The Signal Server repository hasn’t been updated since April 2020. There are a bunch of links about this here but I found this thread the most interesting.

To me, this is unforgivable behaviour. Signal always positioned themselves as “open source”, and the Server itself is under the best license for server software (AGPLv3 – which raises questions about the legality of this situation).

Signal’s whole approach to open source has constantly been underwhelming to say the least. Their budget-Apple attitude (secrecy, i.e. “we can never engage the community directly”, “we will never merge/accept PRs”, etc) has lead to its logical conclusion here, I guess. I have been somewhat of a “Signal apologist” thus far (I almost always defend them & I think a lot of criticism they get it very unfair) but yeah I’m over Signal now.

  • ssenecaOP
    link
    fedilink
    arrow-up
    23
    arrow-down
    1
    ·
    4 years ago

    A few years ago (2017?) I decided I would move messenger apps. The aim (and what I’ve achieved) was all my messaging going through a secure, private app.

    Signal was never an option.

    In 2017, Signal really was the only option. Element (Riot, back then) was really bad and didn’t feature e2ee (which only got enabled by default last year!). XMPP was and remains difficult to use (not even many people here use it, how could I expect “normal people” to use it?)

    I made the choice to use Signal, and I don’t regret it. I only regret that it has taken until now that we are starting to see a glimmer of a real competitor, in the form of Matrix. But a really competitor to Whatsapp and the like, back in 2017, just didn’t exist outside of Signal.

    • poVoq
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      edit-2
      2 years ago

      deleted by creator

      • ssenecaOP
        link
        fedilink
        arrow-up
        8
        arrow-down
        1
        ·
        4 years ago

        It’s not about instances, they’re pretty much equal in that regard. There are two main issues with XMPP:

        1. Clients. There is no “default” or “reference” client for XMPP, whereas there is a cross-platform one for Matrix (in the form of Element). This has several implications, but the most important is that for the non-technically aware (which is the vast majority of people I talk to), it is easier and reassuring to use “the” Matrix client. The more important implication to me is on e2ee. Conversations started in Element now enable e2ee by default. In contrast, every XMPP client I’ve tried (on Linux & iOS) does not.
        2. Message history. Matrix and XMPP differ a lot here, and it’s why the Matrix homeservers are much more resource hungry than XMPP servers. When I use Matrix, I get message history on each device. This is a critical feature for those I want to move from Whatsapp and the like. This is not the case with XMPP.
          • ssenecaOP
            link
            fedilink
            arrow-up
            3
            ·
            4 years ago

            You say you disagree with the default clients idea, but why?

            At most it is a branding/marketing problem

            I don’t know why you’re so dismissive of this issue. I feel like you’re framing me as if I’m anti-XMPP when that isn’t the case; on the contrary I use XMPP and am a Prosody server admin. The reality of the situation though, like I’ve said above, is that next to nobody uses XMPP, even in tech communities. At this point “branding/marketing” could end up being the be-all and end-all of the entire protocol.

            As for the other two points: that is both false and outdated.

            You’ve misinterpreted my comment. I am very well aware XMPP has and has had e2ee support, the issue is that XMPP clients never have this switched on by default, in my experience (which was testing every XMPP iOS client there is, the platform most my friends use).

    • riccardo
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      4 years ago

      Well there was Wire, which offered e2e encryption, an open protocol and opensource clients and backend, it has been audited, and it was based in Swiss which is times better than the US. I tried to move a lot of people there, but luckily I failed, considering it has been bought by an advertisement company recently

      • Ghast
        link
        fedilink
        arrow-up
        4
        ·
        4 years ago

        Wire looked nice, but I stopped using it after they persistently dragged their feet on federation.

        Git discussion

        Once something with federation gains popularity, the discussion may be over, as we won’t have to talk about jumping ship every year. I’m not sure it’s doable yet, but I’m sure that once it takes hold it’ll last, just like email.

      • ssenecaOP
        link
        fedilink
        arrow-up
        4
        ·
        4 years ago

        Wire was pretty good, true. I used it a bit, but chose Signal because Wire (similarly to Matrix, for now) doesn’t encrypt any/most metadata, whereas Signal encrypts everything and always has.

        And like you said, it’s since been sold to an advertising company. Not sure if that’d even be possible with Signal since it’s owned by a non-profit (admittedly not always the case, I guess it could have been possible when they were still OWS).

