| > I'd even argue it's free software Terminology. What you call free software I call open source. As you go on to mention, you can see the source but not use it in any meaningful way. In particular: > but have clarified that it is indeed ok to build your own binary from the source they provide, Exactly. Your own binary. From their source. Build your own binary for someone else, and it's "malware", as the guy had the nerve to call F-Droid in that bug report (here: https://github.com/WhisperSystems/Signal-Android/issues/53). That sort of bad faith, coming from a known liar (see my other reply) is what I really cannot condone. > and use their servers. Yeah, similarly. Use a source other than theirs or servers other than theirs and they start whingeing. That is not open source. > I'm not quite convinced about their argument for official app store distribution and updates, Possibly because every time it's a different excuse? > but I can understand the argument. Yes, so can I: they want to control the platform so that it is their users, so that they can sell it to someone else, like they did last time. And I would be perfectly fine with that, if it wasn't done via lies, deception, and denigrating third parties, particularly the chaps at F-Droid who at least have the decency of using their real names (not to mention not seeing you as the product). > Sticking with an app store does require trust in the provider though. Agreed. How high is Google in your "trusted" list? Yes, I'm picking on Google because it's a bit of an easier target than Apple, but still. > I think it would be best to avoid FUD. I agree, and that's precisely why I feel the need to speak up. I challenge the honesty not of their enterprise (which is no different from that of Skype, Whatsapp, or any other player) but of the way they are pursuing their goal. See above. > It certainly strikes me as one of the better options for pragmatic secure messaging, I don't know. As mentioned elsewhere, XMPP meets all my requirements and is not vendor-dependent. But the availability of options depends on each user's definition of things like "pragmatic" and "secure" (and even "messaging" for that matter!) From seeing what's out there though, it appears that modern versions of Whatsapp (which I don't use, I'm FOSS-only) offer essentially the same capabilities as this application though, including end-to-end encryption. And of course, essentially the same disadvantages. I could be mistaken here though. > that allows for a fairly narrow and reasonable set of threats (Google/Apple/Microsoft (possibly more than one of each, depending on your platform), Whisper Systems themselves, probably most state actors). I guess it also depends on each user's definition of "fairly narrow and reasonable". :-) |
As for your other comments - you may run your own server infrastructure from same or derived sourced, your own derived clients, distribute binaries etc - but you can't dilute the brand. Similar with Debian cloud images for example.
I'm not sure how that's "not FOSS".