We build Signal in the open, with publicly available source code for our applications and servers. To keep Signal a free global communication service without spam, we must depart from our totally-open posture and develop one piece of the server in private: a system for detecting and disrupting spam campaigns. Unlike encryption protocols, which are designed to be provably secure even if everyone knows how they work, spam detection is an ongoing chore for which there is no concrete resolution and for which transparency is a major disadvantage.

  • CHEF-KOCH
    -12 years ago

    You are basically out of arguments, you know that you were wrong so now you are suggesting locking the thread to avoid further discussion. You posted this shortly after replying to me so I wouldn’t have chance to reply back. Having last message in the discussion doesn’t mean you are right though.

    I am not out of arguments, I explained multiple times that your audit argument does not hold because in reality no one audits server code. You refuse to accept it and continue your nonsense.

    Explain this: https://github.com/signalapp/Signal-Server Signal is mostly open source, only mechanisms related to blocking spam are closed source.

    The app as well as the server code can be closed sourced afterwards, which happened now partially. If more and more crypto stuff gets added then what will happen next, they close that too.

    It’s not a big deal for some people because everyone has different threat model. Some people are using Signal with their family and friends who already have their phone number anyway.

    Some people also use XMPP with their family, according to your previous logic, why abandon XMPP.

    Could you link to at least one source that proves it?

    Here.

    You are using the same argument twice to make your message longer so it looks smarter? Above you can see link to source code of Signal server.

    Because you mentioned it 3 times now, you quote everything to make a mess now to make it look like that what you say is true, which is not. Please provide evidence that normal people audit source code of the app or the server code, there is none.

    You were the one who was constantly saying that code that is running on the server can be verified if you have access to the server. Of course it can, but how is it related to Signal?

    It can if you run your own, you talk about decentralization, so there you have it.

    You don’t even have to. Also this kind of behavior is really childish: “I could do that but I will not do it”. If you are not going to do it then why did you even mention that.

    You act childish, you come with arguments written by clowns. How is that related to Signal, harassment is not wanted here on Lemmy.

    Did you give them the money? Signal got funding so they can do whatever they want with it. People have different needs and expectations so it’s not really possible to create perfect messenger that would make everyone happy.

    If the govt. funds project, then everyone indirectly gave the money. A messenger claims to be private and then wants your phone number, well that alone is a no go. You can simply use a QR-Code to add new contacts.

    I disagree with that statement. Signal is constantly being updated, new features are being added, bugs are getting fixed, you are the only one who is complaining that Signal team got the money but they are not doing what you want them to do with it. Luckily for you, Signal is open source so you can fork it and make your own messenger that will look just like you want it.

    The server code was not updated for over one year, this is not constantly, in the meantime features did break. Luckily your argument about open source does not hold because can you audit it, no. So there you have it. And how does open source help if something is outdated or if the server code is changed, it does not help at all.

    Can you do it without plagiarizing other’s work though?

    I can and I debunked the wrong accusation here, which you refuse to read in full, as you admitted here.

    How is that relevant to OP, you try to discredit me or my work based on some so called-findings from people who copy everything out of Bugzilla and other sources. What you do here is harassment and proves my point exactly. No arguments, coming with years old stuff from GitHub that violates GitHub Tos by abusing issue tickets for harassment, congrats.

    • PandaCoderPL
      02 years ago

      I am not out of arguments, I explained multiple times that your audit argument does not hold because in reality no one audits server code. You refuse to accept it and continue your nonsense.

      Where did I even mention that auditing code of the server would change anything? I was only saying that you can’t verify what is running on the server so it doesn’t really matter if Signal makes that code open source or not.

      The app as well as the server code can be closed sourced afterwards, which happened now partially. If more and more crypto stuff gets added then what will happen next, they close that too.

      Now I can agree because you added that code of the server is partially closed.

      Some people also use XMPP with their family, according to your previous logic, why abandon XMPP.

      Who said anything about abandoning XMPP? I already said that people are free to use whatever they want because everyone has different threat model. Of course there are projects that I will recommend or not but nobody is forced to listen to my opinions.

      https://dessalines.github.io/essays/why_not_signal.html

      Thank you for the link, I will definitely check it out later.

      Because you mentioned it 3 times now

      Ans you still refuse to understand it.

      you quote everything to make a mess now to make it look like that what you say is true, which is not.

