Yes.

... also, the root decryption key is derived deterministically by the IC (vetKeys) given the user's principal in such a way that the key never exists outside the user’s device.

By contrast, Signal etc. have to store the root decryption key on the device, which means it is not available when the user signs in to a new device, and so their messages are not readable.

If an OpenChat user signs in to their account on a new device, they will have access to all their messages because they can request the root key from the IC given their user principal.

.. also, OpenChat is open source and uses deterministic builds such that anyone can build the canister WASMs (backend code packages) with the same source code and verify (due to properties of the IC) that the hashes of the WASMs matches the hashes of the running canisters. Signal might be open source, but there is no way to prove that the code running is the code you can publicly see.

@OpenChat In essence, will this be comparable to Telegram and Signal in terms of data security?