"Centralised messenger Signal has just announced that they are making part of their server software closed source. They claim it is to fight spam, but by using closed source they make it impossible for outsiders to verify the truth. This is worrying.

We really, really need a fully open, decentralised alternative to Signal.

There are several alternatives being developed, please support them:

➡️ @matrix

➡️ @delta

➡️ @briar

➡️ @Jami "

    • Baobab
      link
      fedilink
      9
      edit-2
      2 years ago

      Thanks for sharing, it was a good read.

  • @nutomic@lemmy.ml
    link
    fedilink
    232 years ago

    Signal didnt update the source code for the server a whole year, so I would already consider it closed source. Now they are just making it official (but probably still talking about how open they are).

      • @nutomic@lemmy.ml
        link
        fedilink
        162 years ago

        Yes they started updating it again. But for a whole year they didnt. So what i’m saying is that their development is not open at all, and for me thats one of the most important parts of open source.

        • ᗪᗩᗰᑎ
          link
          fedilink
          -52 years ago

          Being developed in secret or rejecting community PR’s does not make a project closed source. They may be your requirements for an open source project, but it doesn’t mean the code is closed source.

          You’re conflating two separate ideas and spreading misinformation to dissuade people away from a project you personally don’t like. I find that behavior dishonest and think we can do better than that.

          • @AgreeableLandscape@lemmy.ml
            link
            fedilink
            8
            edit-2
            2 years ago

            Being developed in secret […] does not make a project closed source.

            I don’t have a stake in this, but here’s my two cents:

            It’s highly unlikely they have not updated their backend code for the whole year that their public repo was silent. By the definition of open source, if they made changes to their production codebase and did not disclose them, it means that said codebase was proprietary for that time.

            This is especially true for Signal’s server, since it’s licensed under AGPL-3.0. For ANYONE else using the server code, modifying their production server and not disclosing it for a year is a direct violation of the license’s requirements and in the worst case could get them sued or the right to use the codebase revoked. The only reason that Signal themselves can get away with it is because they own the code so they’re not bound by the license terms, but that means they were explicitly acting outside the bounds of their very own open source project.

    • ᗪᗩᗰᑎ
      link
      fedilink
      -92 years ago

      Ya’ll really don’t give people a break do you? Make one mistake and you have to live with it forever these days. It’s not like they didn’t release the code or threatened to keep it secret.

  • @newhoa@lemmy.ml
    link
    fedilink
    19
    edit-2
    2 years ago

    Purely conspiracy theory here, but this comes just after the reveal that the FBI tried to get user info. Maybe the FBI weren’t happy with the lack of records Signal were keeping and this is a compromise. We have seen this sort of thing before. Gov wants info, an extra closed layer is created. If it’s not this, the timing is unfortunate.

    Anyway, the blog post is very vague. In all those paragraphs they don’t even mention how this new implementation works. Just that the way it works now isn’t enough. Maybe the interfaces they mention becoming public will help understand it better, but of course the code is closed and unreleased so we’ll never really know.

  • @sexy_peach@feddit.de
    link
    fedilink
    182 years ago

    you forgot XMPP as an alternative. For example the snikket project is developing a XMPP ecosystem with clients for every platform.

  • @AgreeableLandscape@lemmy.ml
    link
    fedilink
    132 years ago

    They’re probably going to go the way of Reddit. Slowly making their code proprietary until all of it is, taking all community contributions with it.

    • ᗪᗩᗰᑎ
      link
      fedilink
      -22 years ago

      Legit question, what is the alternative solution? Build it out in the open for spammers to bypass? The interface to the code will be public, but the implementation will be hidden. Why do you disagree with this? The client is still E2EE and they still collect no metadata.

      • @AgreeableLandscape@lemmy.ml
        link
        fedilink
        4
        edit-2
        2 years ago

        If your spam filter, security system or things in that vein needs to be kept secret to prevent people from bypassing it, it’s probably pretty badly designed.

        • ᗪᗩᗰᑎ
          link
          fedilink
          -12 years ago

          So what’s the alternative? I’d love to know what the alternative is.

