zlacker

Yes and no.

Signal is not actually designed with mobility in mind (in fact I would argue, based on Moxie's 36C3 talks, it was designed to be and continues to be persistently kept anti-mobility). That fact is independent of it being open- or closed-source.

However, if the server is open-source, it opens the door for future mobility in the event of org change. If it's closed-source, you get what's currently happening with WhatsApp.

In actuality, if we had something federated, with mobility pre-baked in, having a closed-source server would be less of a security-risk (the gp's comments on only needing to trust the client would apply more strongly since mobility removes the power to change from server maintainers)

Basically:

- with multi-server clients (e.g. Matrix/OMEMO), you have no dependency on any orgs' server, so their being open-source is less relevant (provided the protocol remains open—this can still go wrong, e.g. with GChat/FBMessenger's use of XMPP).

- with single-server clients (Telegram/WhatsApp/Signal), you are dependent on a single server, so that server being open-source is important to ensure the community can make changes in the event of org change.

replies(1): >>kreetx+Gu

>>lucide+(OP)
So in principle we do have this mobility because you can run your own servers. Perhaps it is not all that unlikely that they will do a bridge to matrix.

replies(1): >>lucide+G42

>>kreetx+Gu
You cannot currently run your own Signal server, no. That's what prevents mobility.

You are free to examine the source of theirs (if they choose to continue releasing it), but you cannot self-host.

replies(1): >>kreetx+cq2

>>lucide+G42
If both the code and the server are open source then how come you can't run it?

replies(1): >>lucide+tU2

>>kreetx+cq2
If you checkout the client source, compile it, and install it on your own mobile device, you can then connect it to your own self-hosted server instance. However Signal's own server instance will then block your client (and there's no way to connect the client binaries they distribute to anything but their own server).

So you would have to then follow the above steps for any contacts you want to communicate with, distributing your own client to them. Signal devs have generally been extremely hostile toward anyone wishing to do this however.

The only way out of this situation would be if the Signal project itself was forked and people moved to that forked open-source multi-server client.

replies(1): >>kreetx+rC3

>>lucide+tU2
Ok, but they should be forced then to do the things they don't want to do?

What I mean is: if Signal is not Elment.io/matrix, and that the latter is better for freedom and openness, then one can agree with with that. But what I don't understand is the demand from people that Signal somehow owes them the ability to be like matrix, be federated, etc. and also be so judgemental about it, is what rubs me the wrong way.

replies(1): >>lucide+nX6

>>kreetx+rC3
I've tried to approach this thread in good faith, as your earlier replies seemed genuinely curious/discussion oriented, but the "ok, but" tone is making them seem increasingly shill-like.

I don't think anyone's "demanding" or "forcing" anything here. We're simply describing a definition of what we consider desirable as a sustainable secure messaging option, and pointing out the specific reasons that Signal isn't currently living up to that definition.

It's maintainers are free to continue on their way ignoring said definition.

Personally, my own comments are not targeted at Signal devs but rather at others who might consider using Signal thinking it provides certain guarantees when it doesn't.