Hacker News new | past | comments | ask | show | jobs | submit login
Signal Technology Foundation is now open for donations (freedom.press)
152 points by Krasnol 18 days ago | hide | past | web | favorite | 113 comments

I've been really disappointed in how, despite the huge amount of funding recently, Signal is still operating like a small community-powered OSS project.

I once opened an issue for 15-second freezes after sending each message, +1'd by other users, and my bug report was closed and locked with a very rude message from one of the (paid!) developers to "Please, when you open a bug, talk about the user impact."

Seriously... are you kidding me? You have $50M and you're going to close and lock a bug about 15sec lag when sending messages because it's not obvious what the user impact is?

And if I, as a former developer, YC alum, etc. can't open a bug report without getting a rude lecture from the Signal team (seriously fuck you Scott Nonnenberg), what hope is there for a casual user? I went back to re-read it just to make sure I wasn't exaggerating, and nope! It makes me mad thinking about what would happen if my non-technical friends needed help. They'd just switch.

I really want Signal as a concept to succeed, but after having used it for years and seen the bugs, and the disregard the developers have for users, I think something like Telegram is unfortunately the better bet.

> And if I, as a former developer, YC alum, etc.

This actually makes you the least important type of bug reporter (and reeks of entitlement). Given Moxie's personal views especially, you probably aren't going to win any points for either of those, especially not the last one.

Andrew Torba is YC alum, too. It's not good on its own.

On top of this, the response wasn't that rude, especially given you didn't follow the template:

I've closed this, because it's not a bug. It's a single scenario-free trace without a debug log, and without connection to a user scenario. Please, when you open a bug, talk about the user impact. Follow the bug template.

It does sound like you're talking about interactivity problems, which is something we've been talking about here: #2613

If you'd like to get involved (which you seem to with that trace!), please check out the current beta build, which has a potential fix for the interactivity problems.


You seem extremely over-entitled.

Seriously I read that bug report and I would say the same thing to OP... especially since the issue was largely a duplicate of an already existing issue. He also was hardly lectured.

Also not sure why he feels the constant need to bring up their $50M endowment... OP is no question entitled.

You're projecting your feelings about YC onto me. I don't think being a developer or YC alum makes me more entitled to good support.

As I said in my original post, if I can't figure out how to "properly" report a bug with a tech background, how do you think a regular user is going to?

> especially given you didn't follow the template

The information he told me I was missing ("talk about the user impact") was /not in the template./ The template was also not, at the time, configured to show in the issue tracker editor, it was only in the wiki. I don't think it should be on the average user to dig that up.

The user impact of freezes upon every sent message in a messaging app is also comically obvious.

Why would you mind if the user is entitled? I've regretted all the negative energy I've redirected back onto my users. I feel as though there's a lot to learn about how signal could do a better job scaling to a large scale project because I think Signal makes the same mistake as your that I used to.

I've had a lot of problems filing bugs with signal and signal projects. I've given up on filing bugs cause they are ignored because of some aspect of your byzantine issue policy. I am totally a huge supporter of signal's ideals but signal is well funded now."I'm not a YC alum" I read as if I were in your shoes. Not everything has to be an attack. Stay positive.

> user is entitled?

Is #2703 a user report or a developer report? Why would a user use GitHub and not https://support.signal.org/? Who is directing any sort of negative energy, when the reporter is swearing publicly at the developer?

right, that's what i mean by redirecting. Taking negative energy and slinging it back. It's lame. Learn from everyone

There's no negative energy in the response quoted.

That's totally false. There's lots of valuing one person over another based on what they said and felt. Then rejecting that user due to failing signal's byzantine bug reporting system

You also concluded your initial report with a pretty hostile and unnecessary comment about their funding, so I'd say their response was far kinder than you'd get from a lot of other projects.

(I know this is a free product, but you've raised a bunch of money to fund development, and if you're going to require users to be on a recent version, it's not really acceptable for the recent versions to be so buggy...)

If I was running a project geared for the long-term, I wouldn't treat $50 million like "$50 million to spend", but as a $50 million endowment where the goal is to not spend the principle.

There is also the matter of scale however: if you could grow your users, maybe you could secure more funding/donors long term as well

But its obviously a lot more likely to be around long term if they don't blow all their cash in a short term attempt at grabbing a few more users and hope to get more later.

I sent in a pull request for Signal-Desktop this month and am yet to receive any reply whatsoever for 20 days now.

