I am not sure if that opens up any new approaches for Signal on the Librem 5 and other Linux systems. At least it is another source for Signal besides Google’s app store and the (somewhat hidden) direct apk download (with updater inclusive) from the Signal project itself.
The Signal app is not included in F-Droid’s default package sources. You have to add the Guardian Project’s package source.
Do I still have to also install Signal on Android or iOS in order to activate it?
Surely the status on this will never change. In my experience a year or two ago:
You know what they say: “if it walks like a duck and quacks like a duck, it’s probably a duck.”
If I was a betting man, I would bet a large sum of money than in the year or so since I stopped paying much attention to Signal, the status of my above bullet points has not changed for indeed a duck will remain forever a duck, and never become an eagle nor a falcon.
Edit:
If you would like to communicate securely, free of prying government eyes, my best advice would be to build a rocket ship and travel to a planet separate from this one that is air-gapped. I recall reading a GitHub comment from someone high up in the management chain of Signal app, wherein they stated that the era of open source has ended. It’s not viable to use open source and federated technology where people do their own thing anymore. Similarly, they would probably tell you that it’s not safe for you to run Signal on a device such as Librem 5 or Librem 14, because these devices have modifiable firmware and modifiable operating system stacks and as a result can be infected with permanent, immortal malware rootkits the first time you run bad software. For people living under that security model, who think that they are going to run bad software at least once on their device without realizing it, apps like Signal might be very good because they ascribe to the security model that the only good security is security from the user, meaning that even the user can’t fat-finger something that takes over admin privileges on the device – which the user should not have. And it is that line of thinking which gives rise to the idea that Android and iOS are the only secure operating systems on the planet. Microsoft, too, abides this security model – for example, their secure login system called “Microsoft Authenticator” is not available for Windows, since in the eyes of Microsoft it would not be possible to use Windows to log in to anything securely, because although Windows is not open source it is also not averse to allowing users to take admin privileges on the device, or to install a different OS.
So, if you believe in Signal and the Android security model, then I don’t really know what you’re doing on Purism forums, since at that point you may as well think of the “open source / free software” movement as the “hack me please” movement, where nerds who over-inflate their egos go to get hacked more quickly than everyone else by the modern-era unstoppable information war veterans who are hacking everyone everywhere all the time, unless the people are using Google Pixel to fight against being hacked.
Edit 2:
I, for one, know that I am hacked. I discovered that I was hacked when I learned that before I was born, the United States Government was already secretly working on researching ESP, the capability of humans to perceive information about the world at long range and without their other senses. According to CIA documents that are now public, research confirmed that about 1% of the human population has access to the ESP, and the government made it their goal to construct a computer system or device that would be likewise capable of ESP. I was raised to be a firm believer in the principles of logic, science, and reason, so when I think about government surveillance computers that are capable of ESP, it finally clicks that Ed Snowden and corporate surveillance we’re all afraid of is most likely the brilliantly-conceived distraction from whatever is actually happening in this world, and perhaps what is actually happening is unfathomable to me because of my upbringing, to the point that it is literally a joke because of how well and perfectly I was brainwashed like the rest of society, because I am no one special.
And that’s when I realized that if you want to communicate securely… And I mean, really, really securely… then you should go to another planet. I heard that one of the moons of Jupiter might be a fun place, but I guess survival of human biologics is more likely to work on Mars
So it’s effectively not free software.
Quack!
The Signal project is fully open source, and users are free to modify and recompile the code in any way that they like, as long as they don’t connect the modified versions to the official Signal servers.
So, you’re free to connect the app to any server of your choice. But connecting it to the official server would, if I understand correctly, violate the terms.
Is it possible to self-host a Signal server without phone number registration requirements?
I am not well informed about that. It appears that in order to run the server, the user needs to input money to AWS and Google Cloud for the APIs or something (this is from a cursory inspection so I’m probably wrong): Compile latest signal server - Server Development - Signal Community
Edit:
I would imagine that the Google Cloud integration is likely necessary for the part that sends all the message metadata to Google to spawn notifications on Android phones or whatever. If you rip that out, I wonder if maybe the app wouldn’t work for the users unless you modified the fork to disable Google firebase messaging integration, so that the Signal app code would flip to its alternative mode they merged from some contributor that exists in the code to do all notifications in-app without Google, but which is disabled by default until/unless the Android user uninstalls Google Play Services from the device (which is usually impossible without using a different de-Googled AOSP ROM).
Okay, well I found this post:
No need to consider the possibility further due to Big Tech dependencies and lack of documentation.