The Signal Server repository hasn’t been updated since April 2020. There are a bunch of links about this here but I found this thread the most interesting.
To me, this is unforgivable behaviour. Signal always positioned themselves as “open source”, and the Server itself is under the best license for server software (AGPLv3 – which raises questions about the legality of this situation).
Signal’s whole approach to open source has constantly been underwhelming to say the least. Their budget-Apple attitude (secrecy, i.e. “we can never engage the community directly”, “we will never merge/accept PRs”, etc) has lead to its logical conclusion here, I guess. I have been somewhat of a “Signal apologist” thus far (I almost always defend them & I think a lot of criticism they get it very unfair) but yeah I’m over Signal now.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
Another big problem with Signal is the fact that it’s centralized with the server being located in US. Even if the protocol itself is secure with the server not having access user data, this presents a huge risk since US government can simply force Signal to shut down the service at any time. The server can also potentially collect metadata about the users providing US security agencies with user connection graphs.
I think that Matrix approach is much more sound, and would always recommend it over Signal.
Let’s be honest, Signal was never an option.
Rather than being free software, signal is more like museum software, you can see, but you cannot touch.
Whenever I question Signal on Reddit, I get downvoted to hell.
In terms of privacy, I still vastly trust Signal over WhatsApp, Snapchat, etc. But they’ve been sketching me out more and more lately. First was them making Signal dependent on Google services. Then there was them threatening to sue projects that attempted to create forks of the project without said Google dependencies. Now it’s them not disclosing the source code for their server side software.
In their defense, the client is still mostly open source, but they need to stop acting like some savior for privacy when they are so hostile to open source.