It's worth to note Bitmessage is messaging protocol, but not instant messaging protocol. PS. Actually e-mail isn't instant messaging protocol either.
That is a quote from the setup info. Frankly, that is where almost all of us run into a glitch. Almost zero of my real name associates would use this service. Call it stupidity or just apathy, but they won't go through anything even close to this. When they hear about GPG or anything related they tune me out immediately. Just the facts on my life, and I am betting for most of us here.
Yup. Security needs to be simple like encrypted IM apps, otherwise it's a failure in design in my opinion.
Todays' mantra, for almost everything, is "When do we want it: NOW". I think most of them would rate encryption, or even 2FA, on a par with open heart surgery. Places to go - things to do, until they suffer the consequences of their carefree approach. And that's the thing, very few do. Even though we read everyday of "gazillions" of users having their passwords hacked, if they are not affected financially, then the users don't give a monkeys.
Yeah, Bitmessage is a little intimidating. But also, is it really still one of the most secure and private options? It does work well enough in Whonix, I admit. And it seems pretty reliable.
To use Signal one must register it with her/his phone number. Signal is centralized service, so Signal knows who is communicating with who (phone numbers, IP addresses). IIUC in Signal some metadata is hashed, but there is very limited input and no salt, so all the output can be effectively pre-computed. This is not enough to know for sure metadata is secure. Bitmessage is fundamentally different. It is p2p network. IIUC all the data and metadata are securely encrypted.