The Signal Server repository hasn’t been updated since April 2020. There are a bunch of links about this here but I found this thread the most interesting.

To me, this is unforgivable behaviour. Signal always positioned themselves as “open source”, and the Server itself is under the best license for server software (AGPLv3 – which raises questions about the legality of this situation).

Signal’s whole approach to open source has constantly been underwhelming to say the least. Their budget-Apple attitude (secrecy, i.e. “we can never engage the community directly”, “we will never merge/accept PRs”, etc) has lead to its logical conclusion here, I guess. I have been somewhat of a “Signal apologist” thus far (I almost always defend them & I think a lot of criticism they get it very unfair) but yeah I’m over Signal now.

  • sseneca@lemmy.mlOP
    link
    fedilink
    arrow-up
    20
    arrow-down
    1
    ·
    4 years ago

    A few years ago (2017?) I decided I would move messenger apps. The aim (and what I’ve achieved) was all my messaging going through a secure, private app.

    Signal was never an option.

    In 2017, Signal really was the only option. Element (Riot, back then) was really bad and didn’t feature e2ee (which only got enabled by default last year!). XMPP was and remains difficult to use (not even many people here use it, how could I expect “normal people” to use it?)

    I made the choice to use Signal, and I don’t regret it. I only regret that it has taken until now that we are starting to see a glimmer of a real competitor, in the form of Matrix. But a really competitor to Whatsapp and the like, back in 2017, just didn’t exist outside of Signal.

    • poVoq@lemmy.ml
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      4 years ago

      I don’t quite get why you think XMPP is harder to use than Matrix. The only way this seems true is if you use the main matrix.org instance and then you are pretty much back at a centralized service based in a five eyes country (UK).

      • sseneca@lemmy.mlOP
        link
        fedilink
        arrow-up
        8
        arrow-down
        1
        ·
        4 years ago

        It’s not about instances, they’re pretty much equal in that regard. There are two main issues with XMPP:

        1. Clients. There is no “default” or “reference” client for XMPP, whereas there is a cross-platform one for Matrix (in the form of Element). This has several implications, but the most important is that for the non-technically aware (which is the vast majority of people I talk to), it is easier and reassuring to use “the” Matrix client. The more important implication to me is on e2ee. Conversations started in Element now enable e2ee by default. In contrast, every XMPP client I’ve tried (on Linux & iOS) does not.
        2. Message history. Matrix and XMPP differ a lot here, and it’s why the Matrix homeservers are much more resource hungry than XMPP servers. When I use Matrix, I get message history on each device. This is a critical feature for those I want to move from Whatsapp and the like. This is not the case with XMPP.
        • poVoq@lemmy.ml
          link
          fedilink
          arrow-up
          5
          ·
          edit-2
          4 years ago

          I disagree on the default client idea, especially if it is such a badly done web-based one as element/riot. In the end clients are always platform specific, and there are easy to find “best” XMPP clients for each platform. At most it is a branding/marketing problem (see Snikket.org for that).

          As for the other two points: that is both false and outdated. e2ee has been supported and the default in XMPP for longer than in Matrix and message history (as much as the e2ee double ratchet algorithm used both in OMEMO and OLM permits) is working perfectly in XMPP across clients if the server has MAM enabled (pretty much all have).

          • sseneca@lemmy.mlOP
            link
            fedilink
            arrow-up
            2
            ·
            4 years ago

            You say you disagree with the default clients idea, but why?

            At most it is a branding/marketing problem

            I don’t know why you’re so dismissive of this issue. I feel like you’re framing me as if I’m anti-XMPP when that isn’t the case; on the contrary I use XMPP and am a Prosody server admin. The reality of the situation though, like I’ve said above, is that next to nobody uses XMPP, even in tech communities. At this point “branding/marketing” could end up being the be-all and end-all of the entire protocol.

            As for the other two points: that is both false and outdated.

            You’ve misinterpreted my comment. I am very well aware XMPP has and has had e2ee support, the issue is that XMPP clients never have this switched on by default, in my experience (which was testing every XMPP iOS client there is, the platform most my friends use).

            • poVoq@lemmy.ml
              link
              fedilink
              arrow-up
              6
              ·
              4 years ago

              The situation on iOS for XMPP is uniquely bad (but actually Siskin and Monal are improving a lot lately). It simply is unfair to look at only one tiny and for most people irrelevant (and uniquely bad) platform and extrapolate from that. On all other platforms XMPP works great and most clients have e2ee enabled by default for 1:1 chats (where it makes the most sense).

