[Markoff]

ROFL

Signal uses centralized server with closed source (they hidden code for one year until they finally gave up when users nagged them, nobody knows what they did during that year), Signal requires your phone number, Signal doesn't allow third party apps officially and tried to push some shady crypto, I mean how many red flags you need to avoid such POS app?

[vore]

The Signal client has always been open source: you can inspect precisely what the client is sending to the server (if you trust the source). If you're not sending undesirable information from the client to the server, no amount of closed source-ness of the server is going to get that from you.

Signal has always been transparent about what information get sent to the server: https://signal.org/blog/private-contact-discovery/

Even if some adversary is doing some kind of correlation to glean metadata from your traffic, they are definitely doing the table stakes here to preserve privacy and not just send your information off willy-nilly.

[yieldcrv]

yes, we can transparently see that it is a failure of a solution due to having our phone number and check this out: Signal's application isn't the only participant in Signal's application we don't want having that

speaking of dense exotic matter https://en.wikipedia.org/wiki/White_dwarf

[_8j50]

Backdoors are funny that way, sometimes the client operates correctly but a weakness in implementation can be abused by the server. Not that i know or think this is happening but they do insist on that phone number at all costs which these days is more identifying than a finger print which allows targeted exploitation if the server facilitating connectivity was hostile for whatever reason.

[cpach]

“Signal doesn't allow third party apps officially”

Feel free to explain how that affects message integrity/message confidentiality in a negative way.

[rvz]

This.

As Signal is on a centralized Google Cloud instance, it can easily be shut down by the providers and that is that.

> nobody knows what they did during that year).

They (and Moxie) were too busy shoving their private cryptocurrency scam project in Signal to later get as many users using it as possible to then pump and dump the coins on exchanges.

Signal is a complete joke.

[yoavm]

The fact that it can be shut down easily has nothing to do with how secure it is. I too dislike the fact that it is centralized, and the cryptocurrency thing, but from this to say that Signal is "complete joke" - it's not just a long way, it's non-sense.