this post was submitted on 23 Nov 2021
15 points (72.7% liked)

Privacy

31894 readers
592 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

We build Signal in the open, with publicly available source code for our applications and servers. To keep Signal a free global communication service without spam, we must depart from our totally-open posture and develop one piece of the server in private: a system for detecting and disrupting spam campaigns. Unlike encryption protocols, which are designed to be provably secure even if everyone knows how they work, spam detection is an ongoing chore for which there is no concrete resolution and for which transparency is a major disadvantage.

all 50 comments
sorted by: hot top controversial new old
[–] danie10@lemmy.ml 9 points 3 years ago

It was already debated to death about 3 weeks ago at https://lemmy.ml/post/87578/comment/89158

[–] tmpod 9 points 3 years ago

Misleading title and 20th repost of this article...

[–] Yujiri@lemmy.ml 6 points 3 years ago (2 children)

Honestly I think this is not concerning and this post title is misleading. It's open source software that calls a closed source library. jimio's argument makes sense.

[–] tmpod 5 points 3 years ago (1 children)

I agree. The vast majority of the server is still open, which, even though it isn't ideal, is still good compared to the mainstream services. It's also worth noting (as other people have), that Signal is centralized, so you're already putting all your trust onto Signal, even if the server and client code is 100% open.

[–] lemmy_check_that@lemmy.ml 2 points 3 years ago (1 children)

Well you are only trusting that they will deliver your messages right, all their clients are completely open-source and everything is end-to-end encrypted on the client. Even if they wanted, they could not read your messages, and this would also be true even if their servers were 100% closed-source.

[–] tmpod 2 points 3 years ago

Good point too.

[–] gmate8@lemmy.ml 1 points 3 years ago

exactly. and understandable.

[–] gmate8@lemmy.ml 4 points 3 years ago

*part of servers

[–] PandaCoderPL@lemmy.ml 3 points 3 years ago (3 children)

Signal is centralized and you can't verify what is running on the server so does it really change anything? I think it doesn't, so people should stop panicking and switch to some decentralized messengers like Session instead.

[–] M500@lemmy.ml 2 points 3 years ago (1 children)

THIS! We have no way of knowing what they are actually doing on their servers so I don’t 100% trust them. Maybe like 90% trust. This really doesn’t change anything.

[–] PandaCoderPL@lemmy.ml -1 points 3 years ago

I don't know where did you get that 90% from but IMO people shouldn't trust them at all and should use decentralized platforms instead.

[–] Echedenyan@lemmy.ml 1 points 3 years ago (1 children)

Try Status instead of Session.

Fully FLOSS and their developers are not dicks who prioritize "muh dont want fixed notification" to digital rights.

[–] PandaCoderPL@lemmy.ml 0 points 3 years ago

Try Status instead of Session.

I tried it in the past and I was welcomed with messages from scammers and no moderation in any groups that I saw. I may give it second chance one day though.

Fully FLOSS and their developers are not dicks who prioritize “muh dont want fixed notification” to digital rights.

Session is quite new project, gains much more users then Status and thus generates more issues. If you would be a developer and you would prioritize fixing notifications that work for most users anyway over working on new open group server implementation to mitigate spam then your project wouldn't last long. As a user I would rather see no notifications than get lots of spam that would make the platform unusable.

[–] projectmirai39@lemmy.ml 1 points 3 years ago (1 children)
[–] PandaCoderPL@lemmy.ml -1 points 3 years ago

Could you at least tell me any reasons why you wouldn't use Session? Nobody will take you seriously if you have no arguments to back up your statement.

[–] ramberry@lemmy.ml 2 points 3 years ago (1 children)

The current title seems to be unpopular. Do you have any suggestions for a better title?

[–] Yujiri@lemmy.ml 5 points 3 years ago

"Signal introduces closed source anti-spam code"

[–] projectmirai39@lemmy.ml 1 points 3 years ago (2 children)
[–] Echedenyan@lemmy.ml 2 points 3 years ago

Threema server side is non-Free and is also centralized.

