this post was submitted on 15 Sep 2021
67 points (93.5% liked)
Privacy
31874 readers
551 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I appreciate and admire your motivation @dessalines@lemmy.ml
However, Signal is like the one application that's user friendly and is NOT compromised, and you seem to be completely attacking it.
I have reason to believe that Signal is NOT compromised. and the code is indeed Open Source and can be trusted.
I don't trust the US, but I do trust Moxie Marlinspike to be a privacy advocate, he has spent his entire career being an advocate for privacy.
although Signal went a whole year without publishing server source code because they were being subtle about introducing mobilecoin crypto-asset support, and they didn't want people to jump hog wild into mobilecoin. However, they now have released the server source code, therefore I do not think this is a valid argument.
How do you feel about marlinspikes ruthlessly banning all third party clients and server implementations? Or his choice of phone # identifiers?
Yes I do not see why we should trust any system which forbids self-hosting, especially when alternatives exist.
I appreciate your critique and well written essay, as well as your motivation. Thank you again for writing this, and I will heed your advice and be more skeptical of signal foundation. However, but I have followed Marlinspike for years, and was an early signal adopter, so I do have some trust that the project is not compromised.
comment from lobster also makes some good points here, and I tend to agree with this guy
How do you feel about the guy who donated 50 million to Signal? He probably has the most influence on the project second only to Marlinspike.
False.
There are a few 3rd party clients. They all identify themselves to the server that they're 3rd party clients and they haven't been banned.
Thanks for linking Libresignal, read over its readme.
But really 3rd party clients are beside the point: the main thrust of the article is about signal being a single, us domiciled, centralized service. They don't let you self host a server, and you also have no way of verifying their server code. You just have to "trust them".
See my first comment: https://lemmy.ml/post/81033/comment/78905
I do agree that it is somewhat of an issue, but there was only one instance of this happening, where a fork of Signal was about to be added to fdroid. It's not like they haven't justified themselves. Anyway the features of LibreSignal (no hard requirement on Google Play services), was implemented in the official app. There are still two third party clients that exist: Axolotl and signal-cli. They don't want to deal with third party client that they can't update and thus need to keep support for outdated versions of the protocols that would introduce a lot of complexity and risks introducing downgrade attacks.
It also allows them to roll out "quality of life" features faster such as stickers, video calls, groups v2, and more recently groups where only admins can post, which would be harder to keep backward compatible.
The openness of Signal has already been fruitful. The protocol has been implemented in many other platforms, such as Matrix, WhatsApp and even Messenger.
That's what annoys me the most here. We have one FLOSS project that is very high quality, secure and gained significant popularity, and we start shooting it down ourselves...
This would be a truly problematic sentiment in some other cases. But the point here, is that unlike Matrix, Signal is not really ours.
What do you mean by that?
I know matrix, and it's much lower overall quality, significantly less secure and popular, and is very unlikely to ever become popular until they really rethink their UX.
What I mean is that Signal is more of a code dump rather than a truly free software project, it’s developed mostly internally, in that way Matrix is much more a true community project.
Fair point, but having a smaller team of highly competent devs (their job requirements are quite high if you look on their website) does allow them to innovate quicker and keep an overall high level of quality.
And it's not like telegram were there code is completely unusable and the server is propretary. There are already a bunch of forks of Signal that exists (session being one of the main).
Sure. Signal is a better choice than the clown that’s Telegram.