[adilparvez]

On (a) This https://whispersystems.org/bigbrother/eastern-virginia-grand..., claims they only store "date and time a user registered with Signal and the last date of a user's connectivity to the Signal service".

However I think the parent might be concerned that OWS could be compelled to change their server code to log more meta data, currently we must trust them.

For (b) Not sure what could be done about this, maybe an independent service audits each release, subsequent audits would take less time since the diff of the code base would be small. Don't really know, I'd like to know of there are any solutions to this, it seems less like a technical problem than the others though.

For (c) Opening up the server code would encourage people to run their own, see See https://whispersystems.org/blog/the-ecosystem-is-moving/ for why moxie doesn't want federation.

On (d) Using GCM means Google can get all the meta data too if they want/are compelled to. This is a legitimate concern but OWS is very clear what signal does, they don't claim to tackle e.g. traffic analysis. A world with everyone using end to end encryption would be much closed to the crypto-utopia.