needs it either" argument. In my opinion, none of your arguments above are a good reason to combat 3rd party clients.

Not in all situations. And in a way a user will not be aware of. The service or website can define what type of passkey is allowed (based in attestation). You may not be able to acutally use your "movable" keys because someone else decided so. You will not notice this until you actually face such a service. And when that happens, you can be sure that the average user will not understand what ia going on. Not all passkeys are equal, but that fact is hidden from the user.

In addition, Huawei now blocks sideloading Android apps to promote its ecosystem growth.

Well looks like I'm never going to get a device from this manufacturer then.

Sad to see Mozilla being managed into the ground, betraying their principles and selling their users.

The question is not weather Google is tracking or not, the question is if Google is breaking the law doing so.

This sadly is in line with Mozilla's increasingly bad privacy defaults. Users who care have moved on to more reasonable configurd forks at this point (e.g. Librewolf).

This. Regulators are a joke

You may want to rework your privacy policy. It contadicts itself:

We do not track your online browsing activity on other online services over time and we do not permit third-party services to track your activity on our site beyond our basic Google Analytics tracking

14. Analytics: We do not use any third-party Service Providers to monitor and analyze the use of our Service.

They video was quiet promising. However looking at the app website shows that what was a false promise. The app does track every single launch and sends that to their servers (see privacy policy) not legal without consent in the EU. Calling this "tracker free" is more than misleading here. I'd call it a lie actually.

The reported tracker is ACRA, a crash report library (https://github.com/ACRA/acra).

I digged a bit into the source code and the apk. From looking at the code alone one can't tell if the crash report is actually enabled, the build configuration depends on some unpublished file. But looking into the apk allows to reconstruct it. These are my findings:

• the usage is implemented here: https://gitlab.futo.org/alex/voiceinput/-/blob/master/app/src/main/java/org/futo/voiceinput/CrashLoggingApplication.kt
• the crash handler is compiled in and also enabled (BuildConfig.ENABLE_ACRA=true)
• the crash handler is configured to dialog mode. According to the ACRA documentation (https://www.acra.ch/docs/Interactions#dialog) that means that user interaction is required for sending (a popup dialog with a cancel button).
• the upload domain is crash.sapples.net
• the dialog can't be disabled via settings
• the usage of ACRA is missing in the licenses and about dialogs (https://gitlab.futo.org/alex/voiceinput/-/blob/master/app/src/main/assets/license-list.html)
• the privacy policy is correctly stated (https://voiceinput.futo.org/VoiceInput/PrivacyPolicy)

  4.1. If the app crashes, you may be asked if you wish to submit a crash report. If you accept, your device information and crash details will be sent to us for the purposes of investigating the crash and improving the software.

Keepass on phone, desktop and tablet. Sync serverless via Syncthing.

• completely private
• always available when needed
• no dependency on services which may go away
• all open source software
• maximum security