The Signal Server repository hasn’t been updated since April 2020. There are a bunch of links about this here but I found this thread the most interesting.
To me, this is unforgivable behaviour. Signal always positioned themselves as “open source”, and the Server itself is under the best license for server software (AGPLv3 – which raises questions about the legality of this situation).
Signal’s whole approach to open source has constantly been underwhelming to say the least. Their budget-Apple attitude (secrecy, i.e. “we can never engage the community directly”, “we will never merge/accept PRs”, etc) has lead to its logical conclusion here, I guess. I have been somewhat of a “Signal apologist” thus far (I almost always defend them & I think a lot of criticism they get it very unfair) but yeah I’m over Signal now.
citation needed. On the contrary, any network observer can perform a timing attack by correlating messages being exchanged to/from clients and servers. Having centralized servers only makes it easier.
Briar, on the other hand, is P2P and uses Tor as transport network making such attack way more difficult.
deleted by creator
To protect users metadata including the type of application, protocol, and timing push notifications cannot be used. Equally, direct connections to centralized servers are not suitable. That’s a reason for Briar to use Tor.
The thread is about centralized vs decentralized. Availability on OSes, polished UIs and so on are besides the point.
deleted by creator