BBB was a mess. It's security and privacy may be great on paper (open source, self hosted). But that's the lawyer's side.
In practice: BBB had server-side mute, so your muted microphone would still send audio to the server. Servers could be compromised through uploaded documents (processed by LibreOffice).
The biggest problems might have been fixed by now. But self hosting half baked software isn't an alternative to most.
How can an unencrypted copy of some media end up at the wrong user? Isn't that supposed to be end-to-end encrypted, especially when stored on the signal servers?
They would have to compromise your client which is in no way different from compromising your device. The NSO / Pegasus systems do just that. They allow arbitrary command execution, which includes sending any file on your phone to any contact over Signal. Nothing software can do to protect from that. If you need 100% guarantee something doesn't leak over electronics, don't store it electronically. Ask them Slavs https://www.theguardian.com/world/2013/jul/11/russia-reverts...
The app accidentally attached seemingly random media to messages. The other end has no control over what images they receive when. There was no hack or remote control at play, just a bug.
It was a bug on the client that encrypted and sent the message to the wrong user. If it was a bug in the server that messed up the routing it would be impossible for the wrong recipient to see the message.
In practice: BBB had server-side mute, so your muted microphone would still send audio to the server. Servers could be compromised through uploaded documents (processed by LibreOffice).
The biggest problems might have been fixed by now. But self hosting half baked software isn't an alternative to most.