"Centralised messenger Signal has just announced that they are making part of their server software closed source. They claim it is to fight spam, but by using closed source they make it impossible for outsiders to verify the truth. This is worrying.
We really, really need a fully open, decentralised alternative to Signal.
There are several alternatives being developed, please support them:
➡️ @matrix
➡️ @delta
➡️ @briar
➡️ @Jami "
Mandatory post of my Why not Signal? I wrote a few months ago.
Thanks for sharing, it was a good read.
deleted by creator
Let me guess… NoGoolag or SpiteChat?
deleted by creator
Don’t fall for the smear campaign. Remember when Big Tech launched a smear campaign against Richard Stallman when he came back to the FSF? This is pretty much the same, but done by Big Media.
Also, who wishes “freedom” and “human rights” to people? That usually means death and slavery (see Libya). Do not wish that to people.
Big tech smear campaign? The guy defended his colleague for saying that “Epstein’s girls were well-paid for what they did” in a public MIT mailing list that included all his students. Imagine what that toe jam eating bastard says in private. 😂😂😂😂😂😂😂😂
deleted by creator
It is absolutely not something “totally different”. They are both enemies of big corporations and want to free the people from the control of the corporations. The smear campaigns have many things in common, like taking events that happened a long time ago, assuming malicious intent, framing something in a deceptive way, accusing without evidence…
deleted by creator
deleted by creator
Bold move criticising the CCP on Lemmy. Closed source software = evil, forced labour camps = autonomy
[Lemmy claims that] forced labour camps = autonomy
So this pretty strongly indicates that you have never actually read any pro-China arguments and probably only hate them because you’ve been told to. No rational person who supports China thinks that the “Xinjiang genocide” is happening (and there is plenty of hard evidence debunking Western claims that it exists, they’re all over Lemmy so have a look see), and we certainly don’t support any sort of genocide.
deleted by creator
I can imagine the “evidence”: the Xinjiang genocide is not real because our absolutely transparent, benevolent and honest dictatorship government says so.
Again, this just shows that you have never actually seen any arguments against the Western narrative. Most of the commonly presented evidence is not from the Chinese government. It’s a mix of independent sources and finding that there are more holes in the Western narrative than Swiss cheese.
This is the supporting evidence I speak of. You’ll find that almost none of it is Chinese in origin:
https://lemmy.ml/post/70239 – Poking holes in a Pulitzer prize winning article about China’s supposed concentration camp
https://lemmy.ml/post/74653 – This one’s from the Italian government.
Why would it be? Is it because all of them are so brainwashed by Chinese propaganda?
You say that while not reading beyond what your absolutely transparent, benevolent and honest Western government and mainstream media tells you. The vast majority of English speaking China supporters are that way because they have researched both sides.
deleted by creator
Recommend bringing in some actual verifiable proof. You know, that concept you Western human rights grifters seem oblivious to.
Yes I am an Indian. Yes you have met me on Barinsta Telegram group.
deleted by creator
deleted by creator
Yeah, that’s not how it works. You made a claim [that Lemmy’s developers (I assume you also mean admins like me) are funded by the CCP]. Now it is your responsibility to provide evidence before anyone need take it seriously. You don’t get to make a claim and have everyone believe it’s true until someone disproves you.
Signal didnt update the source code for the server a whole year, so I would already consider it closed source. Now they are just making it official (but probably still talking about how open they are).
I’m sorry, but you are not correct. They’re updating it.
Yes they started updating it again. But for a whole year they didnt. So what i’m saying is that their development is not open at all, and for me thats one of the most important parts of open source.
Being developed in secret or rejecting community PR’s does not make a project closed source. They may be your requirements for an open source project, but it doesn’t mean the code is closed source.
You’re conflating two separate ideas and spreading misinformation to dissuade people away from a project you personally don’t like. I find that behavior dishonest and think we can do better than that.
Being developed in secret […] does not make a project closed source.
I don’t have a stake in this, but here’s my two cents:
It’s highly unlikely they have not updated their backend code for the whole year that their public repo was silent. By the definition of open source, if they made changes to their production codebase and did not disclose them, it means that said codebase was proprietary for that time.
This is especially true for Signal’s server, since it’s licensed under AGPL-3.0. For ANYONE else using the server code, modifying their production server and not disclosing it for a year is a direct violation of the license’s requirements and in the worst case could get them sued or the right to use the codebase revoked. The only reason that Signal themselves can get away with it is because they own the code so they’re not bound by the license terms, but that means they were explicitly acting outside the bounds of their very own open source project.
A strawperson, really?
Ya’ll really don’t give people a break do you? Make one mistake and you have to live with it forever these days. It’s not like they didn’t release the code or threatened to keep it secret.
deleted by creator
That’s my though too. It seems people are jumping to conclusions, but what is the real world alternative other than making public the methods being used so that spammers can just look at the code and operate within documented limits? People are against it, but offering zero alternatives, and instead jumping to “Signal bad, boo!”
Agreed here.