Better Matrix or Delta Chat.

[–] PandaCoderPL@lemmy.ml -1 points 3 years ago (1 children)

Threema is centralized as well and it's also paid so I would say it's even worse than Signal to be honest.

[–] CHEFKOCH@lemmy.ml 0 points 2 years ago* (last edited 2 years ago)

Paying 2 bucks in return for server coasts one single time is not paying... it is more a donation to keep the lights on. Server simply are the expensive part.

You defend already Signal above which is centralized too. So why you defend one system and not the other. Makes absolute no sense. Besides that, Threema plans to open source their app on F-Droid with code. If they also one day open source their entire code, you can theoretically self-host it for your own group or organization. So you give up on things way too fast and underestimate things. I bet you said 2 years ago, stop using signal because it is closed source....

[–] CHEFKOCH@lemmy.ml 0 points 3 years ago* (last edited 3 years ago) (1 children)

Signal is dead.

Point is here . <--

[–] PandaCoderPL@lemmy.ml 3 points 3 years ago (1 children)

Technically there are still many people using it because Signal is really user-friendly for those switching from WhatsApp.

[–] CHEFKOCH@lemmy.ml -2 points 3 years ago* (last edited 3 years ago) (1 children)

Your arguments are weak, all of them. Being fully transparent on both server and client sides is the reason why people put their trust into Signal otherwise you can use other apps and networks.

  • Signal got millions of dollars yet they cannot host their own servers and trust Amazon, Google and Azure aka MS. They never said what they did with the money in detail.
  • In case the server source code is there you can run some basic tests to check if what is promised is really true or not, if their close the servers and add changes without releasing the source no can can detect if the servers are compromised or not. It is all about trust and verification. For example you can use new Signal app you compiled yourself with new features in it and quickly reveal if the server supports it already or not. How it works is explained here. If Signal had the docs on the new protocols, it would have been fine, but this was not the case.
  • You can break the key-exchange and use that to break open the E2E-Encryption. In theory, once you open this up you can fake auth + decide what messages are coming through.
  • The only protection against tampering is that messages can't be read and no additional metadata is stored as far as the client source tells us. Assuming that someone is tampering with the encryption part, nothing would come trough or you would get error messages.
  • Signal acted unprofessional, first there was no updated source code, then they updated under pressure from the community and now they close it again. This is a serious thing.
  • Last time when Signal did not updated the source code in their servers we had conflicts, for example things like reactions etc. did not worked with the version of the server on public github.
  • There are instructions on how to deploy the server code.
  • Most people use Store apps like Google Play Store or Apple Clown Store and they need to trust them, fully because they have no technical knowledge to verify the builds and Google etc do not provide checksums directly on their pages so you also cannot quickly check it against something.
  • They will not federate and they are very hostile with forks. They think centralization and absolute control over the network is key.
  • This is a problem with ethics, for some people this is important. The claim this is done because of spam is weird because most people never saw spam in years.
  • Security by obfuscation isn't security, Telegram pulls the same argument.

It's time to abandon ship. Let this MF die once and for all.

[–] PandaCoderPL@lemmy.ml 2 points 3 years ago (1 children)

Your arguments are weak, all of them.

You are either replying to wrong comment or you see something that I didn't write. Anyway, i just stated the fact that Signal is not dead, which is true. I didn't defend Signal nor tried to do so and you can see it here.

Being fully transparent on both server and client sides is the reason why people put their trust into Signal

It doesn't really matter in case of centralized platform because you have no way to verify that Signal servers are actually running exactly same code as the one that is public.

otherwise you can use other apps and networks.

This is exactly what I'm doing so I don't have to put all trust into one central entity.

Signal got millions of dollars yet they cannot host their own servers and trust Amazon, Google and Azure aka MS. They never said what they did with the money in detail.

This is a good point, especially the one about Amazon. It wouldn't really change anything if Signal would use own servers but using for that is Amazon is even worse.

