Jurisdiction is not that important. Even if it was in Switzerland it’d have to comply with international law enforcement and warrants. The key is that sure Signal is obliged to give out whatever data it has, but the point is that it doesn’t have much useful data to give. It’s the same as Mullvad, and a far smarter approach than “lol we just gonna ignore the warrant huhuhu look at us we host somewhere in Shitzerfuck” (oh btw “We are in X country which is not in N eyes” is just marketing).
Oh and btw the same goes for instances of the fediverse (which are ran by volunteers you need to trust), and if they don’t comply and the US government really wants to break into them they probably will find a way. Doesn’t even need some complicated backdoors or anything it just needs to find an OPSEC slip-up, do some social engineering, arrest someone or at worst find a bug to exploit, and I can guarantee that unless you have some serious security wizards running your instance you’re not beating the FBI there and if the FBI is really persistent and focused on you for some reason then the wizards won’t be enough you need state actors.
If your threat model actually includes the US government (aka you’re actually in danger and not some paranoia or just-in-case situation, be realistic with yourself) and there’s credible threats you may be targeted by it or other governments then you’re probably going to be using tor, briar, all that jazz, and wouldn’t be on lemmy. If you’re just some guy who just needs to message your family and shit Signal is perfectly fine, I can tell you that unless you’re a serious threat to the government they won’t waste resources cracking down ways to capture you via signal or whatever you use that is even somewhat secure (so no telegram, no WhatsApp, no messenger, etc), even if you’re a minority or activist, if not because you’re not important enough then because they have other easier ways to do it.
Edit: oh and btw Signal was banned in Ruzzia (a country way more authoritarian than the US currently is) because the FSB couldn’t crack it so that goes to show it is pretty secure.
I mean maybe but you could also just say “we did some whacky shit here help us fix it please” and let the community help you in the effort. That’s the beauty of open source. Then again they may have their reasons and frankly I’m not even interested in a TikTok like social media so w/e as long as they don’t eat up their word it’s fine.