      I already said that I’m using quotes to make my reply more readable and less confusing, especially in case of longer statements. Quotes doesn’t make anything look more true, it’s just personal preference and my style of replying to others.

      Please provide evidence that normal people audit source code of the app or the server code, there is none.

      How do you know there is none? Do you know what every single person on the planet is doing right now? I highly doubt it.

      It can if you run your own, you talk about decentralization, so there you have it.

      Decentralization is not related to Signal either because AFAIK all servers are owned by one company.

      You act childish, you come with arguments written by clowns. How is that related to Signal, harassment is not wanted here on Lemmy.

      Let the moderators decide if this is harassment.

      A messenger claims to be private and then wants your phone number, well that alone is a no go.

      Privacy is not 0 or 1. Like I said before, people have different threat models so for some people will not care about using their own phone number for Signal, when others will not use Signal or even any mobile device at all.

      The server code was not updated for over one year, this is not constantly

      I said that Signal was constantly being updated, not the code of the server.

      I can and I debunked the wrong accusation here, which you refuse to read in full, as you admitted here.

      I already explained why I refused to read your explanation in full:

      I did read part of your post and to be honest I don’t think there is even reason to read the rest. Basically you are saying that no contact informations indicate that someone likes to harass people and less repositories on Git means that someone has no knowledge. Some people just don’t want to be contacted outside that one platform where they are talking to you and number of repisitories doesn’t mean that your statements are taken more seriously.

      What you do here is harassment and proves my point exactly.

      Saying that you were plagiarizing work is not harassment but warning for other users who will be interacting with you in any way in future.

      • CHEF-KOCH
        -12 years ago

        Where did I even mention that auditing code of the server would change anything? I was only saying that you can’t verify what is running on the server so it doesn’t really matter if Signal makes that code open source or not.

        No one audits code, this is the point, I have even proven that with the OpenSSL Heartbleed argumentation. Open source does not help at all here, you can also reverse closed source stuff. This is what you do not understand. You can change stuff on the server and it will break stuff for your clients, a short test if you add feature x into the app, then check if the current server accepts it or not. Yes, this is a small test everyone can do.

        Now I can agree because you added that code of the server is partially closed.

        And how long until they close everything. The betrayed their community. I said, give me the money, I do better, hiring people or do it yourself with 50 Mio is easily archived.

        Who said anything about abandoning XMPP? I already said that people are free to use whatever they want because everyone has different threat model. Of course there are projects that I will recommend or not but nobody is forced to listen to my opinions.

        You said according to my logic. The normal user does not even know what threat model is.

        Thank you for the link, I will definitely check it out later.

        Yes, read it and really read everything and not only the headers like you did with my link.

        I already said that I’m using quotes to make my reply more readable and less confusing, especially in case of longer statements. Quotes doesn’t make anything look more true, it’s just personal preference and my style of replying to others.

        This is more readable, oh my god. Really. Your logic and weak arguments are beyond cringe.

        Decentralization is not related to Signal either because AFAIK all servers are owned by one company.

        Nope, Signal uses AWS, Google and Azure. There are fallback servers etc.

        Let the moderators decide if this is harassment.

        Yup, this thread gets closed anyway and maybe ends up that we both get banned because spam.

        Privacy is not 0 or 1. Like I said before, people have different threat models so for some people will not care about using their own phone number for Signal, when others will not use Signal or even any mobile device at all.

        No one said nor implied it. You mention thread model now 3 times, well I assume you do not even know what it is. Your aggressive - I wanna be right here - argument does not hold. You defend a system which turned on their users and make arguments up to make it look less shocking than it is, people trusted Signal but only if it is FOSS. That changed, and there is no arguing here.

        I already explained why I refused to read your explanation in full

        This is from basically the headers and not the full thing. Again you do not read links in full, you have no credibility nor reputation at all. Why shall someone believes a random account created 2 months ago which aggressively defends Signal because he wants to be right, failing the point that this OP is about that parts are closed source now.

        No, I provided sufficient evidence that the arkenfox people are liar and hypocrites. This is a fact.

        Saying that you were plagiarizing work is not harassment but warning for other users who will be interacting with you in any way in future.

        There is no proof for this claim, I even explained it in detail. Again, using other statements from the internet makes you look like am amateur. Or do you believe earth is flat because it is written down.