Their hostility towards f-droid and saying it's too small potatoes gives me a very bad feeling about their security and that the play store version actually is safe.

You can decompile the app. Dalvik bytecode is easy to read. FDroid wouldn't make validating the security any easier.

> YC alum

Ah, ego!

I would love to use Signal, but I have two issues with it.

One, it insists on me giving more permissions to Google services, where it's very difficult to go around this requirements.

But worse, it relies on me a phone number as an ID. I keep changing my phone number, I don't wanna share my phone number, and I really think that the computer in my pocket should finally be completely separated from this old concept of a phone. Please give me another way to open a Signal account.

> But worse, it relies on me a phone number as an ID

This is the sole complaint I have with Signal (and one of many complaints with Telegram).

It's impossible to create an anon account, which I imagine would be very important for someone needing a secured messaging service in mainland China, for example.

I really love signal and I, too, fully agree with this sentiment.

I have managed to keep a phone number for almost double-digit years. It would be amazing to not have to use my telco as the source of identity for my Signal communications. If Signal could change this one thing and allow (or maybe somehow prefer?) it to be linked to a mobile number it would have real feature advantages over all of the other random chat apps for phones. Signal call quality is jaw droppingly good, but thats hard to sell at the gas station or water cooler.

As it stands people I refer to Signal usually have a preferred chat app (which is unfortunately often facebook messenger) or SMS. IOS people have no reason to use it other than the amazing privacy benefits, and android people seem to be on whatever their mom isn't.

I would pay to not have to use my phone number for this service.

You think making contact discovery much more difficult for people will make them more likely to select Signal as their preferred chat app? Especially if you are asking them to replace Facebook Messenger. If they are willing to message people using their real name, I don't think hiding their phone number from them will be a great draw.

I totally agree, but I also totally disagree that supporting this alternate use case will make the app worse for naive, regular users to discover their grandma is on Signal.

Im asking for an alternative canonical source of identity other than an extremely trustworthy telco.

Some other conglomerated examples are: Scanning a QR code in person to initiate discovery, or querying other data in the phone's "contacts" PIM app for example, email, or more imaginatively, keybase, or maybe mail out QR codes to residential address for a nominal fee?

If could be very relevant for journalists in general. I wonder if they just use burner phones in conjunction with it

I wish Signal would have a decent desktop client. I spend most of the time on a standard "computer" and not on my phone, and I'm sure others do as well.

What is the desktop client missing? I use it every day.

One of my main correspondent has memory leaks with signal desktop and messages sync between my android phone, Windows and Linux is all out of whack.

My has often problems seeing messages on her desktop client while they do appear on her phone.

the desktop client only supports chat, no audio / video calls.

Wouldn't we have to wait for Decentralized Identifiers for that? I doubt the OSS project can do customer service when things go wrong.

> it insists on me giving more permissions to Google services

Can you clarify what you mean? I use Signal without Google Play Store/Services and am curious about said requirement.

> it relies on me a phone number as an ID

I dislike this also, but what's the alternative? A phone number is (usually) a long-lived, relatively immutable identifier which is convenient, memorable and portable. It is highly usable and that may be more important than other considerations.

> but what's the alternative

Making phone and e-mail optional, and being a tier-1 identity. That's what Matrix does.

Then Signal have to store your social graph on the server in plaintext. It's not what's expected from a private messenger.

Storing the social graph is not required at all. For example, Threema creates a random alphanumeric identity that is linked to your public key (instead of linking the phone number directly to your public key). It's possible to optionally link your hashed phone number and/or e-mail to your identity. Finding your friends can be done by comparing hashes of the data in your address book with the hashes linked to the identities. Those address book hashes never need to be persisted anywhere on the server, an in-memory comparison is sufficient, then the data can be thrown away. If you wish to stay anonymous, just ask people to add you manually by typing in your identity (or by scanning your public key QR code, which also results in verification / trust).

Could you elaborate? I don't follow your reasoning here.

> I use Signal without Google Play Store/Services

Can you talk about battery requirements? For me, it proved to be a major battery drain to the point I uninstalled Signal. I don't seem to be the only one with this issue [1].

[1]: https://github.com/signalapp/Signal-Android/issues/6898

An email address? A username?

For most users, I think maintaining exclusive ownership of a phone number is much easier than securing their email account or a traditional username+password credential, so posit it's a natural fit for a secure mobile messenger.

