Moved to Matrix or SimpleX? If Matrix, and self-hosted, you can use a Bridge to Signal
Discussion
Matrix, self-hosted, and the Bridge to Signal is unreliable and puts the keys to the kingdom on the bridgge server, which I didn't like.
Unfortunately the protocols are just sightly different (Signal protocol reuses a 25519 key whereas Matrix splits it out into two separate keys) so messages can't just go through and be decrypted at the client end. So it's e2ee from the sender to the bridge, and then e2ee again from the bridge to the recipient.
I ran it for a while, but ended up tearing it down after it stopped working a few times. The only way I've seen that actually keeps e2ee really e2e is using a client like Pidgin which can speak all the protocols and connect to all the servers.
The Signal bridge reliability issues could probably be resolved with some development time and enough people running bridges and submitting feedback.
The security architecture is fine IF (and only if) everyone runs their own personal Signal bridge. This is a critical point because if the bridge is run by someone else, they can see all your Signal messages. As a server admin, I don't want that! It goes against my philosophy and puts my users at risk if the server were ever to be compromised.
It might be possible to give a Matrix bridge your Signal API key so it can fetch encrypted messages from Signal's centralized server, wrap that ciphertext in a Matrix message, have each of the clients decrypt the Matrix message to get the Signal ciphertext, and then decrypt the Signal ciphertext. This would require major changes to the bridge, and to the clients, and optionally changes to the protocol to inform the clients that this message is a wrapped Signal message so it can make it appear from the correct sender (who doesn't have a Matrix account).
So it's similar to the Lightning Network in many ways. As long as everyone maintains their own server, it's great. If you're not running your own server... it gets a lot more tricky and requires a lot more development.
I'm just not interested in putting in that amount of effort. It'd be hard to even pay me enough to do that (I'd say you couldn't pay me enough, but if someone threw a stupid amount on money in my face, I'd probably agree to it). If a team wants to give it a go, I'd be happy to consult for them. For free.
I do think it'd be a huge step forward to have an open protocol that could tie together all these e2ee messengers (Briar, Signal, SimpleX, Session, Tox, Secure Scuttlebutt, Wire, Matrix, etc.). It'd be a giant leap forward even if it's just bridging Matrix to each of these other systems (and not allowing crazy stuff like a single message going from Signal -> Matrix -> Briar to allow Signal users to talk to people on Briar).
Bridging E2EE services will always rely on "handing the keys" as you say to an intermediate you have to trust.
You could possibly fix the issue by running an encapsulated E2EE scheme where the clients use their own network as a connection layer and then handshake with *actual* E2EE between themselves.
e2ee over e2ee. Sounds like both a dream and a nightmare all rolled into one. 🤣