| > it is not open source Huh? https://github.com/WhisperSystems/Signal-Android I'd even argue it's free software - the team has managed to create some confusion about distributing modified binaries - with regards to using the servers Signal operates -- but have clarified that it is indeed ok to build your own binary from the source they provide, and use their servers. I'm not quite convinced about their argument for official app store distribution and updates, but I can understand the argument. > it requires Google Play services I'm fairly sure the iOS client doesn't depend on Google Play Services. Sticking with an app store does require trust in the provider though. Whisper System have made some fairly clear choices, and while it's perfectly fine to disagree, I think it would be best to avoid FUD. It certainly strikes me as one of the better options for pragmatic secure messaging, that allows for a fairly narrow and reasonable set of threats (Google/Apple/Microsoft (possibly more than one of each, depending on your platform), Whisper Systems themselves, probably most state actors). The other reasonable option I'm aware of (that make slightly different trade-offs), is ChatSecure/zom.im (where zom.im is a "friendly" fork of ChatSecure). |
Terminology. What you call free software I call open source. As you go on to mention, you can see the source but not use it in any meaningful way. In particular:
> but have clarified that it is indeed ok to build your own binary from the source they provide,
Exactly. Your own binary. From their source.
Build your own binary for someone else, and it's "malware", as the guy had the nerve to call F-Droid in that bug report (here: https://github.com/WhisperSystems/Signal-Android/issues/53). That sort of bad faith, coming from a known liar (see my other reply) is what I really cannot condone.
> and use their servers.
Yeah, similarly. Use a source other than theirs or servers other than theirs and they start whingeing.
That is not open source.
> I'm not quite convinced about their argument for official app store distribution and updates,
Possibly because every time it's a different excuse?
> but I can understand the argument.
Yes, so can I: they want to control the platform so that it is their users, so that they can sell it to someone else, like they did last time.
And I would be perfectly fine with that, if it wasn't done via lies, deception, and denigrating third parties, particularly the chaps at F-Droid who at least have the decency of using their real names (not to mention not seeing you as the product).
> Sticking with an app store does require trust in the provider though.
Agreed. How high is Google in your "trusted" list? Yes, I'm picking on Google because it's a bit of an easier target than Apple, but still.
> I think it would be best to avoid FUD.
I agree, and that's precisely why I feel the need to speak up. I challenge the honesty not of their enterprise (which is no different from that of Skype, Whatsapp, or any other player) but of the way they are pursuing their goal. See above.
> It certainly strikes me as one of the better options for pragmatic secure messaging,
I don't know. As mentioned elsewhere, XMPP meets all my requirements and is not vendor-dependent. But the availability of options depends on each user's definition of things like "pragmatic" and "secure" (and even "messaging" for that matter!)
From seeing what's out there though, it appears that modern versions of Whatsapp (which I don't use, I'm FOSS-only) offer essentially the same capabilities as this application though, including end-to-end encryption. And of course, essentially the same disadvantages. I could be mistaken here though.
> that allows for a fairly narrow and reasonable set of threats (Google/Apple/Microsoft (possibly more than one of each, depending on your platform), Whisper Systems themselves, probably most state actors).
I guess it also depends on each user's definition of "fairly narrow and reasonable". :-)