We do need to trust Meta that they really don't, to some extent, but people way smarter than me have researched the WA implementation of the Signal protocol and it seems solid. I.E: Meta appears to simply be unable to read what you chat and send. (but TBC: they do see with whom and when you do this, just not the contents).
Presumably they use proper HTTPS, so all the data is essentially encrypted twice, if they just concatenate some packets with keys, it would be extremely difficult to detect as you'd need to decrypt HTTPS (which is possible if you can install your own certificates on a device), then dig through random message data to find a random value you don't even know.
People find exploits in proprietary code, or even SaaS (where researchers cannot even access the software) every day.
People at Meta might leak this information too.
"Information wants to be free"
My point is: the risk of this becoming known is real.
Reputation
Or what's the translation of bank run but generic for any service? Leegloop in Dutch. Translator gives only nonsense. Going for the descriptive route: many people would leave because of the tarnished reputation
The trick is to have Facebook continue to believe that this reputation/trust is more valuable than reading the messages of those who stay behind, which can partially be done by having realistic alternatives for people to switch to so that there is no reason to stay when trust is broken. Which kinda means pre-emptively switching (at least to build up a decent network effect elsewhere), which is what I've chosen to and encourage anyone to also do. But I'm not a conspiracy theorist who thinks that, at the present time, they'll try to roll out such an update in secret, at least not to everyone at once (intelligence agencies might send NSLs with specific targets)
The only way I can think of, is by pushing an update that grabs all your keys and pushes them to their servers.
Otherwise, it's pretty decent set up (if I am to believe Moxie, which I do)