          • @loki@lemmy.ml
            link
            fedilink
            22 years ago

            I don’t know, A spam section in the app that sends all messages from numbers outside of your contacts seems good enough for me. Combine it with no notification, flooding prevention, and auto deletion after a period, you’ll never even notice it.

            it might take up space and data usage but it’s better than being closed source.

  • GadgeteerZA
    link
    fedilink
    112 years ago

    XMPP, and Matrix are going well. Session I think is an alternative to Signal, but the problem you’ll find is how many contacts do you actually have on Session… Matrix is probably the best option as it also can bridge to so many other services.

  • Bilb!
    link
    fedilink
    92 years ago

    Weird, I have never once gotten any unsolicited messages on Signal.

    • @loki@lemmy.ml
      link
      fedilink
      12 years ago

      me neither but it’s really not that hard to automate looping through numbers with hopes of hitting a few with signal.

  • @AgreeableLandscape@lemmy.ml
    link
    fedilink
    92 years ago

    I just realised something: if every message is e2ee by default as they claim, how the hell do they plan on spam filtering them from the server side?

  • Esmail EL BoB
    link
    fedilink
    72 years ago

    i use xmpp for myself. it’s absolute god

    We got problems around matrix (metadata) and signal (as you seen in the post) but i do not hear much about xmpp is bad :P

    • @Lynda@lemmy.ml
      link
      fedilink
      52 years ago

      My concern about XMPP is how much the server knows about you/contacts. Or you have to install E2EE plugins. Or you have to set it up for Tor. It’s annoying. HOWEVER, it does have the advantage of security separation, instead of having it all wrapped up into a single point of failure.

      • Esmail EL BoB
        link
        fedilink
        32 years ago

        look i feel you and indeed XMPP admins can know a lot and even reset your password if they want and but the thing is some xmpp servers are big and i’m sure they will not ruin their reputation that easily.

        • @sexy_peach@feddit.de
          link
          fedilink
          22 years ago

          Also the huge plus with XMPP is that setting up a raspberry pi at home is pretty easy so there shouldn’t be a need for big servers. In the future the one IT person in every Family/Friendgroup could set up snikket and have friends and family use it.

          I doubt we will find a chat solution that’s more secure than that.

  • @Lynda@lemmy.ml
    link
    fedilink
    52 years ago

    It wouldn’t be so bad if I wasn’t required to hand them a phone number and my metadata.

    Therefore I’m choosing anonymous platforms.

    • @hamborgr@lemmy.ml
      link
      fedilink
      62 years ago

      AFAIK there is no actual metadata which can be accessed other than account creation and last account connection timestamps. other than that I totally agree that removing the requirement for a phone number is long overdue and is essential for a private and secure messenger.

      • ᗪᗩᗰᑎ
        link
        fedilink
        02 years ago

        It’s essential for an anonymous messenger, not a secure or private one. You’re trying to solve a different problem.

  • @DamnGoodTech@lemmy.ml
    link
    fedilink
    42 years ago

    It can be very tempting to immediately jump on the “ban signal” bandwagon, but I think it would be wise to take a step back and understand where they’re coming from.

    In reading the blog post their focus is on user privacy as their top priority. I don’t believe signal would make this decision without privacy in mind. What’s the alternative?

    If spammers run rampant, Signal has a bigger privacy nightmare on their hands. Maybe by a miracle you got Grandpa to join you on signal. But a spammer then reached out to him with “hot young singles in your area” and Grandpa just had to click. Now suddenly Grandpa’s retirement savings are gone.

    So I’m not saying it’s not worrisome. I’m saying let’s remain open-minded. After all, it’s nearly impossible to have 100% open source software in any stack. You’re either using an AMD or Intel CPU. They’re both closed source, but they allow you to interact with a privacy community.

    • मुक्त
      link
      fedilink
      82 years ago

      Can one get a 10 line summary, or simply a list of these forks instead of a 10+ minute video?

  • Halce
    link
    fedilink
    3
    edit-2
    2 years ago

    Delta chat and Briar are P2P, so probably okayish, but unfortunately, they are also funded by US regime change bodies to support coup organizers in Latin America etc.

    Hence, I suggest supporting Matrix.org, and modern e2e-first XMPP projects like snikket.org instead.