"Centralised messenger Signal has just announced that they are making part of their server software closed source. They claim it is to fight spam, but by using closed source they make it impossible for outsiders to verify the truth. This is worrying.
We really, really need a fully open, decentralised alternative to Signal.
There are several alternatives being developed, please support them:
➡️ @matrix
➡️ @delta
➡️ @briar
➡️ @Jami "
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 9 users / day
- 68 users / week
- 108 users / month
- 279 users / 6 months
- 14 subscribers
- 2.01K Posts
- 9.11K Comments
- Modlog
For Briar on Linux, there’s Anbox, but at the moment you have to use separate accounts.
I just realised something: if every message is e2ee by default as they claim, how the hell do they plan on spam filtering them from the server side?
Is there a Delta Chat group for Lemmy users?
There is no official one AFAIK, but you’re welcome to make your own!
Please, also take a mention on this: https://gitlab.com/libremonde-org/papers/research/privacy-matrix.org/-/blob/master/part1/README.md
This whole thread is a brilliant demonstration of the FOSS/privacy activist condition. Anyone who successfully scales an actual private service will be attacked and abandoned so that the activists can show off how uncompromising they are and say “contact me on <software you don’t use>” so they can seem aloof and cool on social media.
I was surprised that Matrix made it onto the list in this post. It’s already making inroads on the mainstream and the deranged hit pieces began a while ago (none linked in this thread yet). I give it another few years at most before the whinger crowd are treating it with the same disdain as Discord just because it built the features needed to retain XX million users.
Discord is a centralized dragnet, why’d you compare the two?
If you don’t understand why he’s comparing Discord to Matrix, the comment went over your head. Give it a read again, let me know if it still doesn’t click, I can attempt to explain.
Open source parasites
I’m here to say this is a welcome addition. I’ve received 2 spam messages in the last few months, which is an increase from 0 in the last few years I’ve used Signal. I’m glad they’re getting ahead of this cat and mouse game and hope people don’t get all paranoid. The client is still open source. Your payloads are all still E2EE.
I can kind of agree here. It’s an odd situation. But until, they are trustworthy, I support them.
There are ways to figh spam without going closed source, although the lient is open source and E2EE its still necessary to have everything open
Can you explain what the other ways are? Because I’ve seen everyone talking bad about this, but nobody offering real alternatives.
When I received spam I always clicked to block and report button if it’s possible. I don’t think there is need to go into closed source for this.
Fair argument tho.
Delta chat and Briar are P2P, so probably okayish, but unfortunately, they are also funded by US regime change bodies to support coup organizers in Latin America etc.
Hence, I suggest supporting Matrix.org, and modern e2e-first XMPP projects like snikket.org instead.
I like Matrix and use it along with Signal, but it leaks significant metadata compared to Signal https://gitlab.com/libremonde-org/papers/research/privacy-matrix.org/-/blob/master/part1/README.md
It’s not a real solution, an alternative, yes, but only has federation/self hosting above Signal. Signal leaks significantly less data.
removed, matrix is shit, it costs so much to host, just say xmpp projects from now on
Sources ?
https://www.opentech.fund/results/supported-projects/delta-chat/
https://delta.chat/en/help#how-are-delta-chat-developments-funded
https://www.opentech.fund/results/supported-projects/briar/
https://briarproject.org/about-us/
https://www.usagm.gov/networks/otf/
https://en.m.wikipedia.org/wiki/Open_Technology_Fund
Tin foil hat on their heads.
https://fsf.org.in/article/better-than-whatsapp/
TLDR: The infographic from this article.
Probably needs to be updated now.
I disagree. Signal is still free-software, albeit for the spam-fighting parts that are not mandatory, and rarely needed for small deployments anyway.
signal is just glorified telegram at this point
There are criticisms of Signal, but this ain’t it, chief.
deleted by creator
lmao telegram can’t even do encrypted group chats and doesn’t have e2ee by default…
With E2EE
Signal didnt update the source code for the server a whole year, so I would already consider it closed source. Now they are just making it official (but probably still talking about how open they are).
I’m sorry, but you are not correct. They’re updating it.
