| Here, I translated it with DeepL: Signal server no longer open source
For almost a year, the public code of the Signal server has not been updated - the servers are running a different version. Article by Hanno Böck
published on April 6, 2021, 8:58 a.m. The encryption at Signal is top, but for some time now the server-side code is no longer publicly available - and Signal doesn't like to talk about it. Last modified on April 22, 2020 - that's the current status in the Git repository of the server code for the encrypted messenger Signal. Apparently, Signal has decided not to publish future changes to the server-side code. This has not been officially announced, and inquiries are not answered. Signal is considered the gold standard in encrypted communication. The protocol implements end-to-end encryption, which is considered exemplary and has been reviewed by cryptographers many times. The source code of the messenger is publicly available and is under a free license; anyone can examine it and modify it if necessary. The code of the Signal clients is still available
What is still true for the client apps has not been true for Signal's server-side code for some time. The code published on Github no longer receives updates, while Signal's servers are running a newer version. On Signal's official forum, a user asked about the current server code back in June 2020. A lengthy discussion thread followed. Already in the past, there were periods when Signal's publicly available server code was released with delays. But the repository has never been orphaned for as long as it is now. Many users prefer open source software, and the reasons are many. It is hoped that the code can be examined by independent people, security holes or backdoors can be found more easily. Another important aspect is the possibility of a fork: if a project develops in a direction that is not supported by users, others can take the code and develop it further themselves. The fact that Signal's code is open source has contributed a lot to the messenger's good reputation, and Signal advertises this itself. For example, the Signal website currently features a quote from Twitter CEO Jack Dorsey, who emphasizes that he trusts Signal because it is "open source, peer-reviewed, and funded solely by grants and donations." Because Signal is end-to-end encrypted, security does not depend on server code. The client is still open source and can be peer-reviewed. Nevertheless, the server code, which is no longer open, is not without consequences. For example, it is no longer possible to run your own Signal server or fork the entire system. Signal is silent about the reasons
It is remarkable that Signal does not explain its step. None of the user questions in Signal's forum and on Github were answered by members of the Signal team. Golem.de checked with Signal's press office and also received no response. "I think the Signal team should at least tell us why the server repo is currently not updated," writes a user on Github - and he is obviously not alone with this opinion. |