It's not a natural fit for a secure mobile messenger if you want to stay anonymous. For some of us, security == anonymity. Tying your identity to a phone number that can only be obtained by handing a telecom your government identity documents fails.

And I don't know if anyone else has mentioned this, but uploading entire contact lists should also not be considered a natural feature of a secure mobile messenger.

> For some of us, security == anonymity.

I don't follow. How is security equal to anonymity? If anything, security is what enables privacy, which could enable anonymity. There are plenty of circumstances where you need security, but not anonymity - for example a message to your partner. Of course if you do need anonymity, there's a lot more involved than simply installing a "secure app" or anything of that sort.

> Tying your identity to a phone number that can only be obtained by handing a telecom your government identity documents fails.

I don't know about that in the US. I was able to open a pre-paid T-Mobile account to use with my LineageOS Android device without identity verification. Perhaps it is different elsewhere now?

> And I don't know if anyone else has mentioned this, but uploading entire contact lists should also not be considered a natural feature of a secure mobile messenger.

That sounds troubling, is it what Signal does? Would like to read more about that - is there a Github issue for reference?

I’ve got this crazy feeling that you’re not asking these questions in good faith, especially if you don’t understand how anonymity is important for people using secure messengers or need a Github issue to inform you about a feature long-discussed in the app.

It was asked in good faith and I did explain my reasoning for why anonymity and security are different concepts. Have you got a citation for the claim that Signal "uploads entire contact lists" or was this just FUD?




But if you don't believe anonymity is an important component for security, you probably think hashes uploaded and deleted are perfectly secure, too, so we're probably not going to come to any agreement here.

Personally, I do wish they'd decouple from phone numbers and allow users an option not to transmit hashes for their entire contact list. I don't think these are unreasonable features for a messenger that's supposed to be designed for privacy and activism.

Maybe for a secure messenger, but for a private one? It bugs me that I need to share my phone number with people that I want to contact on Signal, especially since Signal claims to focus on privacy. A private messenger should be usable anonymously, shouldn't it?

> A private messenger should be usable anonymously, shouldn't it?

It would make a good feature, but anonymity is not a requirement for privacy. I want my connection to the bank's website to be private, but there's no need for it to be anonymous. Signal offers a lot of advantage over traditional SMS with familiar usability. It doesn't perfectly solve everyone's threat model for privacy and anonymity, and doesn't have to.

[Preface: I use Matrix/Riot, Signal, Telegram and Wire for chats, and have been using these for more than a few years]

Considering the very slow pace of development on UX and stability, the $50 million initial grant and the creation of Signal Foundation don’t seem to have achieved much. As recently as a few months ago, on the latest iOS and latest version of Signal, I’ve seen some contacts get multiple device changed messages from me even though nothing had changed (no change in device, no change in OS). The few contacts who do use it also complain of message delivery issues. There’s still no way to backup chats on iOS. There’s no easy way to get back group memberships when changing devices. Combine all these with how much the UX and feature set lag behind that of Telegram, I still see Signal as a niche laggard.

As pointed out by others, using a phone number as the identifier is a big drawback for something that focuses on security and privacy (Telegram shares the same drawback). What’s worse is that Signal, like WhatsApp, exposes one’s phone number to everyone else in a group (something Telegram got right for a long time by making one’s phone number invisible by default; after privacy issues in the Hong Kong protests, Telegram quickly provided an update so that even people who have your number in their contacts, through enumeration in the case of oppressive regimes, wouldn’t know that you’re on Telegram).

I can go on and on, but Signal is not something I’d recommend to people who need secure, private and reliable messaging. I’m currently looking forward to UX improvements in Matrix and its clients. A decentralized solution is probably the best bet for our freedom.

$50 million in initial funding from Brian Acton. That’s approximately 50 years of the FSF budget or 100 years of OpenBSD.

I wish them well.

They're in a very different space than FSF/OpenBSD and competing directly with well funded companies like Facebook, Google, Telegram, etc.

Brian Acton, Whatsapp founder, probably understands this better than anyone.

> and competing directly with well funded companies like Facebook, Google, Telegram, etc.

As opposed to competing with well funded companies like Sun, IBM, SGI, and Microsoft?

Sometimes producing a better, more open product is more important than funding numbers.


They're a messaging app.

Basic communication is not that complicated, it does not take that much effort.

