We build Signal in the open, with publicly available source code for our applications and servers. To keep Signal a free global communication service without spam, we must depart from our totally-open posture and develop one piece of the server in private: a system for detecting and disrupting spam campaigns. Unlike encryption protocols, which are designed to be provably secure even if everyone knows how they work, spam detection is an ongoing chore for which there is no concrete resolution and for which transparency is a major disadvantage.

  • CHEF-KOCH
    -12 years ago

    Your arguments are weak, all of them. Being fully transparent on both server and client sides is the reason why people put their trust into Signal otherwise you can use other apps and networks.

    • Signal got millions of dollars yet they cannot host their own servers and trust Amazon, Google and Azure aka MS. They never said what they did with the money in detail.
    • In case the server source code is there you can run some basic tests to check if what is promised is really true or not, if their close the servers and add changes without releasing the source no can can detect if the servers are compromised or not. It is all about trust and verification. For example you can use new Signal app you compiled yourself with new features in it and quickly reveal if the server supports it already or not. How it works is explained here. If Signal had the docs on the new protocols, it would have been fine, but this was not the case.
    • You can break the key-exchange and use that to break open the E2E-Encryption. In theory, once you open this up you can fake auth + decide what messages are coming through.
    • The only protection against tampering is that messages can’t be read and no additional metadata is stored as far as the client source tells us. Assuming that someone is tampering with the encryption part, nothing would come trough or you would get error messages.
    • Signal acted unprofessional, first there was no updated source code, then they updated under pressure from the community and now they close it again. This is a serious thing.
    • Last time when Signal did not updated the source code in their servers we had conflicts, for example things like reactions etc. did not worked with the version of the server on public github.
    • There are instructions on how to deploy the server code.
    • Most people use Store apps like Google Play Store or Apple Clown Store and they need to trust them, fully because they have no technical knowledge to verify the builds and Google etc do not provide checksums directly on their pages so you also cannot quickly check it against something.
    • They will not federate and they are very hostile with forks. They think centralization and absolute control over the network is key.
    • This is a problem with ethics, for some people this is important. The claim this is done because of spam is weird because most people never saw spam in years.
    • Security by obfuscation isn’t security, Telegram pulls the same argument.

    It’s time to abandon ship. Let this MF die once and for all.

    • PandaCoderPL
      12 years ago

      Your arguments are weak, all of them.

      You are either replying to wrong comment or you see something that I didn’t write. Anyway, i just stated the fact that Signal is not dead, which is true. I didn’t defend Signal nor tried to do so and you can see it here.

      Being fully transparent on both server and client sides is the reason why people put their trust into Signal

      It doesn’t really matter in case of centralized platform because you have no way to verify that Signal servers are actually running exactly same code as the one that is public.

      otherwise you can use other apps and networks.

      This is exactly what I’m doing so I don’t have to put all trust into one central entity.

      Signal got millions of dollars yet they cannot host their own servers and trust Amazon, Google and Azure aka MS. They never said what they did with the money in detail.

      This is a good point, especially the one about Amazon. It wouldn’t really change anything if Signal would use own servers but using for that is Amazon is even worse.

      In case the server source code is there you can run some basic tests to check if what is promised is really true or not

      No, you are not able to verify what is running on the server unless you are the one who is controlling it.

      if their close the servers and add changes without releasing the source no can can detect if the servers are compromised or not. It is all about trust and verification.

      They are closing source only of small part of the server but in case of Signal it doesn’t really matter that much because there is no way of verifying what is actually running on the server.

      For example you can use new Signal app you compiled yourself with new features in it and quickly reveal if the server supports it already or not.

      Like you said, it would only verify if all new features are already supported. Still, you wouldn’t know if there are any backdoors or not because the client would work in exactly same way in both cases.

      How it works is explained here. If Signal had the docs on the new protocols, it would have been fine, but this was not the case.

      This is related only to the protocol and has nothing to do with verifying what is running on the server.

      You can break the key-exchange and use that to break open the E2E-Encryption. In theory, once you open this up you can fake auth + decide what messages are coming through.

      Technically you are right but it’s not specific to Signal.

      The only protection against tampering is that messages can’t be read and no additional metadata is stored as far as the client source tells us.

      Source of the client doesn’t tell you how the server handles your data though. Signal can store what they are collecting instead of deleting/hashing it. Hashing phone numbers is pointless anyway because those can be pretty quickly brute-forced nowadays.

      Assuming that someone is tampering with the encryption part, nothing would come trough or you would get error messages.

      Hopefully it would work that way.

      Signal acted unprofessional, first there was no updated source code, then they updated under pressure from the community

      I partially agree with that. They didn’t publish the code because they were working on new feature, but in my opinion it’s just stupid excuse.

      now they close it again. This is a serious thing.

      They close it to prevent spam. There are many other ways to mitigate spam though.

      Last time when Signal did not updated the source code in their servers we had conflicts, for example things like reactions etc. did not worked with the version of the server on public github.

      I understand that but it’s not a big deal to be honest.

      There are instructions on how to deploy the server code.

      Thank you for the links.

      Most people use Store apps like Google Play Store or Apple Clown Store and they need to trust them

      Unfortunately you are right on this one and people can’t get Signal from F-Droid either. If someone truly cares about privacy they should get Molly, it’s available in developer’s F-Droid repository as well.

      fully because they have no technical knowledge to verify the builds and Google etc do not provide checksums directly on their pages so you also cannot quickly check it against something.

      That’s nothing new but thank you for giving people next reason why they shouldn’t trust Google.

      They will not federate and they are very hostile with forks.

      To be honest I saw only one developer who was really aggressive towards anybody who even thought about forking Signal and creating alternative client.

      They think centralization and absolute control over the network is key.

      I fully agree with that statement.