Yes they started updating it again. But for a whole year they didnt. So what i’m saying is that their development is not open at all, and for me thats one of the most important parts of open source.
Being developed in secret or rejecting community PR’s does not make a project closed source. They may be your requirements for an open source project, but it doesn’t mean the code is closed source.
You’re conflating two separate ideas and spreading misinformation to dissuade people away from a project you personally don’t like. I find that behavior dishonest and think we can do better than that.
A strawperson, really?
I don’t have a stake in this, but here’s my two cents:
It’s highly unlikely they have not updated their backend code for the whole year that their public repo was silent. By the definition of open source, if they made changes to their production codebase and did not disclose them, it means that said codebase was proprietary for that time.
This is especially true for Signal’s server, since it’s licensed under AGPL-3.0. For ANYONE else using the server code, modifying their production server and not disclosing it for a year is a direct violation of the license’s requirements and in the worst case could get them sued or the right to use the codebase revoked. The only reason that Signal themselves can get away with it is because they own the code so they’re not bound by the license terms, but that means they were explicitly acting outside the bounds of their very own open source project.
Ya’ll really don’t give people a break do you? Make one mistake and you have to live with it forever these days. It’s not like they didn’t release the code or threatened to keep it secret.
Agreed here.
It was not a mistake, afaik. It was intentional. The purpose, I think, was to secretly implement cryptocurrency stuff and release the source code at the same time of the official announcement. That already makes their supposed transparency questionable, but it doesn’t seem like they have changed their mission on keeping Signal free-software to the greatest extent possible. I wouldn’t go as far as to outright call them closed source / proprietary, though.
At least not yet. This whole “spam fighting” excuse not to release parts of the source code is actually pretty common. Others keep the whole source code secret because of it, whereas Signal is at least only keeping the spam-fighting code secret.
That’s my though too. It seems people are jumping to conclusions, but what is the real world alternative other than making public the methods being used so that spammers can just look at the code and operate within documented limits? People are against it, but offering zero alternatives, and instead jumping to “Signal bad, boo!”
Purely conspiracy theory here, but this comes just after the reveal that the FBI tried to get user info. Maybe the FBI weren’t happy with the lack of records Signal were keeping and this is a compromise. We have seen this sort of thing before. Gov wants info, an extra closed layer is created. If it’s not this, the timing is unfortunate.
Anyway, the blog post is very vague. In all those paragraphs they don’t even mention how this new implementation works. Just that the way it works now isn’t enough. Maybe the interfaces they mention becoming public will help understand it better, but of course the code is closed and unreleased so we’ll never really know.
Holy crap I didn’t even think about this! It’s totally possible and has happened before as you said!
Who could have seen this coming? Absolutely no one ;)
/s(arcasm)
/b(ackToReddit)
It wouldn’t be so bad if I wasn’t required to hand them a phone number and my metadata.
Therefore I’m choosing anonymous platforms.
AFAIK there is no actual metadata which can be accessed other than account creation and last account connection timestamps. other than that I totally agree that removing the requirement for a phone number is long overdue and is essential for a private and secure messenger.
It’s essential for an anonymous messenger, not a secure or private one. You’re trying to solve a different problem.
This exactly
deleted by creator
Mandatory post of my Why not Signal? I wrote a few months ago.
deleted by creator
Let me guess… NoGoolag or SpiteChat?
I’d say the article is a combination between conspiracy bullshit and reasonable skepticism. It’s also defending CCP’s crimes against humanity on the basis that the CCP “prefers autonomy.” I wish freedom and human rights to all Chinese people.
Don’t fall for the smear campaign. Remember when Big Tech launched a smear campaign against Richard Stallman when he came back to the FSF? This is pretty much the same, but done by Big Media.
Also, who wishes “freedom” and “human rights” to people? That usually means death and slavery (see Libya). Do not wish that to people.
Big tech smear campaign? The guy defended his colleague for saying that “Epstein’s girls were well-paid for what they did” in a public MIT mailing list that included all his students. Imagine what that toe jam eating bastard says in private. 😂😂😂😂😂😂😂😂
The campaign against RMS and the FSF was stupid and those who wrote the letter (and many of those who signed it) are full of shit themselves.