Whole operating systems are not less complicated than exchanging messages because of differences in competition.

If Google started selling sandwiches, Subway wouldn't start requiring 30 people to make your lunch.

It is actually quite complicated to convince a consumer to use your app instead of Facebook Messenger. Especially when you don't possess an ecosystem of services that they and their friends already use on a daily basis.

It wasn't that hard for Whatsapp:

- Provide excellent clients.

- Promise to take payments and not mine data or show ads.

- Use few but smart employees.

- Profit.

Telegram managed to get this right too, and I'm disappointed with both of them for now, Whatsapp for selling out and Telegram for starting yet another crypto currency.

Both managed thanks to people going around selling it.

At the point were I

- either need more than mail envelope security (protection against causual snooping by local mail delivery)

- or were Signal or Matrix becomes equally usable as Telegram

I'll be happy to move, as will many others I think.

Provide a better messaging systems - and this time show me up front how you won't get away legally with selling out for > 10 Billion USD - tell me about it and watch me sell it. PS: protip: do charge reasonable payments like Whatsapp did! Or sell API access or something that makes you aligned with the users instead of investors.

For every Whatsapp or Telegram there's hundreds of chat clients which failed to succeed.

It's $16,000,000,000 hard (Whatsapp acquisition price).

Subway probably does have more than 30 people involved with menu design, quality control, and logistics in order to ensure that you get a consistent sandwich, though.

(although when I used to eat at Subway a lot as a kid, somehow the Subway in one town always seemed tastier than the location in a nearby town... hmmmmm)

Subway offers franchises different levels of ingredient quality. I've seen discussions about some ingredients where restaurants that paid for the higher quality usually put a smaller quantity, and people use that as an indicator.

Also, depending on when you were a kid, you may have had one restaurant that still cut the bread using the wedge technique.

Oh I’m sure. Just putting it into some context.

You spelled “competing directly with nation-state security services” wrong.

Microsoft is pretty well funded too

A secure messenger is important for civil society, but that is a good amount of funding to play with. Time to send some extra money to other foundations? Which other tech foundations are worth donating to these days?



- Mozilla

- Software Freedom Conservancy

Matrix, perhaps, since it's still evolving and is a decentralized solution focusing on privacy and security without the need for a phone number? [1]

[1]: https://shop.matrix.org/

- Free Software Foundation

- Wiki Media

OpenBSD and FSF don't have to pay for SMS/voice calls for user registration or a messaging infrastructure.

I've tried Signal many times, but their lack of certain features continues to make it a no go for me. There's still no real multi device support, no tablet support, no Siri support, and no backup cloud or otherwise (switch phones and lose everything!).

I understand that these are complex issues but Signal is competing with iMessage for my usage and it can't win without these.

I use Signal because the most important thing to me about a messenger is security and privacy. Other features notwithstanding, iMessage simply does not offer the same guarantees as Signal so long as Apple manages encryption keys vs the users themselves, and obviously remains closed source and proprietary. In other words, I would only consider Signal to be a truly end-to-end encrypted application of the two, and that's of utmost value to me.

That makes sense, and I am glad that signal exists for people like you who want what they provide.

For me, iMessage / FaceTime achieve good enough security while also letting me use any of my devices (except my windows machine!), and I don't lose everything if I switch phones. I think that signal could better achieve their goals by making some time for usability work.

There's a backup function. You can set it to run at certain intervals. I included it in my syncthing sync so I have a backup of my whole signal whenever I run syncthing.

I just looked it up, and they say backup isn't possible on iOS.


It was "on the roadmap" as of 4 years ago


…but there's been no apparent progress.

On some core usability & functionality matters, Signal appears to be a really, really, lethargic development team, both before and after the arrival in early 2018 of $50 million in funding.

Which previously made sense when the file system was basically untouchable by end users. But with files/ios13 it makes no sense at all.

Ah, my bad. It works on Android which is all I've ever used it on.

Signal's purpose is to be secure and private. If these are not primary concerns, it is unlikely that Signal would be the best option for you, as there will always be someone with more money and developers to out-class Signal feature-wise.

Unless Signal's usability matches what the average user expects, nobody will use it, and it will therefore fail at being able to be secure and private.

It takes two parties to install it for it to be beneficial, and so far those I've asked to use it have uninstalled it because of usability.

The only people I know complaining about "usability" are very young. People missing custom stickers and stuff like that.

