The point is that you don't have to trust them because the client (where the relevant cryptography is performed) is open source and the fact that my links point to signal.org is completely irrelevant, those blog posts are just ways to advertise facts that are freely verifiable. You can read the source code to check the implementation of sealed senders or how the social graph is handled.
NSA can hack into Signal's infrastructure, and what they will be able to gather are the same information provided by Signal in reply to subpoenas (the whole list here https://signal.org/bigbrother/), because everything else is end-to-end encrypted.
NSA can hack into Signal's infrastructure, and what they will be able to gather are the same information provided by Signal in reply to subpoenas (the whole list here https://signal.org/bigbrother/), because everything else is end-to-end encrypted.