On mobile there are various options. The apps which are likely to be most secure are ones which have end-to-end encryption enabled by default and which can also be onion routed via Orbot. End-to-end encryption secures the content of the message and onion routing obscures the metadata, making it hard for a passive adversary to know who is communicating with who.
If you are thinking about Signal, think Wire instead. It is similar, but does not require a phone number and is not based in a 5 eyes territory.
Wire’s holdings are in USA, though. I quit using Wire immediately back then.
Signal is completely open source, has reproducible builds on Android, and uses “sealed sender” so they cant see who’s sending messages, just who the intended recipient is. Why would I use Wire when its hard enough to get people to switch to Signal, the most secure messenger, which also happens to be free?
Wire is open source too. https://github.com/wireapp/wire
IIRC both the server and client code is open source. But I don’t know if that can be easily proven.
I didn’t know about “sealed sender”. Sounds great. Though TBH it doesn’t seem to be working (yet) on my account. Have you actually tested it?
I’m not sure sealed sender is enough to compensate all signal’s other failings. Let’s wait and see.
IMO … this is all a false choice.
If there are too many choices, none will gain critical mass, and all will fail. The key is bridging. Once your messager can bridge to a few other secure messagers (and to email) then it stands a chance of taking on facebook.