And even if the servers turn out to be malicious, the clients are designed to expose as little metadata as possible with things like private contact discovery[2], sealed sender[3] and private groups[4]. It's not perfect, but the data a malicious server could collect is limited.

[1] https://github.com/signalapp/Signal-Android/tree/master/repr...

[2] https://signal.org/blog/private-contact-discovery/

[3] https://signal.org/blog/sealed-sender/

[4] https://signal.org/blog/signal-private-group-system/

[1] https://github.com/signalapp/Signal-Android/tree/master/repr...

Yes, the desktop client functions independently from the phone client once linked (so not like whatsapp that proxies everything through your phone).

> Can I create an account from desktop?

Technically yes, but you either need to compile the desktop client yourself[0] and miss some features or use something like signal-cli[1] to act as the main client. So it's not supported (yet?).

> Is my account independent of any specific device?

The first client that registers acts as the main client, so no. But it might get easier to restore access on a different device without using backups with the secure value recovery[2] stuff they are working on.

> Can I use Signal on multiple computers at the same time with correct credentials?

It's possible to link and use several desktop clients at the same time.

[0] https://github.com/signalapp/Signal-Desktop/blob/development...

[1] https://github.com/AsamK/signal-cli

[2] https://signal.org/blog/secure-value-recovery/

They might do some form of encryption to store the messages, but this is meaningless when they also have access to the keys and can decrypt any message whenever they want.

You're right there's no official support on their server, but there are some unofficial guides on their community forums on how to set it up. Also, GCM is not a hard dependency. On Android it will fall back to using only websockets (and no GCM) when Google Play Services is not installed since some time. What other features have they removed without replacement?

I assume it's a design trade-off when you have E2EE and don't store any messages on the server. With Signal (and I assume Wire) you have to register each device and each device needs to manage its keys. Every message is send multiple times, once for each device, and each device has an independent message queue on the server. That's why you only get the messages from after you registered the device.

Whatsapp doesn't have to do any of that and can just keep the keys on one device.

This is what Whatsapp does. Signal never did and has real multi-device support.

> and the Signal server is closed source

It's not: https://github.com/signalapp/Signal-Server

If you(r system) trust the certificate that https://updates.signal.org/ is using, you should be confident that you are getting the correct keys.

(You shouldn't trust a stranger on the internet, but I am getting the same keys when I download them.)

This might get you started: https://github.com/WhisperSystems/Signal-Desktop/blob/d1f7f5...

Edit: It actually has the option to register without smartphone, but it's only enabled in the debug versions.

  $ curl -s https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add -
  $ echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" | sudo tee -a /etc/apt/sources.list.d/signal-xenial.list
  $ sudo apt update && sudo apt install signal-desktop

Video chat actually came out of beta in March [0]. The beta was released in February.

[0] https://whispersystems.org/blog/signal-video-calls/

You could even register only the browser, without having a smartphone at all.