“So @ProtonMail received a legal request from Europol through Swiss authorities to provide information about Youth for Climate action in Paris, they provided the IP address and information on the type of device used to the police https://t.co/KtKF4wn3wv”
What part of Signal is not open source? Both the signal clients and server-side code is licensed under GPL and AGPL respectively.
They hadn’t published the server-side code (which we can’t verify they’re running on their AWS/Azure servers anyway) for a long period of time, however, it’s now being released to the public again.
I agree. But it’s worse than what you’ve said here; Signal is only accessible on Android/iOS and not on the Pinephone and its myriad OSes, for example. People have to develop their own clients for Signal, but Signal has said that they will deny these clients access to the server. But there’s no way they’re going to develop Signal for these obscure platforms.
Now, whether they’d actually do that is another thing altogether, but they’ve said they would, and they’ve done it before.
As I mentioned before, Signal’s servers are hosted on AWS and Azure, which, even if that doesn’t concern you from a personal privacy perspective, Signal is funding these anti-privacy actors, and continued use of Signal increases its popularity, which increases the number of servers it needs to support users, which increases the amount of money it has to pay to these companies. So, by using Signal, you are indirectly financially supporting Amazon.
That makes me a little uncomfortable.
While you could make the argument that Signal’s servers can’t access your message content because it’s E2EE, metadata is still accessible, and probably accessible to Amazon and Azure, as they host the servers.
And Signal is also making weird moves lately with MobileCoin, which seems directly related to withholding their server source code for over a year.
Worst of all, you need a phone number to get Signal working. You could use a landline, or a free phone number, or a VOIP number, but you still need to do this to use Signal. Thankfully, it’s not limited to mobile numbers, because SIM cards are tied to your identity in some countries, but you need a phone number. This barrier to entry exists for no good reason. It exists for a reason (Signal was meant to replace SMS), but it’s not a good reason. Being given the option to link Signal to your phone is a good idea. Being forced to link Signal to a phone is dumb and annoying.
Signal might be open source, but they’re doing everything they can to close it off, which really annoys me.
But Signal isn’t proprietary, like @SudoDnfDashY suggested.
Good comment exposing all. I agree with you, what signal has been doing sucks. But I heard somewhere that there was a signal based app that was a bit better (not requiring phone number etc) I will research a bit about it.
That would be Session, the Australian Signal fork that uses a Tor-based network to route traffic and requires no information to setup. You don’t have to give any of your personal information to anyone you want to communicate with; you give them a randomised hash, which represents your address instead of a phone number. It’s even easier to setup than Signal because you don’t really have to do anything after you download it. I like it as a simple method to send encrypted messages between computers, because I don’t have to register a phone number every time I want another account. There’s no arbitrary 5 linked devices limit like Signal. Works on Windows/macOS/Linux.
I can’t imagine getting any of the people I know to use it, though.
The app is incredibly buggy and takes a long time to send and receive messages because of the onionized network. Also, it’s in Australia, a country that’s openly against end-to-end encryption and has been passing (and is still trying to pass) laws that mandate backdoors in encryption protocols. You can read about that here, under “Does the Australian government’s anti-encryption stance pose a risk to Session?”: https://getsession.org/faq
Session is developed by a non-profit foundation like Signal, and they also have their own cryptocurrency token, OXEN.
I think it’s definitely interesting, but there are probably too many annoyances for the people I know to use it on a daily basis.
What part of Signal is not open source? Both the signal clients and server-side code is licensed under GPL and AGPL respectively.
They hadn’t published the server-side code (which we can’t verify they’re running on their AWS/Azure servers anyway) for a long period of time, however, it’s now being released to the public again.
The problem with Signal is that you have to trust them instead of choosing a host that you trust or hosting a server yourself.
I agree. But it’s worse than what you’ve said here; Signal is only accessible on Android/iOS and not on the Pinephone and its myriad OSes, for example. People have to develop their own clients for Signal, but Signal has said that they will deny these clients access to the server. But there’s no way they’re going to develop Signal for these obscure platforms.
Now, whether they’d actually do that is another thing altogether, but they’ve said they would, and they’ve done it before.
As I mentioned before, Signal’s servers are hosted on AWS and Azure, which, even if that doesn’t concern you from a personal privacy perspective, Signal is funding these anti-privacy actors, and continued use of Signal increases its popularity, which increases the number of servers it needs to support users, which increases the amount of money it has to pay to these companies. So, by using Signal, you are indirectly financially supporting Amazon.
That makes me a little uncomfortable.
While you could make the argument that Signal’s servers can’t access your message content because it’s E2EE, metadata is still accessible, and probably accessible to Amazon and Azure, as they host the servers.
And Signal is also making weird moves lately with MobileCoin, which seems directly related to withholding their server source code for over a year.
Worst of all, you need a phone number to get Signal working. You could use a landline, or a free phone number, or a VOIP number, but you still need to do this to use Signal. Thankfully, it’s not limited to mobile numbers, because SIM cards are tied to your identity in some countries, but you need a phone number. This barrier to entry exists for no good reason. It exists for a reason (Signal was meant to replace SMS), but it’s not a good reason. Being given the option to link Signal to your phone is a good idea. Being forced to link Signal to a phone is dumb and annoying.
Signal might be open source, but they’re doing everything they can to close it off, which really annoys me.
But Signal isn’t proprietary, like @SudoDnfDashY suggested.
Good comment exposing all. I agree with you, what signal has been doing sucks. But I heard somewhere that there was a signal based app that was a bit better (not requiring phone number etc) I will research a bit about it.
Can you give the name of the app?
That would be Session, the Australian Signal fork that uses a Tor-based network to route traffic and requires no information to setup. You don’t have to give any of your personal information to anyone you want to communicate with; you give them a randomised hash, which represents your address instead of a phone number. It’s even easier to setup than Signal because you don’t really have to do anything after you download it. I like it as a simple method to send encrypted messages between computers, because I don’t have to register a phone number every time I want another account. There’s no arbitrary 5 linked devices limit like Signal. Works on Windows/macOS/Linux.
I can’t imagine getting any of the people I know to use it, though.
The app is incredibly buggy and takes a long time to send and receive messages because of the onionized network. Also, it’s in Australia, a country that’s openly against end-to-end encryption and has been passing (and is still trying to pass) laws that mandate backdoors in encryption protocols. You can read about that here, under “Does the Australian government’s anti-encryption stance pose a risk to Session?”: https://getsession.org/faq
Session is developed by a non-profit foundation like Signal, and they also have their own cryptocurrency token, OXEN.
I think it’s definitely interesting, but there are probably too many annoyances for the people I know to use it on a daily basis.