this post was submitted on 15 Sep 2021
67 points (93.5% liked)
Privacy
31938 readers
922 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
A quick rebuttal of some points you made. Not going too in depth as I just want to provide my perspective:
I do want to close by saying that Signal is definitely not the end-all-be-all of secure messaging platforms, but it is currently the best for mass adoption. I'm keeping my eyes on Matrix, Sessions, and Briar, but can't say they're ready to "go mainstream" yet.
the server code being not federated means you effectively can't (or won't) self host.
Yeah but you could do that as verification and an additional means to find users, not the primary user ID. Threema has generated IDs, Matrix has usernames, Telegram has usernames. Why can't Signal?
Why, though?
Good question. Signal obviously didn't ask about it and wants to become another WeChat/QQ clone where you can pay with your messaging application and circumvent taxes.
I'd agree if you'd add "one of" between "currently" and "the".
Also, its not that signal just got lazy with letting their code get out of sync. They chose not to publish updates for their server for a whole year, until the open source community got really angry, and then they finally relented. If I or any open source maintainer did that, we'd rightly be abandoned. Some here are giving signal a pass for it tho.
I think the difference is it's not a federated platform so not many people really care about access to the server-side code. If I was hosting a lemmy instance I would obviously be frustrated if you withheld from all other instance admins as you'd be putting us at a disadvantage. Signal doesn't allow federation so the consequences aren't the same.
You're embellishing the story for added emotional value. What if instead you wrote, "users were angry, the Signal devs were busy, but eventually got around to publishing the latest code". You weren't there so you can't say that they didn't want to - or had the time to - publish the server code. You're implying malice when it doesn't have to be. Why? Maybe it was on their backlog and it was a task that nobody ever got around to? I dunno, I've been in situations like that before and it just sucks to hear people implying the Signal devs are doing shady things when it may simply be that they're human and not perfect. I've had times where our dev team was accused of being "lax" when we're all running at 110% but just can't get to that one thing that a small handful of people really want and are very vocal about.
I can tell you, publishing source code is as easy as typing git push. That they needed to "clean things up" at all in an ostensibly open source codebase is sus.
I'm going to disagree again.
I know how easy it is to type "git push". I've worked where we had 200+ things that were that "simple" but just weren't prioritized because of our small team. Also had to do thorough code reviews before we synced to our public repo. There's a hundred non-malicious reasons they delayed - including that they didn't yet want to make the monero stuff public yet. It's not uncommon to keep things from the public until they're ready, in case you decide to scrap the project and remove it last minute before you sync to your public repo and have people question something that is no longer valid/important. I guess I try to look at it from a more human perspective than immediately trying to tarnish people's intentions.
That simply means that development isn't out in the open. Why would you not push branches and do code reviews out in the open for an ostensibly open source project?
Correct. FOSS doesn't mean they have to develop it out in the open, only that they have to release the code for everyone else's benefit.
Because open source simply means the code is available. You're not forced to interact with anyone else just because something is open source.
This doesn't matter if the app is designed to not require a trusted server
Because they originally worked by encrypting SMS, which required phones numbers. Internet messaging arrived later, and they are working on usernames in a similar way to how Telegram does it if I understand correctly.
Agreed. I hope they change their minds on this, although I'm not holding my breath.
Agree. The devs have stated that this is coming this year. We'll see if they can roll it out before the year ends.
Honestly, don't know and don't care. I suspect because they didn't want to yet make public their crypto stuff, but I'm not going to assume malice here without evidence.
Whatsapp also lets you pay - although I believe its only in India. Telegram also attempted to include crypto. Why wouldn't we want a private way to pay instead of letting Facebook/Google/etc, take over? I fully support them making sending money easier and more private.
I'll agree that it's "one of" the best. Which one would you throw in your top 3?
Matrix or XMPP. I made a messenger comparison matrix (in German) and they get the most green check marks for my criteria.
"Signals database, which we must assume is compromised due to its centralized and US domiciled nature, has a few important pieces of data;
I have a problem with the article's claims on metadata too, hasn't there been too many transparency reports and subpeonas that prove that they literally have nothing to offer to the government except the last time someone used signal and the date of joining?
Even if it were not the case, Signal was founded 3 years before it started receiving funding from the OTF.
Damnit! guys and gals, the CIA is hinding in bind9