[jeroenhd]

This is exactly why Signal closed their source code: if you allow access to your network, you're only accepting spam. For their users' security, it's essential that they must guard access to their network as much as possible.

[meonkeys]

I feel the need to get a bit pedantic here. I'm not trying to pick a fight; I truly hope it helps clear up a few things.

Signal is open source. It's a fair argument that they make it difficult to use servers other than theirs, and we can't be sure exactly what they run server-side, but their code is possible to fork and all that. Their licensing is clear. Even the choice of AGPL is significant here: they must provide the source for exactly what they run on their server.

Network access is orthogonal to source availability/openness. Closing source as a means to limit access is security through obscurity. Not to say that it wouldn't work, but we certainly wouldn't expect the Signal Foundation to take this approach.

The most significant measure Signal uses to manage access to their network has to do with the phone number requirement. That's an intentional choice on their part (arguably controversial, but I don't have an opinion about it).

I've never received a spam message from another Signal user... is this common for you (or anyone)? I think in all the years I've used Signal I've only received less than 5 spammy "message requests" that are quite obvious/easy to decline because I don't already have their phone number in my contacts. I've always had to first ask someone "hey, can we use Signal?" so I'm already expecting legitimate message requests when they arrive.

[jeroenhd]

I was hoping the /s wasn't necessary, but just to be clear: my comment was entirely sarcastic. Signal has had its issues in terms of open source-ness (like that time they stopped publishing their code for quite some time) but the client and server are open source, and while they're not huge fans of alternative clients, they have designed their protocol so that it's practically impossible for them to refuse alternative clients, purely out of privacy considerations.

Now that Signal has usernames you can share, rather than phone numbers, I think the phone number decision is a lot less problematic.

Strangely enough, I did receive spam this week. Or at least I think I did, an account I didn't recognise with a profile picture of a woman I didn't recognise sent me "hi". This coincided with my first SMS spam of the year and spam on an email address I used for one specific company, so I guess they've been hacked and had their database dumped. Maybe I'm just lucky, but spam just isn't a problem for me.

[yjftsjthsd-h]

> if you allow access to your network, you're only accepting spam.

Well no; spam yes, only spam no.

[sneak]

Every sentence in your comment is factually incorrect.

[jeroenhd]

I thought people would catch on to the sarcasm because of that. Too late to edit a /s in now.