Signal-Server VS paper-research-privacy-matrix.org

> They could at least BSL the server code and allow others to verify the server code and host but not compete.

This is exactly what they do (except they use AGPL): https://github.com/signalapp/Signal-Server

https://github.com/signalapp/Signal-Server/blob/main/service/src/main/java/org/whispersystems/textsecuregcm/push/APNSender.java for APNs push notification payloads

git clone https://github.com/signalapp/Signal-Server.git

yes it is available here https://github.com/signalapp/Signal-Server/blob/main/service/pom.xml

You could also start your own signal server, but with blackjack, and hookers

The fact that it locks you into using their servers, does not distribute on F-Droid (only Google Play OR an APK with an insecure update mechanism), and has a completely closed-source "abusive message filter" module server side, that could functionally be used for censorship, storing messages for future decryption, or any other number of nefarious purposes - we have no idea since it's not open source (https://github.com/signalapp/Signal-Server/blob/main/.gitmod...).

Additionally, you cannot distribute branded forks or Signal, and if you do fork it, your fork is not allowed to connect to Signal's "official" OWS (open whisper systems) servers - hostility to federation should be viewed with prejudice and suspicion at the very least, it suggests a vested interest in a single point of failure (or control), which goes against user interests.

Further reading: https://drewdevault.com/2018/08/08/Signal.html

It’s actually the signal server that isn’t reproducible because of the abusive message filter that’s in a private repository. It’s clear as day here: https://github.com/signalapp/Signal-Server

I am trying to find something similar to discord that is actually private. Matrix phones home with a nasty amount of info: https://github.com/libremonde-org/paper-research-privacy-matrix.org/tree/master/part1, Snikket seems like a decent alternative, i just havent audited it for security purposes. Any suggestions? All im trying to maintain is the multiple-channels aspect of Discord, voice/video are optional, but preferred if possible

I present to you a MUC I've created on the XMPP (also informally known as Jabber) network. I've put some thought into which network would be best fit and decided that, while IRC is an excellent way to chat, there is an apparent lack of mobile support and perhaps lacks the ability to choose a server of your choice. Furthermore, I've concluded for many years that Matrix isn't a good choice for multiple concerning reasons, the most impactful being the Matrix Foundation itself receiving large amounts of metadata and being overly centralized over the entirety of the network. Matrix also utilizes CloudFlare (a popular CDN service) which, according to W3Techs, provides services for 19.2% of all websites. I don't believe CloudFlare is a bad actor but they certainly can MITM any websites utilizing their free tier plan. One can easily check if a website is using the free tier SSL certificate by checking here. You can see that in the "subject" area, it shows the SSL domain name as sni.cloudflaressl.com. CloudFlare's free SSL operates by encrypting only the data sent from you to the CDN, leaving the data that is sent from the CDN back to Matrix.org unencrypted. This isn't necessarily problematic for the entirety of the network, however, it shows the Matrix Foundation has an apparent lack of privacy/security practices while advertising their project as a privacy-oriented chat solution. I won't ramble on too much about Matrix's suspected privacy issues, instead, I'll leave you these two write-ups to read for yourself, here and here.

it's an entire paper written by a nonprofit dedicated to user privacy. it's also last updated 6 months ago? you can view all the commits here (https://github.com/libremonde-org/paper-research-privacy-matrix.org/commits/master)

I found this to be an interesting read about Matrix. https://github.com/libremonde-org/paper-research-privacy-matrix.org/blob/master/part2/README.md

Not sure what exactly they were referring to, but here are some of them: https://github.com/libremonde-org/paper-research-privacy-mat...