|
|
|
|
|
|
by corty
1901 days ago
|
|
|
In a strict sense, you are completely right. But nonetheless people are recommending Signal because the client implementation looks good and is somewhat verifiable (absent appstore evilness and ignoring the lag between update and verification). The server implementation however is only based on trust in the people running the servers. And there, openness about the code at least gives a few hints about what is going on there, enabling me to trust at least a little more than not-at-all. |
|
|
They literally chose a zero server trust model when designing the protocol. NSA could be running modified signal servers and it wouldn't make a difference. Your messages would still be safe since all the magic happens on the clients. The servers just route the encrypted data, it's all just 1's and 0's to them.
> And there, openness about the code at least gives a few hints about what is going on there, enabling me to trust at least a little more than not-at-all.
Do we even know if signal was running updated server code in production? Maybe they have been running the same code that was on github this whole time.