←back to thread

It looks like Signal isn't as open source as you thought it was anymore

(www.androidpolice.com)
242 points raybb | 2 comments | 06 Apr 21 18:04 UTC | HN request time: 0.467s | source
Show context
rvz ◴[06 Apr 21 18:46 UTC] No.26715723[source]
> While it regularly publishes the code of its client apps, it hasn't updated the Github repository for its server for almost a year.

Last commit was 5 days ago: [0]

As for not playing nice with third-party clients, I can give you that point.

[0] https://github.com/signalapp/Signal-Server/commit/365ad3a4f8...

replies(2): >>26715765 #>>26715780 #
tptacek ◴[06 Apr 21 18:50 UTC] No.26715780[source]
It's practically a principle of the Signal project to discourage third-party clients. Signal's security work is done, for obvious reasons, mostly clientside. If you have a diversity of clients, you're stuck with the lowest common denominator of mainstream clients. Without them, you can roll out any feature you want to.
replies(5): >>26715968 #>>26716208 #>>26717121 #>>26717165 #>>26717562 #
1. kemonocode ◴[06 Apr 21 20:40 UTC] No.26717121[source]
So why doesn't Telegram have the same issue? Just like Signal, the client is fully open source and most of the secure bits are client-side, but unlike Signal they make no pretenses about being "fully" open source as they've never published any server sources, nor they make hostile moves towards blocking third-party client interoperability.
replies(1): >>26717354 #
2. Andrew_nenakhov ◴[06 Apr 21 21:02 UTC] No.26717354[source]
Because Telegram is not secure at all and the only content that is not stored on server unencrypted are so-called secret chats, used by approximately 0% of audience. So they have zero need to be paranoid about data privacy.