Hello Everyone,

This is something I’ve been thinking about in the wake of many users joining Signal, due to WhatsApp’s new privacy policy changes.

When it comes to the mobile client (in case of Android), we could verify its integrity by checking the source code & the APK’s integrity using reproducible builds (https://signal.org/blog/reproducible-android/).

When it comes to the server, it is possible that it could get compromised in many ways.

My question is, when it comes to privacy & security, does the server integrity matter if we are reasonably sure the client isn’t compromised in any way or doesn’t transmit anything that the server could access in a meaningful way.

And, this could apply to any service that has both FOSS client & server or just FOSS client.

  • Dessalines@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    4 years ago

    The source for that stuff is “trust me” since:

    • The signal server isn’t made to be self-hostable, nor do we have a way to verify their server code is the code that’s running, on the only instance you can sign up to.
    • Its hosted in the US, so we must assume the worst there. Lots of places to log form login posts that connect a phone number to their internal ids, and phone numbers are mandatory for logins.

    I’m not sure why people let signal off the hook with a few press releases. If someone were to say, “Hey I’m making a secure messaging service! You must give me your phone number, and its run by a US company, hosted in one of the few countries where its illegal for us to tell you if our server is compromised.”, not many of us would take it seriously.

    • Dreeg Ocedam@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      4 years ago

      The source for that stuff is “trust me” since

      Not for Sealed Sender and Private groups, because that’s mainly implemented client side. Pretty much all of the privacy features of Signal come from Client side encryption and deletion of metadata, so you don’t have to trust the server, because it never has access to the decrypted content and metadata since it’s never even sent to it.

      • poVoq@lemmy.ml
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        4 years ago

        That is what I would call a “cargo cult” feature ;)

        Since Signal is in full control of the server infrastructure they can easily correlate based on timing who the sender is.

        Edit: This, like a lot of the features of Signal are nice in theory and would be great in a fully federated and self-hostable ecosystem, but as it stands they are pretty much a smoke screen.

        • Rugged Raccoon@lemmy.mlOP
          link
          fedilink
          arrow-up
          2
          ·
          4 years ago

          Yeah, wondering why Signal isn’t federated yet. Is it because they can’t ensure that the federated servers confirm to the same standards or something?

          • poVoq@lemmy.ml
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            4 years ago

            That’s a long story and was a heated debate some years ago. But basically it boils down to that the Signal developers don’t want it to be federated as that would limit their ability to innovate quickly.

            • Rugged Raccoon@lemmy.mlOP
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              4 years ago

              While I can see the perspective from which this blog has been written. If I understood correctly, centralization makes it easy for the users & reduces friction in switching services, while allowing the services to adapt to the changing landscape.

              But, many of the points here, which might have been well intended, doesn’t rhyme well (with me at least). For example, the thing about clients or server in a federated landscape not supporting the same thing, that’s a bit blowing it out of proportion IMHO. When we look around, the devices, the software we use, aren’t the same and don’t work the same for anyone, but it works nonetheless. A standard is something that is hard to adapt quickly or implement, in a diverse ecosystem as this. The talk about IP version being stuck in time, I’m wondering what Moxie thinks should’ve been done about that?

              This is like wanting to make everything "Apple"ized, if that’s even a proper word. Everything from hardware to software, built to a specification and custom protocol. If hardware and software are under centralized control, sure you can eliminate most of the compatibility problems and provide what you envisioned. But, that would take way the ability to have something that is different, yet is interoperable.

              What we have is an ok’ish ecosystem, where things confirm to some standard, at some capacity, while I at the same giving us the freedom to tinker and have something different.

      • Rugged Raccoon@lemmy.mlOP
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        4 years ago

        In that sense, then any messaging service, with an open client that has the same features as Signal & a server that’s either closed or open but compromised, should be ok, right? because the client doesn’t trust the server and ensures that it doesn’t send anything that can be interpreted by the server. The server either has no choice but to work with such a client or doesn’t.

        From your earlier reply, I understand that a closed server can’t be forked or can do this & that with the data sent, but at the same time, the Signal team has a tight lid on its ecosystem well. I don’t see anyone self-hosting Signal server or running a custom client, at least the people I know don’t.

        Note: Here, I’m assuming that I’ve manually installed a version of the open client that I know isn’t tampered with & has a solid implementation, not directly from any store.

        • Dreeg Ocedam@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          4 years ago

          The fact that their tech is FLOSS means that if someone wants to build a messaging service that has the same privacy features as Signal, they can without starting from scratch.

          I don’t see anyone self-hosting Signal server

          If they suddenly announce that Signal is bought by Facebook (it can’t really happen because it’s a non-profit), there will be other organisations that will start their own Signal based services.