In case the server source code is there you can run some basic tests to check if what is promised is really true or not

No, you are not able to verify what is running on the server unless you are the one who is controlling it.

if their close the servers and add changes without releasing the source no can can detect if the servers are compromised or not. It is all about trust and verification.

They are closing source only of small part of the server but in case of Signal it doesn't really matter that much because there is no way of verifying what is actually running on the server.

For example you can use new Signal app you compiled yourself with new features in it and quickly reveal if the server supports it already or not.

Like you said, it would only verify if all new features are already supported. Still, you wouldn't know if there are any backdoors or not because the client would work in exactly same way in both cases.

How it works is explained here. If Signal had the docs on the new protocols, it would have been fine, but this was not the case.

This is related only to the protocol and has nothing to do with verifying what is running on the server.

You can break the key-exchange and use that to break open the E2E-Encryption. In theory, once you open this up you can fake auth + decide what messages are coming through.

Technically you are right but it's not specific to Signal.

The only protection against tampering is that messages can’t be read and no additional metadata is stored as far as the client source tells us.

Source of the client doesn't tell you how the server handles your data though. Signal can store what they are collecting instead of deleting/hashing it. Hashing phone numbers is pointless anyway because those can be pretty quickly brute-forced nowadays.

Assuming that someone is tampering with the encryption part, nothing would come trough or you would get error messages.

Hopefully it would work that way.

Signal acted unprofessional, first there was no updated source code, then they updated under pressure from the community

I partially agree with that. They didn't publish the code because they were working on new feature, but in my opinion it's just stupid excuse.

now they close it again. This is a serious thing.

They close it to prevent spam. There are many other ways to mitigate spam though.

Last time when Signal did not updated the source code in their servers we had conflicts, for example things like reactions etc. did not worked with the version of the server on public github.

I understand that but it's not a big deal to be honest.

There are instructions on how to deploy the server code.

Thank you for the links.

Most people use Store apps like Google Play Store or Apple Clown Store and they need to trust them

Unfortunately you are right on this one and people can't get Signal from F-Droid either. If someone truly cares about privacy they should get Molly, it's available in developer's F-Droid repository as well.

fully because they have no technical knowledge to verify the builds and Google etc do not provide checksums directly on their pages so you also cannot quickly check it against something.

That's nothing new but thank you for giving people next reason why they shouldn't trust Google.

They will not federate and they are very hostile with forks.

To be honest I saw only one developer who was really aggressive towards anybody who even thought about forking Signal and creating alternative client.

They think centralization and absolute control over the network is key.

I fully agree with that statement.

This is a problem with ethics, for some people this is important. The claim this is done because of spam is weird because most people never saw spam in years.

Signal has so many users and everything is E2EE so it would be quite difficult to tell what percent of users actually received spam messages.

Security by obfuscation isn’t security, Telegram pulls the same argument.

You are right.

It’s time to abandon ship. Let this MF die once and for all.

Unfortunately for you, Signal will last a bit longer than your GitHub account.

[–] CHEFKOCH@lemmy.ml -3 points 3 years ago* (last edited 3 years ago) (1 children)

I think my GitHub Account is fine. Your quotes makes the conversation almost impossible to follow, maybe this is what you wanted.

Wrong statements from you

  • Your argumentation that it does not matter because it is centralized is still wrong. Assuming Signal changes something on the server you will get errors which forces someone to update the App. Given the fact that most people use Play Store not even the open source argument, according to you matters at all because you also already need to trust Google Play Store.
  • You can verify server code if you run your own, I provided the link.
  • E2EE is no argument at all because no one here is able to verify nor audit it. No one normally audits every app release nor is someone able to find backdoors even there are some. We had this with OpenSSL which was compromised years before someone even noticed. Audits are normally expensive and no one does them for free because you waste lots of time and need to review the code. In most cases flaws are found my accident or if someone specifically checks certain parts of it.
  • The rest is blah blah from you agree with me, why even bother quoting me there is beyond me.

