Translated main part:
At Signal, all communication takes place via various tech giants such as Amazon, Microsoft, Google and Cloudflare. Broken down by domains, the following picture emerges:
Amazon: textsecure-service.whispersystems.org, cdn.signal.org, sfu.voip.signal.org
Google: storage.signal.org, contentproxy.signal.org
Microsoft: api.directory.signal.org, api.backup.signal.org
Cloudflare: cdn2.signal.org
Message exchange (textsecure-service.whispersystems.org) is done via Amazon AWS, for example, while Google Data Servers (storage.signal.org) are responsible for creating and managing the groups. This means that all communication is handled via central servers of the tech giants. Especially privacy-sensitive users may be put off by this, which I can understand. However, at least from an IT security perspective, I think the use of the rented servers is negligible, since Signal works with the zero-knowledge principle. Certainly, it would be desirable if the Signal Foundation hosted the servers itself. However, this would not necessarily mean a security gain. Nevertheless, this is a point of criticism, since this naturally also flushes money into the coffers of the tech data octopuses.
To me, the main concern is indeed that it flushes money to Google/AWS, but since pretty much nothing goes to the services unencrypted, and with minimal metadata. It’s not an issue. The only thing that Google/AWS can get from you is your IP and that you use Signal, so if you use a VPN, you’re pretty much as safe as you can be.
I prefer them doing this kind of choices and being able to scale rapidly, while also keeping new features coming, so that the app is accessible to the majority.
IP address might not be a huge concern with dynamic IPs as you can make the case for plausible deniability, plus if content is encrypted, they can have no basis to point out your IP from the millions of IP addresses since there exists no metric to point it out.
Why wouldn’t they use IPFS?
IPFS doesn’t make servers appear out of thin air.
