Earlier today, the private messenger Signal went down for millions of users as a result of a DNS issue at AWS (Amazon Web Services), highlighting Signal's dependence on third-party servers.

In this post, we'll discuss the difference between Signal's security vs. availability, Elon Musk's favorite alternative, and the possibility of rolling out a decentralized version of Signal to prevent future outages.

Privacy vs. Availability

Although the hours-long outage prevented messages from reaching their recipients, user communications remained private and secure (end-to-end encrypted).

Even so, Elon Musk tweeted that he no longer trusts Signal, as "[the outage] means that AWS is in the loop and can take out Signal at any time".

Elon took the opportunity to promote his company's version of private messaging - "X Chat", emphasizing that it doesn't rely on Amazon, Microsoft, or Google servers.

Open vs. Closed Source

Similar to Signal, X Chat claims to be end-to-end encrypted. The problem is we cannot verify the claim because X's source code hasn't been published for experts to examine.

On the other hand, Signal's code has always been open-source. Security analysts (well, anyone for that matter) can download Signal's code from Github and verify that communication between devices is being properly encrypted end-to-end.

If client-side encryption has been fully verified, then we can safely say it doesn't matter which servers Signal chooses to use, because the messages are completely scrambled before leaving your phone, and only readable once they reach the recipient's device.

Reproducible Builds

So far we have established that Signal's code is open-source, allowing anyone to verify that messages are indeed end-to-end encrypted.

That said, how can we verify that the binary (APK) we download from Signal is actually compiled from the published source code? That's where reproducible builds come in.

Although there have been some issues reported, reproducible builds are supported by Signal, and X Chat would need to support them as well to reduce the need for trust.

A Decentralized Signal?

Today's outage begs the question, would it be possible to build a decentralized version of Signal that is owned by the community, and not reliant on the centralized servers of big tech companies?

Signal currently relies on donations (in both crypto and fiat) to run their operations, but what if the community were somehow rewarded for maintaining the platform's infrastructure?

A DePIN Version Of Signal?

Similar to how compute/storage providers earn tokens for lending their spare resources to a decentralized physical infrastructure network (DePIN), Signal server operators could also be rewarded for installing and maintaining nodes that relay encrypted messages between users.

Of course, the client would need to be configured in such a way that it would attempt to connect to a number of alternative nodes if the first server were to fail for some reason.

Until next time...

An outage earlier today underlined Signal's dependence on Amazon's servers. Although the end-the-end encryption of messages was not broken, we discovered that the availability of Signal's platform isn't guaranteed.

Elon Musk recommended his AWS-independent, closed-source alternative, X Chat. However, perhaps the best alternative would be a decentralized private messaging platform that rewards infrastructure operators directly for their contributions.

If you learned something new from this article, be sure to check out my other posts on crypto and finance here on the Hive blockchain. You can also follow me on InLeo for more frequent updates.

Sources

Signal Logo [1]

Posted Using INLEO