Signal is dead. Period. No need to use it when there are alternatives. This is what this is about, the rest is now defending a broken system.

[–] PandaCoderPL@lemmy.ml 1 points 2 years ago (1 children)

I think my GitHub Account is fine.

I did read part of your post and to be honest I don't think there is even reason to read the rest. Basically you are saying that no contact informations indicate that someone likes to harass people and less repositories on Git means that someone has no knowledge. Some people just don't want to be contacted outside that one platform where they are talking to you and number of repisitories doesn't mean that your statements are taken more seriously.

Your quotes makes the conversation almost impossible to follow, maybe this is what you wanted.

No, as you can see this is my style of replying to any longer statement to avoid confusion about which part I'm replying to. You are pretending to be such an expert in every area yet you are spreading complete misinformation but reading reply from top to bottom shouldn't be an issue for you.

Your argumentation that it does not matter because it is centralized is still wrong.

Can you prove that code that is running on Signal servers is exactly the same code that is published? No, you can't. Of course, if Signal would add some modifications that wouldn't be compatible with current client but published source code of the server wouldn't get updated then you could actually tell that something is wrong but my point is that they could do modifications that are compatible with the client and at the same time harmful to the users and in that case you wouldn't be able to tell any difference.

Assuming Signal changes something on the server you will get errors which forces someone to update the App.

I'm pretth sure some modifications doesn't need users to update the client.

You can verify server code if you run your own, I provided the link.

But in case of Signal you are not running your own server so you are not able to verify what is running there.

The rest is blah blah from you agree with me, why even bother quoting me there is beyond me.

By disrespecting me, you are not making me take you more seriously but from your blog post I see that you are just behaving that way daily until someone agrees with your every word.

Signal is dead. Period.

Project is not dead if there are still users using it.

No need to use it when there are alternatives.

Going by that logic you wouldn't use anything because there is always some alternative. Why are you on Lemmy when Postmill is alternative? Why would you use Postmill if Lemmy is an alternative? People are using whatever fits their threat model and this is the part that you refuse to understand for some unknown reason.

[–] CHEFKOCH@lemmy.ml 0 points 2 years ago

After days, you still do not let it go, quote everything to make a clusterf. out of it as I or others are not capable of understanding what you say. Do you quote the previous sentence in real life and then answer his question, no because it makes things worse.

  • Please always read everything and not only parts what you want to support because you are based.
  • Of course you can verify code on the server if you self-host it, again the instructions are given. If you love signal that much and you have an userbase with 1000+ people, you go through the hassle and self-host it. The degoogle people do that all the time across multiple platforms, session and whatnot. For some platform it is more effort than for others, point granted, but everything is possible.
  • You are here on lemmy, lemmy is FOSS oriented so yes for people here it is dead. Same like Facebook or you argue we shall continue supporting them because there are people. Stop defending dead systems. The Signal Team was not transparent on important things and this alone is a factor to not support or use their stuff. Period.
  • Your argument that modifications can or will happen, is pointless. Signal already did change something in the past on the server code. They even notified users of it with a blog post. This is part of how they work. Again, the normal user will so or so not able to verify it even if they release the source code or even show what exactly they changed with insights and links to their servers because this is beyond most people skills.

Going by that logic you wouldn’t use anything because there is always some alternative. Why are you on Lemmy when Postmill is alternative? Why would you use Postmill if Lemmy is an alternative? People are using whatever fits their threat model and this is the part that you refuse to understand for some unknown reason.

Yes there is always another alternative and there always will be, this is a good thing and not a bad. You ditch stuff the moment it is dead and move on, that is how the internet works. Otherwise, use existing alternative that exist since years, it is called XMPP. I am also btw. on Postmill and some other platforms. I am just not as active over there as I am on e.g. Reddit, Lemmy etc. But you compare now platforms in general to messenger apps who are mostly designed to deliver private stuff while as public forums are not private at all because everyone can read your stuff, so the attempt to make your point failed here. If I hear stuff like threat model, really ... cringe man... The normal user gives a shit about wasting his time reviewing some security models.