The “smear campaign” against CCP is something totally different. We’re talking about a whole government that exercises opression, tortures Uyghurs and forces propaganda on everyone. There’s plenty of evidence about most of their actions, most of which are even official and publicly recognized by the government itself.
Now, the whole “freedom is slavery” sounds exactly like 1984’s Ingsoc slogans. It’s not worth discussing this with you, you need help.
It is absolutely not something “totally different”. They are both enemies of big corporations and want to free the people from the control of the corporations. The smear campaigns have many things in common, like taking events that happened a long time ago, assuming malicious intent, framing something in a deceptive way, accusing without evidence…
Ha, ha, “we want to free people from corporations,” says the government of a pseudo-socialist country where people are subject to government-enforced 24/7 surveillance by huuuuge national corporations that control everyone. People are economically ranked according to their level of brainwashing, those who dare to criticize the government’s actions are sevely punished.
deleted by creator
Bold move criticising the CCP on Lemmy. Closed source software = evil, forced labour camps = autonomy
So this pretty strongly indicates that you have never actually read any pro-China arguments and probably only hate them because you’ve been told to. No rational person who supports China thinks that the “Xinjiang genocide” is happening (and there is plenty of hard evidence debunking Western claims that it exists, they’re all over Lemmy so have a look see), and we certainly don’t support any sort of genocide.
I can imagine the “evidence”: the Xinjiang genocide is not real because our absolutely transparent, benevolent and honest
dictatorshipgovernment says so.Why would it be? Is it because all of them are so brainwashed by Chinese propaganda? No, I don’t think so. Hail CCP!
Again, this just shows that you have never actually seen any arguments against the Western narrative. Most of the commonly presented evidence is not from the Chinese government. It’s a mix of independent sources and finding that there are more holes in the Western narrative than Swiss cheese.
This is the supporting evidence I speak of. You’ll find that almost none of it is Chinese in origin:
https://github.com/dessalines/essays/blob/da19302634394d2cb77bc86f19997b2173d5531f/socialism_faq.md#on-mao-maoism-and-marxism-leninism-maoism-and-the-prc
https://lemmy.ml/post/47231
https://lemmy.ml/post/70239 – Poking holes in a Pulitzer prize winning article about China’s supposed concentration camp
https://lemmy.ml/post/79162
https://lemmy.ml/post/74653 – This one’s from the Italian government.
You say that while not reading beyond what your absolutely transparent, benevolent and honest Western government and mainstream media tells you. The vast majority of English speaking China supporters are that way because they have researched both sides.
I’ll put on their tinfoil hat for a moment… Lemmy development and developers might as well be funded by the CCP to spread propaganda in a weird and intentionally confusing doublespeak campaign!!! They want to spread the message that human rights are something of the past, autonomy is best! Hail CCP!
Recommend bringing in some actual verifiable proof. You know, that concept you Western human rights grifters seem oblivious to.
Yes I am an Indian. Yes you have met me on Barinsta Telegram group.
deleted by creator
Where’s your verifiable proof then?
Yeah, that’s not how it works. You made a claim [that Lemmy’s developers (I assume you also mean admins like me) are funded by the CCP]. Now it is your responsibility to provide evidence before anyone need take it seriously. You don’t get to make a claim and have everyone believe it’s true until someone disproves you.
Thanks for sharing, it was a good read.
They’re probably going to go the way of Reddit. Slowly making their code proprietary until all of it is, taking all community contributions with it.
Legit question, what is the alternative solution? Build it out in the open for spammers to bypass? The interface to the code will be public, but the implementation will be hidden. Why do you disagree with this? The client is still E2EE and they still collect no metadata.
If your spam filter, security system or things in that vein needs to be kept secret to prevent people from bypassing it, it’s probably pretty badly designed.
So what’s the alternative? I’d love to know what the alternative is.
I don’t know, A spam section in the app that sends all messages from numbers outside of your contacts seems good enough for me. Combine it with no notification, flooding prevention, and auto deletion after a period, you’ll never even notice it.
it might take up space and data usage but it’s better than being closed source.