←back to thread

It looks like Signal isn't as open source as you thought it was anymore

(www.androidpolice.com)
242 points raybb | 2 comments | 06 Apr 21 18:04 UTC | HN request time: 0.434s | source
Show context
rvz ◴[06 Apr 21 18:46 UTC] No.26715723[source]
> While it regularly publishes the code of its client apps, it hasn't updated the Github repository for its server for almost a year.

Last commit was 5 days ago: [0]

As for not playing nice with third-party clients, I can give you that point.

[0] https://github.com/signalapp/Signal-Server/commit/365ad3a4f8...

replies(2): >>26715765 #>>26715780 #
tptacek ◴[06 Apr 21 18:50 UTC] No.26715780[source]
It's practically a principle of the Signal project to discourage third-party clients. Signal's security work is done, for obvious reasons, mostly clientside. If you have a diversity of clients, you're stuck with the lowest common denominator of mainstream clients. Without them, you can roll out any feature you want to.
replies(5): >>26715968 #>>26716208 #>>26717121 #>>26717165 #>>26717562 #
gruez ◴[06 Apr 21 19:05 UTC] No.26715968[source]
>If you have a diversity of clients, you're stuck with the lowest common denominator of mainstream clients. Without them, you can roll out any feature you want to.

This only matters if you cared about backward-compatibility. Otherwise you can just push breaking protocol changes without regard for third party clients.

replies(1): >>26716146 #
1. ViViDboarder ◴[06 Apr 21 19:18 UTC] No.26716146[source]
And the users of those clients will say “Signal is always breaking” and switch to another platform.
replies(1): >>26716322 #
2. tptacek ◴[06 Apr 21 19:30 UTC] No.26716322[source]
The scarier outcome is that they continue to use clients that lack security controls because the client continues to work well enough for them. Look how popular Telegram is.