I don't trust Signal
drewdevault.com

Good summary of several red-flags in regards to using the Signal messenger.

Also interesting is this one.

Use a locally hosted XMPP with the Conversations client :)

  • dengismceo@lemmy.ml
    6·
    4 years ago

    F-droid sign their releases themselves instead of letting the Signal Foundation sign them

    they do sign releases themselves, however:

    We also support reproducible builds, so we can build a version from source and check against your official release. If they match (ignoring the signature) we can then publish your official APK with your signature used. This is a tedious task, since we have to standardize on the build parameters and tools, but it should be worth it in the long run.

    • poVoq@lemmy.mlOP
      6·
      4 years ago

      Interesting. This sounds like something custom made just to defuse Moxie’s argument, yet Signal is still not on F-Droid, confirming that there are in reality other reasons.

      • dengismceo@lemmy.ml
        1·
        4 years ago

        probably has something to do with this:

        We can try to reproduce your APK, as mentioned above, but if this fails (or e.g. when you want to distribute an app with closed-source components or API keys etc.)

        apparently signal checks for play services even when you download the .apk from their site