I don't know what relitigation of this issue has to do with this thread. You can use the search bar below to find probably 100 different dissections of it, starting from Moxie's post about federation that kicked the whole debate off. Let's leave it be, since this thread isn't about Signal at all.
Signal is vulnerable to timing correlation. An observer on the servers or on network devices nearby can easily infer the social graph of users: at what time they communicate, with whom and how often.
This is not a minor issue. Quote from the former CIA director: 'We kill people based on metadata'.
So the solution to that is get a lot of people on Signal because then that metadata is noisy. It's impossible to have a system with zero metadata but it's very clear that Signal is the best game in house. Timing attacks aren't solved by federation btw.
> the solution to that is get a lot of people on Signal
Wrong. Do they all use the very same server? No, and therefore timing attacks are still there.
> it's very clear that Signal is the best game in house
Wrong. There are protocols designed to provide good security in the first place, like Briar.
> Timing attacks aren't solved by federation btw
Also wrong. Federation makes timing attacks very difficult, especially when servers are delocalized because it increases the amount of access required by any global observer.
I'm going to stop replying. You clearly are not familiar with the topic.
I'm not sure what you mean by walled garden, but I assume you mean that you can't setup your own servers and join the network? What's stopping a federated network from forming a cartel and blocking small players, or servers they deem morally objectionable?
By walled garden I think they mean the servers. Because the app isn't a walled garden. It is open source though centralized (Moxie has argued extensively about how this allows faster development. Though ironically Signal is known for slow development). But the servers are also open sourced so there's nothing stopping people from creating private (or even federated) "Signal" apps. You just couldn't call it Signal in name. And I don't blame Signal for keeping their servers to themselves. They're not a data center and already running a tight ship.
I've never really understood the argument. Just because someone hasn't done something doesn't mean it is a walled garden.
Not only Signal refuses to have any 3rd party server federate with theirs, but they also refuse 3rd party clients. This is exactly the definition of walled garden.