←back to thread

It looks like Signal isn't as open source as you thought it was anymore

(www.androidpolice.com)
242 points raybb | 2 comments | 06 Apr 21 18:04 UTC | HN request time: 0.001s | source
Show context
ndiscussion ◴[06 Apr 21 18:42 UTC] No.26715675[source]
It's been like this for a while, and the project owner's attitude is pretty negative overall. I do use signal daily, but I believe it's likely compromised ala lavabit.
replies(4): >>26715714 #>>26715934 #>>26716233 #>>26718058 #
morelisp ◴[06 Apr 21 18:46 UTC] No.26715714[source]
What's in the Signal server to be compromised?
replies(2): >>26715770 #>>26716093 #
ndiscussion ◴[06 Apr 21 19:13 UTC] No.26716093[source]
If you use the Signal app from the app stores, and communicate with the server, you are using 100% closed source software.

They could easily add a backdoor in the client despite the fact that it's "open source", because no one builds it from source.

replies(3): >>26716277 #>>26716307 #>>26716329 #
1. Caligatio ◴[06 Apr 21 19:31 UTC] No.26716329[source]
By this standard, there is practically nothing that qualifies as open source. Compile something yourself? Well can you really trust your compiler unless you compiled it? How do you compile your compiler without a compiler? Obviously this is possible but no one does it; therefore no software is truly open source.
replies(1): >>26716692 #
2. ndiscussion ◴[06 Apr 21 20:03 UTC] No.26716692[source]
I disagree that these are on the same level - compiling something yourself, or having something compiled by ie the Arch Linux maintainers requires a number of people to comply.

The app store is a single point of failure with huge reach.