      This is a problem with ethics, for some people this is important. The claim this is done because of spam is weird because most people never saw spam in years.

      Signal has so many users and everything is E2EE so it would be quite difficult to tell what percent of users actually received spam messages.

      Security by obfuscation isn’t security, Telegram pulls the same argument.

      You are right.

      It’s time to abandon ship. Let this MF die once and for all.

      Unfortunately for you, Signal will last a bit longer than your GitHub account.

      • CHEF-KOCH
        -32 years ago

        I think my GitHub Account is fine. Your quotes makes the conversation almost impossible to follow, maybe this is what you wanted.

        Wrong statements from you

        • Your argumentation that it does not matter because it is centralized is still wrong. Assuming Signal changes something on the server you will get errors which forces someone to update the App. Given the fact that most people use Play Store not even the open source argument, according to you matters at all because you also already need to trust Google Play Store.
        • You can verify server code if you run your own, I provided the link.
        • E2EE is no argument at all because no one here is able to verify nor audit it. No one normally audits every app release nor is someone able to find backdoors even there are some. We had this with OpenSSL which was compromised years before someone even noticed. Audits are normally expensive and no one does them for free because you waste lots of time and need to review the code. In most cases flaws are found my accident or if someone specifically checks certain parts of it.
        • The rest is blah blah from you agree with me, why even bother quoting me there is beyond me.

        Signal is dead. Period. No need to use it when there are alternatives. This is what this is about, the rest is now defending a broken system.

        • PandaCoderPL
          02 years ago

          I think my GitHub Account is fine.

          I did read part of your post and to be honest I don’t think there is even reason to read the rest. Basically you are saying that no contact informations indicate that someone likes to harass people and less repositories on Git means that someone has no knowledge. Some people just don’t want to be contacted outside that one platform where they are talking to you and number of repisitories doesn’t mean that your statements are taken more seriously.

          Your quotes makes the conversation almost impossible to follow, maybe this is what you wanted.

          No, as you can see this is my style of replying to any longer statement to avoid confusion about which part I’m replying to. You are pretending to be such an expert in every area yet you are spreading complete misinformation but reading reply from top to bottom shouldn’t be an issue for you.

          Your argumentation that it does not matter because it is centralized is still wrong.

          Can you prove that code that is running on Signal servers is exactly the same code that is published? No, you can’t. Of course, if Signal would add some modifications that wouldn’t be compatible with current client but published source code of the server wouldn’t get updated then you could actually tell that something is wrong but my point is that they could do modifications that are compatible with the client and at the same time harmful to the users and in that case you wouldn’t be able to tell any difference.

          Assuming Signal changes something on the server you will get errors which forces someone to update the App.

          I’m pretth sure some modifications doesn’t need users to update the client.

          You can verify server code if you run your own, I provided the link.

          But in case of Signal you are not running your own server so you are not able to verify what is running there.

          The rest is blah blah from you agree with me, why even bother quoting me there is beyond me.

          By disrespecting me, you are not making me take you more seriously but from your blog post I see that you are just behaving that way daily until someone agrees with your every word.

          Signal is dead. Period.

          Project is not dead if there are still users using it.

          No need to use it when there are alternatives.

          Going by that logic you wouldn’t use anything because there is always some alternative. Why are you on Lemmy when Postmill is alternative? Why would you use Postmill if Lemmy is an alternative? People are using whatever fits their threat model and this is the part that you refuse to understand for some unknown reason.

          • CHEF-KOCH
            02 years ago

            After days, you still do not let it go, quote everything to make a clusterf. out of it as I or others are not capable of understanding what you say. Do you quote the previous sentence in real life and then answer his question, no because it makes things worse.

            • Please always read everything and not only parts what you want to support because you are based.
            • Of course you can verify code on the server if you self-host it, again the instructions are given. If you love signal that much and you have an userbase with 1000+ people, you go through the hassle and self-host it. The degoogle people do that all the time across multiple platforms, session and whatnot. For some platform it is more effort than for others, point granted, but everything is possible.
            • You are here on lemmy, lemmy is FOSS oriented so yes for people here it is dead. Same like Facebook or you argue we shall continue supporting them because there are people. Stop defending dead systems. The Signal Team was not transparent on important things and this alone is a factor to not support or use their stuff. Period.
            • Your argument that modifications can or will happen, is pointless. Signal already did change something in the past on the server code. They even notified users of it with a blog post. This is part of how they work. Again, the normal user will so or so not able to verify it even if they release the source code or even show what exactly they changed with insights and links to their servers because this is beyond most people skills.

            Going by that logic you wouldn’t use anything because there is always some alternative. Why are you on Lemmy when Postmill is alternative? Why would you use Postmill if Lemmy is an alternative? People are using whatever fits their threat model and this is the part that you refuse to understand for some unknown reason.

            Yes there is always another alternative and there always will be, this is a good thing and not a bad. You ditch stuff the moment it is dead and move on, that is how the internet works. Otherwise, use existing alternative that exist since years, it is called XMPP. I am also btw. on Postmill and some other platforms. I am just not as active over there as I am on e.g. Reddit, Lemmy etc. But you compare now platforms in general to messenger apps who are mostly designed to deliver private stuff while as public forums are not private at all because everyone can read your stuff, so the attempt to make your point failed here. If I hear stuff like threat model, really … cringe man… The normal user gives a shit about wasting his time reviewing some security models.

            You contradict yourself a lot btw on one side you say decentralized is what people use yet you argue with me about that signal is okay to use, it is not.

            I don’t know where did you get that 90% from but IMO people shouldn’t trust them at all and should use decentralized platforms instead.

            I assume you do not use Signal here and defend a product which is from community standpoint dead.

            Now let it go and stop quoting every line it makes things worse, third time I say this…