You contradict yourself a lot btw on one side you say decentralized is what people use yet you argue with me about that signal is okay to use, it is not.

I don’t know where did you get that 90% from but IMO people shouldn’t trust them at all and should use decentralized platforms instead.

I assume you do not use Signal here and defend a product which is from community standpoint dead.

Now let it go and stop quoting every line it makes things worse, third time I say this...

[–] CHEFKOCH@lemmy.ml -2 points 2 years ago* (last edited 2 years ago) (2 children)

I suggest locking the thread, red pilled people spreading their based opinion here which is not helpful at all.

Facts are

  • Signal went closed source with the Security through obscurity argument, which is reason enough to ditch this MF.
  • You need phone number too, sure there are workaround but this is not what most people want.
  • Signal Team is intransparent and has history of not answering important questions.
  • Closed source is enough reason to not suggest it.
  • The topic is already multiple times covered, the last time was this one.
  • People already tried to attack me here in this thread with BS which is not even related to Signal or anything at all, not going to call names here, but check it bellow.

Personal comment If someone gives me 50 Mio. in funding I wont let people down like this. What Signal team does here is more than pathetic, they spit in everyones face taking the money and they expect us to swollow the pill.

Give me the money I do better and I hang myself if I let someone down like Signal team did - you can quote me on this. No I am not suicidal it just expresses how most people think about the story and how they betrayed their own community.

[–] PandaCoderPL@lemmy.ml 1 points 2 years ago (1 children)

I suggest locking the thread, red pilled people spreading their based opinion here which is not helpful at all.

You are basically out of arguments, you know that you were wrong so now you are suggesting locking the thread to avoid further discussion. You posted this shortly after replying to me so I wouldn't have chance to reply back. Having last message in the discussion doesn't mean you are right though.

Signal went closed source with the Security through obscurity argument, which is reason enough to ditch this MF.

Explain this: https://github.com/signalapp/Signal-Server Signal is mostly open source, only mechanisms related to blocking spam are closed source.

You need phone number too, sure there are workaround but this is not what most people want.

It's not a big deal for some people because everyone has different threat model. Some people are using Signal with their family and friends who already have their phone number anyway.

Signal Team is intransparent and has history of not answering important questions.

Could you link to at least one source that proves it?

Closed source is enough reason to not suggest it.

You are using the same argument twice to make your message longer so it looks smarter? Above you can see link to source code of Signal server.

People already tried to attack me here in this thread with BS which is not even related to Signal or anything at all

You were the one who was constantly saying that code that is running on the server can be verified if you have access to the server. Of course it can, but how is it related to Signal?

not going to call names here, but check it bellow.

You don't even have to. Also this kind of behavior is really childish: "I could do that but I will not do it". If you are not going to do it then why did you even mention that.

Personal comment If someone gives me 50 Mio. in funding I wont let people down like this.

Did you give them the money? Signal got funding so they can do whatever they want with it. People have different needs and expectations so it's not really possible to create perfect messenger that would make everyone happy.

What Signal team does here is more than pathetic, they spit in everyones face taking the money and they expect us to swollow the pill.

I disagree with that statement. Signal is constantly being updated, new features are being added, bugs are getting fixed, you are the only one who is complaining that Signal team got the money but they are not doing what you want them to do with it. Luckily for you, Signal is open source so you can fork it and make your own messenger that will look just like you want it.

Give me the money I do better

Can you do it without plagiarizing other's work though?

[–] CHEFKOCH@lemmy.ml -1 points 2 years ago (1 children)

You are basically out of arguments, you know that you were wrong so now you are suggesting locking the thread to avoid further discussion. You posted this shortly after replying to me so I wouldn’t have chance to reply back. Having last message in the discussion doesn’t mean you are right though.

I am not out of arguments, I explained multiple times that your audit argument does not hold because in reality no one audits server code. You refuse to accept it and continue your nonsense.

