With Signal not releasing their server code and now this, I regret using and asking a good chunk of my base to move to Signal.
replies(8):
Also, why do the Signal developers trust SGX so much and have stayed completely silent about SGX vulnerabilities – even when the cryptographers whose quotes they used to put on the signal.org home page[1] are increasingly critical?[2]
Finally, why is there no open communication about major events like the Signal PIN UI fuckup last year or the server issues earlier this year? Foundation or not, if no communication is happening and they're not demonstrating that they're capable of openly admitting mistakes and learning, they're not gaining the trust of anyone.
Don't get me wrong, I've been a die-hard fan of Signal since the early TextSecure days and have convinced > 100 people to switch but I'm starting to have a bad aftertaste and some of my friends (equally big Signal fans) are, too.
EDIT: Looks like the Signal server repo[3] was updated today, as this article[4] (in German) attests to. I had last checked the repo this past weekend. I suppose the repo hadn't been updated to keep the MobileCoin thing secret but I do wonder: Why not simply create a private branch instead of risking one's reputation for openness?
[0]: http://web.archive.org/web/20210311053716/https://github.com...
[1]: http://web.archive.org/web/20200201112751/https://signal.org...
[2]: https://blog.cryptographyengineering.com/2020/07/10/a-few-th...
[3]: https://github.com/signalapp/Signal-Server
[4]: https://www.golem.de/news/crypto-messenger-signal-server-nic...