              As for the other topic, sorry I didn’t want to sound so confrontational, but the same argument comes up all the time inside and outside of the XMPP ecosystem and I think it is simply false. There are other problems why XMPP isn’t adopted. Network adoption is driven by network effects. People invite other people to the network and when doing that they typically also recommend a client (& server). The case of a lone person looking for a new messaging system without any network is the rare exception and one that only comes up in the bubble where this discussion usually takes place.

      • Ghast@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        4 years ago

        Wire looked nice, but I stopped using it after they persistently dragged their feet on federation.

        Git discussion

        Once something with federation gains popularity, the discussion may be over, as we won’t have to talk about jumping ship every year. I’m not sure it’s doable yet, but I’m sure that once it takes hold it’ll last, just like email.

      • sseneca@lemmy.mlOP
        link
        fedilink
        arrow-up
        3
        ·
        4 years ago

        Wire was pretty good, true. I used it a bit, but chose Signal because Wire (similarly to Matrix, for now) doesn’t encrypt any/most metadata, whereas Signal encrypts everything and always has.

        And like you said, it’s since been sold to an advertising company. Not sure if that’d even be possible with Signal since it’s owned by a non-profit (admittedly not always the case, I guess it could have been possible when they were still OWS).

        In both cases, their centralised nature means changing ownership can be devastating (like in the case of Wire). This is why I believe Matrix is the future. Its community is much healthier and active in the development of the ecosystem (3rd party clients, bridges, they actually accept PRs, etc…)

          • sseneca@lemmy.mlOP
            link
            fedilink
            arrow-up
            3
            ·
            4 years ago

            I have a lot of thoughts about this but don’t really have the time to reply.

            All I’ll say is that I hope you’re following Element’s progress with Dendrite closely. I host my own Dendrite server and it is much more reasonable in terms of resource usage versus Synapse, and it hasn’t even had any resource optimisation features implemented yet.

            • poVoq@lemmy.ml
              link
              fedilink
              arrow-up
              4
              ·
              4 years ago

              While Dendrite is better in many ways, AFAIK it does not solve the fundamental architectural problem of immutable and permanent history room metadata. As a result of that, database storage use is growing indefinitely (easily into the hundreds of gigabytes) and there is no real solution to that anywhere in sight. In addition I think it also is a massive privacy issue, as this immutable and permanent history room state data is synchronized across any server that has a member joining a chat. Yes I am aware that this is a “feature” of matrix, but IMHO a really bad one and resilient federated rooms can also be implemented in different, less over-engineered ways.

              • federico3@lemmy.ml
                link
                fedilink
                arrow-up
                1
                arrow-down
                4
                ·
                4 years ago

                massive privacy issue, as this immutable and permanent history room state data is synchronized across any server that has a member joining

                This is terrible.

                Matrix evolved evolved in a very messy way, starting without encryption and hacking it in later on, and now it’s even trying to become P2P. I expect more serious privacy-breaching “features” to come out over time.

                • poVoq@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  3
                  ·
                  edit-2
                  4 years ago

                  Not really, that was a feature that was there from the very beginning and Matrix also openly advertised this. The problem mainly comes from people projecting their wishes onto them and the Matrix team (for commercial interests/ego I guess) not vehemently denying that privacy is mostly an afterthought in the system’s design.

          • michel@lemmy.ml
            link
            fedilink
            arrow-up
            3
            ·
            4 years ago

            FluffyChat is a decent alternative client (with E2EE support). If you don’t need e2ee there’s actually a healthy number of clients, and some of them do seem to have it on their roadmap

            https://matrix.org/clients/

            Point taken on server implementations though

          • poVoq@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            4 years ago

            That pretty much sums it up. Matrix isn’t bad, but basically over-hyped and reinvents the wheel for most stuff.

            As for sealed-sender in Signal: That is in theory a good idea (and should be implemented in XMPP at some point), but in a walled garden with a single server it is snake-oil as the central server can still easily correlate sender based on other metadata.

        • Echedenyan@lemmy.ml
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          4 years ago

          Not only sold, I used to report bugs to Wire by e-mail and GitHub before of the change.

          One day, they just sent me an automated message in which they said they would not going to provide support to the personal edition at all during a time because of the lack of staff while providing support to the business edition.

          It passed more than a year and was maintained, I don’t know today but I expect the same.

          Edited: I don’t know why I put Signal instead of Wire jajajajajajajaja.