Otherwise I didn't hear about any relevant issues with general users I got to use it.

What usability issues did those you ask have?

I'm guessing you haven't used Telegram, since you believe that only those who miss custom stickers complain about usability on Signal. You should try Telegram for a few months and compare it with Signal. The difference is night and day, especially once you get used to using not exposing your phone number to random people, fast and reliable message delivery, using multiple devices and platforms (including a web browser) with synced conversations, editing messages, using bots for different purposes, etc.

I do have used telegram. It's unfortunately the only way to get in touch with my local openstreetmap community. I didn't see anything there I would miss on my Signal app. I also don't see the phone number thing being an issue as the people I communicate with on Signal do already have my phone number. I also have the Signal Desktop program on my PC. Nothing to be desired there too. Works flawless. Haven't seen a single bot doing something I'd require from an app I use to communicate. What bots would you miss in Signal?

I brought up the stickers issue because this is what I heard in complaints before.

I mean, I'm 33 so being considered "young" is a matter of perspective I suppose.

I don't really care about stickers, but I do care about being able to back up my conversations, being able to use any device I have at hand, and being able to do so with Siri voice activation if I'm driving.

No need to take this personally. I just said what I heard from the people I know and who complained. The rest did not as most of them use Whatsapp and there is nothing they miss in Signal. So saying "Unless Signal's usability matches what the average user expects, nobody will use it" is a matter of perspective I suppose.

btw It looks like the backup problem is something you should blame Apple for https://github.com/signalapp/Signal-iOS/issues/905. It works flawlessly on Android. As for your Siri issue, I wouldn't say it's something "the average user expects". I don't know anybody doing what you wanted to do there.

I use it.

Signal's goal has always been claimed to be to bring security to the masses though. My sticking points are not unique to me, but will likely be considered table stakes to compete with the industry titans like Facebook Messenger and iMessage.

I love that this is led by Brian Acton, ex-WhatsApp founder who must know from first hand experience how badly an alternative to Facebook is needed in this space.

I use signal as my main messaging app and wish them well.

I was super-impressed with Acton's creation & principled stewardship of WhatsApp, but with regard to Signal, he's been essentially invisible since the initial announcement of his donation/involvement.

His name only appears twice at the `signal.org` website:


His name doesn't appear in any recent Signal news – such as this, about the foundation being ready to take donations.

As of April, he was supposed to be speaking at the 'TechCrunch Disrupt SF' conference that happened earlier this month – https://techcrunch.com/2019/04/03/whatsapp-brian-acton-disru... – but he wasn't on the final schedule/speakers-list and I've seen no followup coverage indicating he actually spoke there.

It'd be good to know what his actual involvement is, before transitively having confidence in Signal based on Acton's experience.

I just wish i could get more people to adopt it - between whatsapp and text/imessage people are not interested in another messaging platform...

I'm about to receive a librem5, and Signal is going to be one of the biggest stumbling blocks for me to switch over. The electron desktop app can't serve as a replacement even if it could run properly (it needs to be tethered to a phone that can run the Android or iOS mobile client, with the SIM for your number installed), and open source reimplementations are few and far between (and then there's the issue where they don't want third-party implementations or forks talking to their servers, and they don't federate, so it's not like you can actually run your own server and continue to talk to anyone).

I'm sure the librem5 community will eventually scaffold something to make this work, and it might even be somewhat user-friendly, but I can't imagine a scenario where Signal themselves are positive about it.

So, it's back to SMS for me. And convincing my more technical friends to give Matrix a try again, in the hopes that the UX issues aren't as bad for them in late 2019.

I wish Signal the best of luck, I really do; their goal is laudable, most of their source is open, and they're smart folks. But a very limited developer community (and open hostility to the kind of community that might result in broader platform options) means I've stopped suggesting it to folks, because I won't even be able to use it myself very shortly.

Are there any android OEMs that ship Signal as the default messenger application?


Get this -- not even GrapheneOS includes it in their prebuilt images.

It's better you install it directly from the source (either their site or Google Play).

Doesn't it depend on Play Services? I don't think GrapheneOS could ship it out of the box anyway.

It does not depend on Google Play, even for notifications. If you have it installed it will use it, but it has its own notification service as well.

Interesting. The last time I used the unofficial client for Ubuntu Touch, it couldn't send notifications because the only options for those were either FCM or APNS. I wonder if it'd be feasible to add notification support to it now using Signal's notification service.

