I've encountered this argument ... repeatedly. Let's explore the DIY route:
If you can build your own Signal server, you too can serve you and your own circle of friends. The bar is not that high (Java and VPS).
Signal clients are even easier but it remains mostly an unique build-challenge due to not so strong documentation and by the virtue of mastery of multi-platforms.
Having said all that jazz, step back and ask yourself this, what am I losing by building my own Signal-protocol network?
Anonymity
Now, you would easily stick out like sore thumb to all the Internet overwatch, even within VPN tunnels.
That's a risk for me.
What am I actually gaining?
Not much: a more unique hash signature of client app (it has downsides); the ability to perform a unique but slight tweak of hash/key/encryption algorithm using same Signal protocol (dangerous rabbit hole), and avoidance of XDR/NDR/IPS/IDS firewall, and the biggest one: zero spreading of hashed contact info
-----
Alternatively, let's take the original route: your own client against "the" Signal server:
Now, Signal protocol would be open to misshapen protocal usages (think "fuzzing"). Might be a good thing but certainly not at this early stage; do we have the manpower to stand guard over a protocol like ISC Bind9 team do with their DNS?
The one area that is not firmed up 100% (more like 99.999%) yet is the Privacy Information Protection axiom and that is centered around the exhanges of hashed "Contact" address book. This there is largely understudied and under-whitepapered: how to exchange contact info in safe privacy order just to build your network: I keep that Signal client app option off for now and manually add my contacts.
That's very misguided of you to say and pure speculation. It's as useful for a discussion as me saying "Durov is Russian-born, and has resisted proper e2e encryption defaults, so the Kremlin incentivized him to do it, so they can spy on people". You see how this works?
There is actually a clear official statement from Signal why they don't permit open-source clients to use their servers.
What in their statement suggests that they are "hiding something"?
If you can find something wrong with their protocol, source, or suspect that somehow the communication is compromised when it reaches their servers, please go ahead and disclose it, but thinly veiled: "do they have something to hide" is just speculation.
> That blog post is 8 years old and predates things like mastodon
What in this blog post that's 8 years old has become obsolete in the meantime?
> Nothing has changed in these intervening 8 years?
Signal got better, and got bigger user base in a couple of waves, with most notably the WhatsApp terms of service fiasco. Is that what you meant?
Btw, people are still free to clone/fork the client, the protocol, and run their own servers. But compute ain't free, and you can read about that here: https://signal.org/blog/signal-is-expensive/