Purely conspiracy theory here, but this comes just after the reveal that the FBI tried to get user info. Maybe the FBI weren’t happy with the lack of records Signal were keeping and this is a compromise. We have seen this sort of thing before. Gov wants info, an extra closed layer is created. If it’s not this, the timing is unfortunate.
Anyway, the blog post is very vague. In all those paragraphs they don’t even mention how this new implementation works. Just that the way it works now isn’t enough. Maybe the interfaces they mention becoming public will help understand it better, but of course the code is closed and unreleased so we’ll never really know.
Holy crap I didn’t even think about this! It’s totally possible and has happened before as you said!
you forgot XMPP as an alternative. For example the snikket project is developing a XMPP ecosystem with clients for every platform.
Snikket was quite easy to set up and the community is very helpful
They’re probably going to go the way of Reddit. Slowly making their code proprietary until all of it is, taking all community contributions with it.
Legit question, what is the alternative solution? Build it out in the open for spammers to bypass? The interface to the code will be public, but the implementation will be hidden. Why do you disagree with this? The client is still E2EE and they still collect no metadata.
If your spam filter, security system or things in that vein needs to be kept secret to prevent people from bypassing it, it’s probably pretty badly designed.
So what’s the alternative? I’d love to know what the alternative is.
I don’t know, A spam section in the app that sends all messages from numbers outside of your contacts seems good enough for me. Combine it with no notification, flooding prevention, and auto deletion after a period, you’ll never even notice it.
it might take up space and data usage but it’s better than being closed source.
XMPP, and Matrix are going well. Session I think is an alternative to Signal, but the problem you’ll find is how many contacts do you actually have on Session… Matrix is probably the best option as it also can bridge to so many other services.
I just realised something: if every message is e2ee by default as they claim, how the hell do they plan on spam filtering them from the server side?
Weird, I have never once gotten any unsolicited messages on Signal.
me neither but it’s really not that hard to automate looping through numbers with hopes of hitting a few with signal.
i use xmpp for myself. it’s absolute god
We got problems around matrix (metadata) and signal (as you seen in the post) but i do not hear much about xmpp is bad :P
My concern about XMPP is how much the server knows about you/contacts. Or you have to install E2EE plugins. Or you have to set it up for Tor. It’s annoying. HOWEVER, it does have the advantage of security separation, instead of having it all wrapped up into a single point of failure.
look i feel you and indeed XMPP admins can know a lot and even reset your password if they want and but the thing is some xmpp servers are big and i’m sure they will not ruin their reputation that easily.
Also the huge plus with XMPP is that setting up a raspberry pi at home is pretty easy so there shouldn’t be a need for big servers. In the future the one IT person in every Family/Friendgroup could set up snikket and have friends and family use it.
I doubt we will find a chat solution that’s more secure than that.
Who could have seen this coming? Absolutely no one ;)
/s(arcasm)
/b(ackToReddit)
It wouldn’t be so bad if I wasn’t required to hand them a phone number and my metadata.
Therefore I’m choosing anonymous platforms.
AFAIK there is no actual metadata which can be accessed other than account creation and last account connection timestamps. other than that I totally agree that removing the requirement for a phone number is long overdue and is essential for a private and secure messenger.
It’s essential for an anonymous messenger, not a secure or private one. You’re trying to solve a different problem.
This exactly
Other alternatives: https://lbry.tv/@AlphaNerd:8/forks-of-signal-messenger-(in-case-it:d
Also, in my experience, jami does not work that well.
Can one get a 10 line summary, or simply a list of these forks instead of a 10+ minute video?
It can be very tempting to immediately jump on the “ban signal” bandwagon, but I think it would be wise to take a step back and understand where they’re coming from.
In reading the blog post their focus is on user privacy as their top priority. I don’t believe signal would make this decision without privacy in mind. What’s the alternative?
If spammers run rampant, Signal has a bigger privacy nightmare on their hands. Maybe by a miracle you got Grandpa to join you on signal. But a spammer then reached out to him with “hot young singles in your area” and Grandpa just had to click. Now suddenly Grandpa’s retirement savings are gone.
So I’m not saying it’s not worrisome. I’m saying let’s remain open-minded. After all, it’s nearly impossible to have 100% open source software in any stack. You’re either using an AMD or Intel CPU. They’re both closed source, but they allow you to interact with a privacy community.
I agree, this is not necessarily good but signal is still great!
Is there a Delta Chat group for Lemmy users?
There is no official one AFAIK, but you’re welcome to make your own!
Delta chat and Briar are P2P, so probably okayish, but unfortunately, they are also funded by US regime change bodies to support coup organizers in Latin America etc.
Hence, I suggest supporting Matrix.org, and modern e2e-first XMPP projects like snikket.org instead.
Sources ?
Tin foil hat on their heads.
removed, matrix is shit, it costs so much to host, just say xmpp projects from now on
I like Matrix and use it along with Signal, but it leaks significant metadata compared to Signal https://gitlab.com/libremonde-org/papers/research/privacy-matrix.org/-/blob/master/part1/README.md
It’s not a real solution, an alternative, yes, but only has federation/self hosting above Signal. Signal leaks significantly less data.