[acqq]

So it's still true that currently the sever side uses only Google servers. It's nice to hear that there's work on the alternatives.

What you call "nihilism" is simply the observation of the current state. At the moment Google has root access and all the metadata of all TextSecure users, and currently the user can't configure TextSecure to use some other servers even if he'd prefer to do so. Still I'm glad that I've seen that some server-side code is now open source.

[jlund]

The server side is currently relaying messages for the in-progress iOS and Chromium clients. That's functionality that exists today, even though the clients are still under development. The TextSecure server is an elegant and important part of TextSecure's infrastructure. I stand by my assertion that it's an oversimplification to say that TextSecure == Google's Servers.

Google does not have access to any metadata, other than the fact that you are a TextSecure user who has received a Push notification. GCM payloads are fully encrypted. Google cannot tell who a message was from, they cannot see which numbers were involved (users are free to register with a number that is different than the one assigned to the cell phone that is running TextSecure), they cannot tell whether or not it was part of a group conversation, and they cannot see its contents.