        In both cases, their centralised nature means changing ownership can be devastating (like in the case of Wire). This is why I believe Matrix is the future. Its community is much healthier and active in the development of the ecosystem (3rd party clients, bridges, they actually accept PRs, etc…)

        • southerntofu
          link
          fedilink
          arrow-up
          8
          ·
          4 years ago

          Signal encrypts everything and always has.

          This is not exactly true. Encrypting metadata is most times impossible due to the server needing to know who to deliver messages to (at the very least). “Sealed sender” is now a thing (though i don’t know how strong a protection that is), but to my knowledge Signal continues to aggressively expose users’ phone numbers both to the server (in a hashed formed, for contact discovery) and to other users in public chatrooms. Please correct me if wrong.

          it’s owned by a non-profit

          A non-profit doesn’t mean you need to do good. Also, it can turn into a for-profit over the years. It’s in fact a conscious strategy of startups in the field of “sharing economy” (remember couchsurfing?)

          This is why I believe Matrix is the future.

          Matrix is one among others, but i’m not convinced a single solution is going to be the best:

          • Matrix really has a startup vibe and introduces a lot of complexity (reinventing quite a few wheels along the way), to the point the current situation is there’s only one bad client/server implementation (really resource-hungry)
          • Jabber/XMPP has a much slower but dedicated non-profit ecosystem (let’s not even talk about the commercial branches) and lots of client/server options for all hardware/systems, but the clients don’t have good UX/polishing
          • ActivityPub has a vibrant ecosystem but most clients are web-oriented (such a shame) and tailored to a specific use-case (peertube/mastodon/pixelfed)

          They all have strong arguments going for/against them. I believe interoperability is the only way to go. These network are doing mostly the same thing, and there’s no reason we can’t talk across networks.

          Which brings me to the fact matrix folks really don’t seem to care about interoperability though i hope i’m wrong about this.

          • ssenecaOP
            link
            fedilink
            arrow-up
            4
            ·
            4 years ago

            I have a lot of thoughts about this but don’t really have the time to reply.

            All I’ll say is that I hope you’re following Element’s progress with Dendrite closely. I host my own Dendrite server and it is much more reasonable in terms of resource usage versus Synapse, and it hasn’t even had any resource optimisation features implemented yet.

              • federico3
                link
                fedilink
                arrow-up
                1
                arrow-down
                4
                ·
                4 years ago

                massive privacy issue, as this immutable and permanent history room state data is synchronized across any server that has a member joining

                This is terrible.

                Matrix evolved evolved in a very messy way, starting without encryption and hacking it in later on, and now it’s even trying to become P2P. I expect more serious privacy-breaching “features” to come out over time.

            • southerntofu
              link
              fedilink
              arrow-up
              3
              ·
              4 years ago

              Element’s progress with Dendrite

              I’m keeping an eye on Dendrite. I’m not convinced go is the best language for server software, as it suffers many same pain points as Python (eg. GC pauses), but it looks like a neat progress. In fact i’m going to try dendrite very soon when i have some time.

              Element on the other hand i would just put in the dumpster because it’s full of everything that’s wrong with web applications. 9MB initial loading just for a simple chat application, seriously? Several seconds of latency just to switch chatrooms? Seriously it’s 2021 folks, how can anyone be happy with such mediocrity and then complain why noone is using Element…

              Just found gomuks which appears to be a lot better for desktop/laptops (not mobile). I will try it out and see…

              • ssenecaOP
                link
                fedilink
                arrow-up
                2
                ·
                4 years ago

                Element the client is garbage, I was talking about Element the organisation formally known as New Vector, who develop and maintain the Dendrite homeserver

              • southerntofu
                link
                fedilink
                arrow-up
                2
                ·
                4 years ago

                gomuks

                So i just tried gomuks and it’s a pleasure to use! Room switching is instant (compared to 5-15s on Element) and it took just a few seconds to compile. Only downside is it was designed for dark theme so contrast is really bad on light background.

          • michel
            link
            fedilink
            arrow-up
            3
            ·
            4 years ago

            FluffyChat is a decent alternative client (with E2EE support). If you don’t need e2ee there’s actually a healthy number of clients, and some of them do seem to have it on their roadmap

            https://matrix.org/clients/

            Point taken on server implementations though

            • southerntofu
              link
              fedilink
              arrow-up
              2
              ·
              4 years ago

              FluffyChat is not an option because it doesn’t support proxies including Tor. If you’re using fluffychat please open an issue there for integrated tor support like Conversations/Gajim does in the Jabber/XMPP world :)