poVoq

https://www.theregister.com/2022/04/28/nsa_wands_aws/

You can observe that your Signal client connects to IPs that belong to AWS, which is the same thing.

I don’t need evidence for water being wet 🤷

Look, if you run the server you have access to metadata of clients connecting to it. That is networking 101. And that Signal shares phone numbers and connection timestamps is well established by court documents.

The security audits are of the code and encryption algorithm, not the infrastructure.

They have live access to all of the metadata and can easily correlate that with phone numbers that Signal stores and shares on request of governments. Just because Signal claims they don’t store anything doesn’t mean that the ones that 100% run all the servers Signal uses don’t access and store anything. You are being extremely naive if you believe Signals BS marketing.

The infrastructure is under control of an antagonistic government, yes. Hetzner is also technically a private company, but they obviously willingly complied with requests from the German government.

Their server infrastructure is (run by Pentagon and NSA best buddies AWS).

I am talking about xmpp servers 🤷

A lot, but please educate yourself, this topic has been extensively discussed here and in other places.

You are very naive if you think that is all the US government can do in regards to Signal, but suit yourself 🤷

The IRC (Biboumi) and Discord bridges (slidge.im) for XMPP work still fine and running your own server is super lightweight.

Significant improvements to certificate pinning and validation have been added to all major XMPP clients as a result of this incident, but it should also be clear that hosting a server on infrastructure under control by an antagonist government (see also Signal) is a very bad idea and hard to mitigate against.