Explain this: https://github.com/signalapp/Signal-Server Signal is mostly open source, only mechanisms related to blocking spam are closed source.

The app as well as the server code can be closed sourced afterwards, which happened now partially. If more and more crypto stuff gets added then what will happen next, they close that too.

It’s not a big deal for some people because everyone has different threat model. Some people are using Signal with their family and friends who already have their phone number anyway.

Some people also use XMPP with their family, according to your previous logic, why abandon XMPP.

Could you link to at least one source that proves it?

Here.

You are using the same argument twice to make your message longer so it looks smarter? Above you can see link to source code of Signal server.

Because you mentioned it 3 times now, you quote everything to make a mess now to make it look like that what you say is true, which is not. Please provide evidence that normal people audit source code of the app or the server code, there is none.

You were the one who was constantly saying that code that is running on the server can be verified if you have access to the server. Of course it can, but how is it related to Signal?

It can if you run your own, you talk about decentralization, so there you have it.

You don’t even have to. Also this kind of behavior is really childish: “I could do that but I will not do it”. If you are not going to do it then why did you even mention that.

You act childish, you come with arguments written by clowns. How is that related to Signal, harassment is not wanted here on Lemmy.

Did you give them the money? Signal got funding so they can do whatever they want with it. People have different needs and expectations so it’s not really possible to create perfect messenger that would make everyone happy.

If the govt. funds project, then everyone indirectly gave the money. A messenger claims to be private and then wants your phone number, well that alone is a no go. You can simply use a QR-Code to add new contacts.

I disagree with that statement. Signal is constantly being updated, new features are being added, bugs are getting fixed, you are the only one who is complaining that Signal team got the money but they are not doing what you want them to do with it. Luckily for you, Signal is open source so you can fork it and make your own messenger that will look just like you want it.

The server code was not updated for over one year, this is not constantly, in the meantime features did break. Luckily your argument about open source does not hold because can you audit it, no. So there you have it. And how does open source help if something is outdated or if the server code is changed, it does not help at all.

Can you do it without plagiarizing other’s work though?

I can and I debunked the wrong accusation here, which you refuse to read in full, as you admitted here.

How is that relevant to OP, you try to discredit me or my work based on some so called-findings from people who copy everything out of Bugzilla and other sources. What you do here is harassment and proves my point exactly. No arguments, coming with years old stuff from GitHub that violates GitHub Tos by abusing issue tickets for harassment, congrats.

[–] PandaCoderPL@lemmy.ml 0 points 2 years ago (1 children)

I am not out of arguments, I explained multiple times that your audit argument does not hold because in reality no one audits server code. You refuse to accept it and continue your nonsense.

Where did I even mention that auditing code of the server would change anything? I was only saying that you can't verify what is running on the server so it doesn't really matter if Signal makes that code open source or not.

The app as well as the server code can be closed sourced afterwards, which happened now partially. If more and more crypto stuff gets added then what will happen next, they close that too.

Now I can agree because you added that code of the server is partially closed.

Some people also use XMPP with their family, according to your previous logic, why abandon XMPP.

Who said anything about abandoning XMPP? I already said that people are free to use whatever they want because everyone has different threat model. Of course there are projects that I will recommend or not but nobody is forced to listen to my opinions.

https://dessalines.github.io/essays/why_not_signal.html

Thank you for the link, I will definitely check it out later.

Because you mentioned it 3 times now

Ans you still refuse to understand it.

you quote everything to make a mess now to make it look like that what you say is true, which is not.

I already said that I'm using quotes to make my reply more readable and less confusing, especially in case of longer statements. Quotes doesn't make anything look more true, it's just personal preference and my style of replying to others.

Please provide evidence that normal people audit source code of the app or the server code, there is none.

How do you know there is none? Do you know what every single person on the planet is doing right now? I highly doubt it.

It can if you run your own, you talk about decentralization, so there you have it.

Decentralization is not related to Signal either because AFAIK all servers are owned by one company.

