Moxie thinks everyone in the world is a fucking normie and people shouldn't be running servers because he hates freedom and loves centralizing everything. It's rare when such a genius cryptographer has hatred towards decentralization
Signals mission seems to be something along the lines of helping the most people increase their privacy. Better to help millions resist the dragnet of surveillance by ISPs, governments, and large organizations then to have perfect security for a few. This requires a very easy to use client (i.e. click on signal in the app store and launch), features users want (send receipts, typing notifications, emoji, video, calls, etc), and making wrong choices hard. Like say installing a random compatible with signal client from an untrustworthy source.
So Moxie is fine with people forking the open source client, but wants them to use their own servers.
Distributed/decentralization isn't some magic pixy dust that makes everything better.
So sure federation can work, but it's harder, and you run into things like XMPP. Are there secure XMPP servers out there, sure, but how do you tell? Which XMPP server supports which extension? How many people use XMPP for their chat/calls on a daily basis?
Seems kind of weird to pick on signal for doing things well and getting popular. Could it be more secure/private, sure. Could it do so AND be more popular, not so sure.
Signal seems pretty good, not sure it could be better and have evolved so quickly and gained so many users. Sure it could be more resistant to traffic analysis. What do you use?
I've pondered writing a p2p client that uses the signal encryption (double ratchet) and bounces fixed size packets off 2-3 other clients before delivery. All packets would be the same size, including those for the upkeep of the DHT.
To help make traffic analysis more difficult forwarding would include a random delay, DHT traffic would be indistinguishable from message traffic, and chaff would be added to allow for plausible deniability. Your client would talk to at least 3x as many other peers with similar timings and frequencies.
However the inherent compromises of P2P like increased CPU, network, and battery usage combined with higher latency and startup time seems like the adoption would be lucky to hit 0.1% of signal and then it's less useful since using it would raise flags.
Signal is so valuable because it has good e2e, it's popular, and whoever you want to talk to is likely to have at least heard of signal if not already running it.
