I have been using Mullvad Extended for a long time. It is great, but does have many false positives. They sometimes block some Indian government domains.

I would say DoT is more than fine. Here are their official instructions.

I would recommend using a native app, rather than a web app. If on Android, you can get Element or Element X from f-droid. Or you can also get third party apps like Fluffy Chat.

TeleGuard is not FOSS. We cannot be sure what they do. Plus, the control of their servers is centralised.

When using Element, you can decide which server to use. Also, all the appa are open source, the servers are too. You can host your own server too. I think vector (to identify people using email and phone number) is not libre.

I use Element with chat.tchncs.de as my server.

There’s a lot of reasons why I think Signal on an iPhone may not be as private as on a FOSS Android ROM.

First thing is that you are probably getting your notifications from an Apple server. While Apple cannot see the message content, it os possible that they are still collecting some metadata, as when is the user receiving messages, etc.

Second, the usage of keyboard. I cannot prove that Apple is keylogging your every keyboard stroke, but I don’t think anyone can disprove it either. On Android, we always ask users to use a FOSS keyboard, as some keyboard apps look at the screen and read messages to “provide better text prediction”.

Last is app usage metadata. Apple is still storing all the information about how many times you unlock the phone and how much you use Signal, how many times you open the app in a day, when and (maybe even) why you open the app. Which photos you are sharing through your photos app with Signal, such information is also valuable.

I would say most of your conversations are private, as Signal’s developers are very knowledgeable and they know what they are doing.

But if you have a skeptical mind like I do, or even like most people here do, I would not trust them a bit because of their proprietary code. You cannot be completely sure what they are doing. You just have to trust Apple, which most of here don’t.

This guide can you help you expose your services in a relatively safe way.

The WireGuard encryptions stops when data reaches their servers and the data is re-encrypted to be sent to the client. So, theoretically, they can look at all the data being passed through.

Read more here about TLS termination and TLS passthrough. https://blog.aiquiral.me/bypass-cgnat