←back to thread

It looks like Signal isn't as open source as you thought it was anymore

(www.androidpolice.com)

242 points raybb | 1 comments | 06 Apr 21 18:04 UTC | HN request time: 0.304s | source

Show context

BugsJustFindMe ◴[06 Apr 21 21:12 UTC] No.26717442[source]▶

>>26715223 (OP) #

> While communication is guaranteed to be secure due to the end-to-end encryption implemented in the open-source client apps and the Signal protocol

So the client is open source and guarantees end-to-end encryption regardless of what the server does. Ok, then I honestly don't care. Why should I?

I use Signal for its safety characteristics, which as stated are apparently ensured by the client regardless of what the server does, not because of the server, and I continue to agree with Moxie that federation is a white whale that doesn't solve any regular person problems.

replies(5): >>26717530 #>>26717721 #>>26718332 #>>26718385 #>>26719831 #

1. hoophoop ◴[06 Apr 21 22:52 UTC] No.26718385[source]▶

> So the client is open source and guarantees end-to-end encryption regardless of what the server does. Ok, then I honestly don't care. Why should I?

You should because any successful centralized messenger is one update away from becoming entirely closed source.

If Signal will reach say a billion users it will be able to do that without significant userbase loss, due to network effect.

> safety characteristics, which as stated are apparently ensured by the client regardless of what the server does

In reality, the contact social graph and the frequency and pattern of messages between users is leaked.

Any global observer can do a correlation attack thanks to the centralized servers (and absence of onion routing).