In theory it supports WebSockets natively (now) and I've heard from others that it does work without Google Play Services.

Does it handle regular SMS and MMS on Android?

It handles regular SMS just fine on Android. It's great as you can set it as your default messaging app and for regular contacts it sends SMS and for Signal users encrypted messages.

It's iOS where it doesn't work AFAIK as you can't replace the default messaging app.

Yes it does, it integrates very well on Android -- very similar "invisibility" that iMessage has on iPhones.

It does but you will not be able access SMS and MMS messages sent in your prior SMS app in Signal. This has prevented me and based upon multiple threads found while trying to see if it was possible many others from switching to using Signal as my default SMS messenger. It used to be able to import your prior messages but lost the ability to do so and the developers don't seem particularly open to bringing it back.

The SMS import still works, I did it just a few days ago.

They must have very recently re-implemented it. It had stopped working when they disabled plain text backup and restores.

Yes it does. I installed it out of curiosity and use it as my messaging application. But I think that using it like this, without the secure messaging(since I have no one to send secure messages to) you don't really get any benefit.


Is Signal still proprietary?

AFAIK Signal has always been open source: https://github.com/signalapp

The server was not always opensource and until the phone part moved from redphone's implementation to signal protocol, that was also proprietary.

Additionally, they have been hostile to federating, 3rd party appstores (fdroid), and until the past year or two it was not possible to run the android client without Google play services and analytics.

Not proprietary but it does require personally identifying information, a phone number, to use.

Signal is open source. Are you thinking of Telegram?

Maybe I'm mis-remembering, but IIRC their protocol is proprietary—even though the code is open source.

So it was more like "you can read the source, but can't do anything new or different with it."

Signal is free software. However, there are two problems with Signal that may make it less worth it for free software enthusiasts:

- Signal for Android is built with Google proprietary libraries (Firebase). Signal binaries therefore contain non-free parts.

- Moxie does not want to see non-official clients connect to the official servers of Signal, including forks that only get rid of the Google part. Understandable but annoying. LibreSignal was doing that, and was stopped for this reason.

I would add something else that bothers me, and it's the requirement to tie one's account to a phone number (and the inability to run Signal on several phones I guess). Moreover, one can avoid smartphones (to avoid binary blobs that come with every smartphone of today on which Signal is supported for instance) with a little bit of hacking with signal-cli, but this is not straightforward and the Signal desktop application is limited. By encouraging the use of Signal, you are basically making people depend on smartphones.

Not good as far as I am concerned, but still far better than WhatsApp and you can, if you really want to, compile the Android application yourself by removing proprietary dependencies. I did it recently, it's a few hours of work, it seems to work and it's supposed to, but I don't actually use it so don't take my word for it.

So, with Signal, it is:

- give your phone number

- run proprietary software (and the developers highly recommend Google Play on Android), or edit, compile the app for yourself and manage your own updates (and live with your phone's binary blobs anyway), or accept to only use the limited desktop client. In any case you need a phone.

So close to a very good solution…

What you’re probably remembering is the fight between them and forks about interoperability. Forked versions aren’t allowed to use the signal servers (and therefore talk to other users). This is in contrast to federated protocols such as matrix, where there’s space for many clients.

Telegeram allows third-party clients, there are quite a few of them, actually

what is matrix? Other than a pretty great action movie, I mean.

It may be the server code that is or was unavailable. The app has always been open.

Server code is available, but you can't run your own server and communicate with the rest of the Signal users. (Federation isn't possible with this protocol, which kind of sucks).

> Federation isn't possible with this protocol, which kind of sucks

Moxie has a blog post explaining why Signal won't support federalization: https://signal.org/blog/the-ecosystem-is-moving/

"After three weeks, sealed sender now represents over 80% of overall Signal messaging traffic." https://twitter.com/signalapp/status/1075918894521495552

This would be impossible to achieve with federated protocol.

If I understood correctly, the Signal protocol can be federated (and actually, I just learned that Signal was federated in the past with servers managed by Cyanogenmod between 2013 and 2016), but Moxie does not believe federation is a good thing for Signal.

See https://en.wikipedia.org/wiki/Signal_%28software%29#Federati...

Telegram clients are also open source. Unfortunately, not the server, though.

The Telegram clients aren't really developed in a way that I'd call "open source". The code they publish (if at all) is quite distinct from what they actually distribute.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact