This is such a bad take it seems like deliberate misinformation.

Signal is open-source software maintained by a non-profit. User data is not stored on Signal servers, they have no way to access messages as they are stored and encrypted on your phone. If the Signal Foundation were revealed as bad actors then the open-source code could be forked to a new project.

Feel free to fully evaluate their code here: https://github.com/signalapp

I actually tried Tox - maybe 8 years ago now... the real problem with it, or anything similar, is that you need both ends of every conversation to take the trouble to set it up. It was pretty easy to setup, IMO, but... as an example, in 2005 I had an engineer co-worker ask me about "that Linux thing" when I got around to telling him that pretty much everything he used on a daily basis was available in Linux, just under different names than he was used to in Windows "Oh, you mean I'd have to learn different names for Word and Excel and Outlook?" "Uh, yeah." "Oh, that's more trouble than I think I want, I'll just stick with what I know."

This was outlined 50 years ago as part of Anarchist analysis of the system then. Not exactly an easy read, but "the second watershed" can be equated to "jumping the shark" or "enshittification" or whatever other term you want to apply to: a good thing gone bad due to the business owners switching from serving customers to enriching / empowering themselves:

https://archive.org/details/illich-conviviality/page/9/mode/1up

The alternative proposed by Illich to "Radical Monopolies" are "Convivial Tools" which empower individuals instead of central decision makers.

That's the signal app. The software which runs on their servers is proprietary.

No, the server is on the github account linked above as well. The repo is here.

Signal however doesn't federate and does not generally support third-party clients.

No it's not: https://github.com/signalapp/signal-server

TIL. Was it in the past?

I'm with you on this, I strongly recall there was some sort of not fully open source portion of Signal at least at one point in time.

As far as I know moxie, signals lead dev, considers only the use of the officially build and distributed client authorized to use their servers.

Moxie has resigned a few years ago. The article you linked to is 9 years old, Signal leadership has changed a bunch of times since. Signal can't detect that you're running an alternative client, because that check would require them to include some new code in the official client. Even if they did this, they couldn't just ban anyone who's client doesn't pass the check, since it could just be an older version of the official client. They could force everyone to use the official app, but they really have no reason to invest time and effort into enforcing this. Molly is only available for Android, and it isn't even on the Play Store or the official F-Droid repo, so the user base naturally won't be as big.

There was a period where they didn't push changes to the repo, but all the code was released afterwards and it's been getting regular updates ever since. But it also doesn't matter at all, since the Signal client is designed in a way that avoids putting trust in the server. Signal servers could literally be run by the NSA and it wouldn't matter, as everything is fully end-to-end encrypted, including metadata. The Signal protocol was also updated to use post-quantum cryptography in 2023.