We build Signal in the open, with publicly available source code for our applications and servers. To keep Signal a free global communication service without spam, we must depart from our totally-open posture and develop one piece of the server in private: a system for detecting and disrupting spam campaigns. Unlike encryption protocols, which are designed to be provably secure even if everyone knows how they work, spam detection is an ongoing chore for which there is no concrete resolution and for which transparency is a major disadvantage.
I agree. The vast majority of the server is still open, which, even though it isn’t ideal, is still good compared to the mainstream services. It’s also worth noting (as other people have), that Signal is centralized, so you’re already putting all your trust onto Signal, even if the server and client code is 100% open.
Well you are only trusting that they will deliver your messages right, all their clients are completely open-source and everything is end-to-end encrypted on the client. Even if they wanted, they could not read your messages, and this would also be true even if their servers were 100% closed-source.
Good point too.