We build Signal in the open, with publicly available source code for our applications and servers. To keep Signal a free global communication service without spam, we must depart from our totally-open posture and develop one piece of the server in private: a system for detecting and disrupting spam campaigns. Unlike encryption protocols, which are designed to be provably secure even if everyone knows how they work, spam detection is an ongoing chore for which there is no concrete resolution and for which transparency is a major disadvantage.
Technically there are still many people using it because Signal is really user-friendly for those switching from WhatsApp.
Your arguments are weak, all of them. Being fully transparent on both server and client sides is the reason why people put their trust into Signal otherwise you can use other apps and networks.
It’s time to abandon ship. Let this MF die once and for all.
You are either replying to wrong comment or you see something that I didn’t write. Anyway, i just stated the fact that Signal is not dead, which is true. I didn’t defend Signal nor tried to do so and you can see it here.
It doesn’t really matter in case of centralized platform because you have no way to verify that Signal servers are actually running exactly same code as the one that is public.
This is exactly what I’m doing so I don’t have to put all trust into one central entity.
This is a good point, especially the one about Amazon. It wouldn’t really change anything if Signal would use own servers but using for that is Amazon is even worse.
No, you are not able to verify what is running on the server unless you are the one who is controlling it.
They are closing source only of small part of the server but in case of Signal it doesn’t really matter that much because there is no way of verifying what is actually running on the server.
Like you said, it would only verify if all new features are already supported. Still, you wouldn’t know if there are any backdoors or not because the client would work in exactly same way in both cases.
This is related only to the protocol and has nothing to do with verifying what is running on the server.
Technically you are right but it’s not specific to Signal.
Source of the client doesn’t tell you how the server handles your data though. Signal can store what they are collecting instead of deleting/hashing it. Hashing phone numbers is pointless anyway because those can be pretty quickly brute-forced nowadays.
Hopefully it would work that way.
I partially agree with that. They didn’t publish the code because they were working on new feature, but in my opinion it’s just stupid excuse.
They close it to prevent spam. There are many other ways to mitigate spam though.
I understand that but it’s not a big deal to be honest.
Thank you for the links.
Unfortunately you are right on this one and people can’t get Signal from F-Droid either. If someone truly cares about privacy they should get Molly, it’s available in developer’s F-Droid repository as well.
That’s nothing new but thank you for giving people next reason why they shouldn’t trust Google.
To be honest I saw only one developer who was really aggressive towards anybody who even thought about forking Signal and creating alternative client.
I fully agree with that statement.
Signal has so many users and everything is E2EE so it would be quite difficult to tell what percent of users actually received spam messages.
You are right.
Unfortunately for you, Signal will last a bit longer than your GitHub account.
I think my GitHub Account is fine. Your quotes makes the conversation almost impossible to follow, maybe this is what you wanted.
Wrong statements from you
Signal is dead. Period. No need to use it when there are alternatives. This is what this is about, the rest is now defending a broken system.
I did read part of your post and to be honest I don’t think there is even reason to read the rest. Basically you are saying that no contact informations indicate that someone likes to harass people and less repositories on Git means that someone has no knowledge. Some people just don’t want to be contacted outside that one platform where they are talking to you and number of repisitories doesn’t mean that your statements are taken more seriously.
No, as you can see this is my style of replying to any longer statement to avoid confusion about which part I’m replying to. You are pretending to be such an expert in every area yet you are spreading complete misinformation but reading reply from top to bottom shouldn’t be an issue for you.
Can you prove that code that is running on Signal servers is exactly the same code that is published? No, you can’t. Of course, if Signal would add some modifications that wouldn’t be compatible with current client but published source code of the server wouldn’t get updated then you could actually tell that something is wrong but my point is that they could do modifications that are compatible with the client and at the same time harmful to the users and in that case you wouldn’t be able to tell any difference.
I’m pretth sure some modifications doesn’t need users to update the client.
But in case of Signal you are not running your own server so you are not able to verify what is running there.
By disrespecting me, you are not making me take you more seriously but from your blog post I see that you are just behaving that way daily until someone agrees with your every word.
Project is not dead if there are still users using it.
Going by that logic you wouldn’t use anything because there is always some alternative. Why are you on Lemmy when Postmill is alternative? Why would you use Postmill if Lemmy is an alternative? People are using whatever fits their threat model and this is the part that you refuse to understand for some unknown reason.
After days, you still do not let it go, quote everything to make a clusterf. out of it as I or others are not capable of understanding what you say. Do you quote the previous sentence in real life and then answer his question, no because it makes things worse.
Yes there is always another alternative and there always will be, this is a good thing and not a bad. You ditch stuff the moment it is dead and move on, that is how the internet works. Otherwise, use existing alternative that exist since years, it is called XMPP. I am also btw. on Postmill and some other platforms. I am just not as active over there as I am on e.g. Reddit, Lemmy etc. But you compare now platforms in general to messenger apps who are mostly designed to deliver private stuff while as public forums are not private at all because everyone can read your stuff, so the attempt to make your point failed here. If I hear stuff like threat model, really … cringe man… The normal user gives a shit about wasting his time reviewing some security models.
You contradict yourself a lot btw on one side you say decentralized is what people use yet you argue with me about that signal is okay to use, it is not.
I assume you do not use Signal here and defend a product which is from community standpoint dead.
Now let it go and stop quoting every line it makes things worse, third time I say this…