[dfkajglag]

Reminder that Signal server source code is not fully released and the app is heavily dependent on google services to operate. Signal also takes measures against third party or unofficial apps. Whatever you say about privacy Signal is not an ally of user freedom.

[pedroaraujo]

Not to mention that they keep investing in things that people don't necessarily care about (like the crypto currency embedded in the app).

It is kind of beyond me why people would submit to monthly donations to a company which only care about its own interests.

[JeremyNT]

I had actually considered donating to Signal, but the addition of Moxie's crypto scheme to the app scared me completely away.

Signal kind of hits a sweet spot of usability and security, but it's incredibly tenuous and I don't trust the company to hold my interests at heart. It seems like we should be able to do better.

[tapoxi]

What do you mean 'not fully released'? It's here: https://github.com/signalapp/Signal-Server

[fao_]

Is that the version that is actually deployed to their servers, though?

[fastball]

Is that possible for Signal to prove in a meaningful way?

[ryeights]

Intel SGX? They are already using it for some portion of the server code.

[ohthehugemanate]

Well your signal client performs SGX remote attestation before sending any contact data to ensure that the server codebase matches a valid release. So if they're not running the published source, your client will refuse to share your contact information and social graph. Note that messages are e2e encrypted on the client side, so they don't enter into it.

[barbazoo]

Isn't that impossible to prove for any OSS backend out there?

[lkxijlewlf]

Why wouldn't it be?

[kitkat_new]

because https://www.reddit.com/r/privacy/comments/qlw1ag/signal_is_a...

[Klonoar]

Surely you could link to the actual blog pose rather than a subreddit that regularly crosses the border into conspiracy theory territory.

[speedgoose]

Backdoors.

[gefhfffh]

It's not complete, they made a blog post recently where they stated that they have closed source code in use.

I think it was about spam

[toomuchtodo]

These are not requirements for most messaging app users. I just want secure messaging. I don’t care if it’s open or interoperable. WhatsApp if it was run by a non profit.

[Freak_NL]

Most messaging app users don't really care about encryption either. Most (or at least a large minority) probably wouldn't mind if their messages were used to 'deliver ads more suitable for you'.

It doesn't mean these aren't important issues. Until Signal drops the phone number requirement (nothing beats that for efficient user tracking), allows desktop use without requiring a smartphone anywhere in the process, open sources their server code, and allows for third party clients in a reasonable way; I agree with dfkajglag: not yet an ally of user freedom.

[Semaphor]

> Until Signal drops the phone number requirement (nothing beats that for efficient user tracking), allows desktop use without requiring a smartphone anywhere in the process

I could handle the closed server for enabling me to use IM to talk to people. But these two points are what make it a non-starter for me.

[lucian1900]

The phone number requirement is the only thing making Signal remotely close to usable for the wider public. Similarly, non-phone messaging is niche in the extreme. Unusable software is not an ally of user freedom.

The actual problem with Signal is that they took US State Department funding. That doesn't mean it's an op necessarily, but suspicious nonetheless.

[Freak_NL]

Why? If someone wants to use a phone number for their identifier, fine. But make it optional. If I join Signal with another alias (free-form string perhaps) then they could just add me via that. Not really harder than using my phone number.

[JumpCrisscross]

> Why? If someone wants to use a phone number for their identifier, fine. But make it optional

Network effects.

If you’re only findable via custom handle versus the phone number your network already has, you’ve reduced the network’s value to your contacts. Put another way, if I join a messaging service and it says two of my contacts are on it (but many more may be), that’s close to a non-starter.

[Freak_NL]

I'm fine with people not finding me automatically. If Signal wants to keep the low-resistance method of bulk-checking your contact's phone numbers, fine. Just give me the choice of joining without it.

[imwillofficial]

And insane spam follows.

[Freak_NL]

Why would you add a spammer to your contacts in Signal?

[lucian1900]

If it's optional, then there is more than one way to identify users. For a non-technical user, that means they have to make a choice and understand that choice, as opposed to just always using a phone number.

And everyone with a phone has a phone number.

[gefhfffh]

Even if it's not most users, it still benefits the other people.

Why should everyone be forced to give away their phone number?

Why should everyone be forced to use the same app including it's limitations?

Why should everyone be forced to make a contract with the same vendor?

It could well be that it's not a requirement, because people don't think about it or take it as given.

Imagine Email or phones would work the same way Signal works (with respect to the above concepts).

Is non profit a requirement for most messaging app users?

[toomuchtodo]

You are free to not use the product if it and it's roadmap doesn't meet your needs. Lots of messaging options to choose from.

[gefhfffh]

Unfortunately, you can't simply choose. Messaging apps that don't interoperate inherently create forces to use their app if you have contacts you want to reach on that app

[gefhfffh]

"One in four people struggle to keep up with friends because they are using too many apps"

https://www.dailymail.co.uk/sciencetech/article-10451559/One...

TLDR: people are just not aware of their requirements

[iqanq]

That's why I simply use whatsapp.

[nicce]

Technically it is not very secure. It leaks the most interesting stuff (metadata). People think that only message content matters.

[323]

What metadata is it leaking? Any link?

[nicce]

Everything they can possibly get with the app. Only message content is E2EE.

https://www.whatsapp.com/legal/privacy-policy

https://faq.whatsapp.com/general/security-and-privacy/end-to...

[gefhfffh]

Didn't know leaking meta data was a requirement for most of the people ;-)

[nicce]

The most people don’t understand their own requirements. For example before Apple’s privacy features, Facebook (Meta) could try to guess the message contents with certain probablity based on other app usage. (Facebook trackers on different apps and cross-app tracking)

[gefhfffh]

What is exactly what I am trying to say, since the comment up the chain states that e.g. interoperability isnt a requirement of most users

[gherkinnn]

My grandparents can all set it up without me flying over to do it for them.

Concessions have to be made somewhere.

[franga2000]

> Whatever you say about privacy Signal is not an ally of user freedom.

Good reminder for those that don't know, but did anyone ever claim otherwise? From the very start, releasing the source code was meant exclusively as a way to ensure trust == security. It was never about software freedom - the only freedom the devs mentioned was freedom of speech (encryption and censorship-resistence).

[binkHN]

I’m tired of all these text messaging silos. Email is ubiquitous because no one owns it. RCS can’t come fast enough.

[barbazoo]

I'll bite. What's RCS?

[ryeights]

The “next-generation” text messaging standard to replace SMS/MMS. Higher quality images, read receipts, etc. I believe it also supports some form of encryption.

[barbazoo]

Interesting, I'm surprised to find Google as a big promoter of this, doesn't this go against their walled garden approach if there is a universal messaging infrastructure?

[binkHN]

Google is its biggest backer and you can find more at https://jibe.google.com, along with the usual Internet searches.