| This quote from GP's link could possibly be interpreted as "Signal does not look very trustworthy": > Signal requires phone numbers and is a centralized service. HushChat is completely anonymous and decentralized and requires absolutely no metadata be given to any centralized third parties. Signal is also not fully open source, the backend servers are NOT OPEN SOURCE, and so, Signal should be considered "open core" and not fully open source. HushChat is Free Software! We are about your freedom, Moxie cares about his Silicon Valley friends. I believe Signal requires phone numbers to be usable at all. I maybe vaguely recall plans to get rid of this restriction, but I'm not sure. The Signal protocol is explicitly designed to trust servers as little as possible, so even if the server code were proprietary, that doesn't mean much. Ultimately, HushChat and Signal are probably chasing slightly different goals. HushChat seems to be focused on privacy at all costs. Signal is focused on privacy for everyone. There's a usability tradeoff here, between usability and security. --- While I'm at it, the following quote rubs me the wrong way: > Are you rolling your own crypto like stupid people? > No. We use the industry standard libsodium to provide cryptographic primitives: […] My first objection here is that there's nothing wrong with writing your own implementation of known primitives. The problem when you do so is taking the time to get it right¹, which is why it is almost always much cheaper to just use an existing crypto library. [1]: https://loup-vaillant.fr/articles/crypto-is-not-magic.html My second objection is that they are designing and implementing their own protocol. Not that there's anything wrong with that, but they are suggesting it's easier than implementing a primitive. In my experience, it's not. It tends to take less time, but it's also more delicate. Overall, it evens out. Really, I don't fault them for what they do here. But it sucks that they have to defend against the "rolling your own crypto" in this way. |