You act childish, you come with arguments written by clowns. How is that related to Signal, harassment is not wanted here on Lemmy.

Let the moderators decide if this is harassment.

A messenger claims to be private and then wants your phone number, well that alone is a no go.

Privacy is not 0 or 1. Like I said before, people have different threat models so for some people will not care about using their own phone number for Signal, when others will not use Signal or even any mobile device at all.

The server code was not updated for over one year, this is not constantly

I said that Signal was constantly being updated, not the code of the server.

I can and I debunked the wrong accusation here, which you refuse to read in full, as you admitted here.

I already explained why I refused to read your explanation in full:

I did read part of your post and to be honest I don’t think there is even reason to read the rest. Basically you are saying that no contact informations indicate that someone likes to harass people and less repositories on Git means that someone has no knowledge. Some people just don’t want to be contacted outside that one platform where they are talking to you and number of repisitories doesn’t mean that your statements are taken more seriously.

What you do here is harassment and proves my point exactly.

Saying that you were plagiarizing work is not harassment but warning for other users who will be interacting with you in any way in future.

[–] CHEFKOCH@lemmy.ml 0 points 2 years ago* (last edited 2 years ago)

Where did I even mention that auditing code of the server would change anything? I was only saying that you can’t verify what is running on the server so it doesn’t really matter if Signal makes that code open source or not.

No one audits code, this is the point, I have even proven that with the OpenSSL Heartbleed argumentation. Open source does not help at all here, you can also reverse closed source stuff. This is what you do not understand. You can change stuff on the server and it will break stuff for your clients, a short test if you add feature x into the app, then check if the current server accepts it or not. Yes, this is a small test everyone can do.

Now I can agree because you added that code of the server is partially closed.

And how long until they close everything. The betrayed their community. I said, give me the money, I do better, hiring people or do it yourself with 50 Mio is easily archived.

Who said anything about abandoning XMPP? I already said that people are free to use whatever they want because everyone has different threat model. Of course there are projects that I will recommend or not but nobody is forced to listen to my opinions.

You said according to my logic. The normal user does not even know what threat model is.

Thank you for the link, I will definitely check it out later.

Yes, read it and really read everything and not only the headers like you did with my link.

I already said that I’m using quotes to make my reply more readable and less confusing, especially in case of longer statements. Quotes doesn’t make anything look more true, it’s just personal preference and my style of replying to others.

This is more readable, oh my god. Really. Your logic and weak arguments are beyond cringe.

Decentralization is not related to Signal either because AFAIK all servers are owned by one company.

Nope, Signal uses AWS, Google and Azure. There are fallback servers etc.

Let the moderators decide if this is harassment.

Yup, this thread gets closed anyway and maybe ends up that we both get banned because spam.

Privacy is not 0 or 1. Like I said before, people have different threat models so for some people will not care about using their own phone number for Signal, when others will not use Signal or even any mobile device at all.

No one said nor implied it. You mention thread model now 3 times, well I assume you do not even know what it is. Your aggressive - I wanna be right here - argument does not hold. You defend a system which turned on their users and make arguments up to make it look less shocking than it is, people trusted Signal but only if it is FOSS. That changed, and there is no arguing here.

I already explained why I refused to read your explanation in full

This is from basically the headers and not the full thing. Again you do not read links in full, you have no credibility nor reputation at all. Why shall someone believes a random account created 2 months ago which aggressively defends Signal because he wants to be right, failing the point that this OP is about that parts are closed source now.

No, I provided sufficient evidence that the arkenfox people are liar and hypocrites. This is a fact.

Saying that you were plagiarizing work is not harassment but warning for other users who will be interacting with you in any way in future.

There is no proof for this claim, I even explained it in detail. Again, using other statements from the internet makes you look like am amateur. Or do you believe earth is flat because it is written down.

I request again this topic gets locked, people here defend it without any arguments or links at all. The thread is already abused as smear campaign which is entirely off-topic. I have my own guild here on lemmy, if there is something to say, do that there and I will address all concerns.