Yeah, but it's also useful for getting my friends on board. I think it's likely that I eventually start hosting matrix or some alternative, but my goal is to be practical here, yet still have a privacy protecting posture.

> Signal is still a centralised data silo where by default you trust CA to verify your contacts identify.

You can verify the security number out-of-band, and the process is straightforward enough that even nontechnical users can do it.

That's as much as can possibly be done, short of an app that literally prevents you from communicating with anyone without manually providing their security number.