The problem is not just an AGPL violation here, even though the license explicitly requires to show the code if you are providing a service on top of it. According to AGPL-3, if you are using the service you are the user. Good luck anyway submitting such a request to them at this point.
The actual problem is that #signal is no longer willing to publicly share the sources of their server platform, which is what #signalapp users criticized the most about others in the past, #telegram in particular.
That is fair if the code is 100% owned by signal.
But, please follow me on this: since nobody is supposed to run #signal servers but themselves, you would agree that the AGPL label is used a mere marketing billboard. As @IngaLovinde correctly pointed out in this thread, it already did not guarantee that what you see is what you get as service.
Today all the doubts about the actual software running on the server side are gone. You can be sure that they won't share their sources, so you cannot know what they are running.
i agree with your ethical argument. i just wanted to object to the claim that this was an AGPL violation, because i think that's incorrect (as long there really are 0 contributions from outsiders w/o a CLA).
@guenther the original author did not claim a violation, they wrote that it "raises questions about the legality of this situation". The question being, in my interpretation, if the code has a centralized copyright or not. I have said in the past that AGPL alone is not enough to protect a project from suddenly changing direction.
Linux resisted acquisition from both Google and Microsoft for decades because of the combination of copyleft and its distributed authorship, which makes it impossible to buy it straight off Torvald's hands.
Everyone has a price, #signal was already very openly sponsored by google, helped whitewashing facebook and had to push people to google market by boycotting all other distribution channels, and demonize decentralization in return.