"Centralised messenger Signal has just announced that they are making part of their server software closed source. They claim it is to fight spam, but by using closed source they make it impossible for outsiders to verify the truth. This is worrying.

We really, really need a fully open, decentralised alternative to Signal.

There are several alternatives being developed, please support them:

➡️ @matrix

➡️ @delta

➡️ @briar

➡️ @Jami "

        • m532@lemmy.ml
          link
          fedilink
          arrow-up
          7
          arrow-down
          3
          ·
          3 years ago

          Don’t fall for the smear campaign. Remember when Big Tech launched a smear campaign against Richard Stallman when he came back to the FSF? This is pretty much the same, but done by Big Media.

          Also, who wishes “freedom” and “human rights” to people? That usually means death and slavery (see Libya). Do not wish that to people.

          • EnchantedWhetstones@lemmygrad.ml
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            2 years ago

            Big tech smear campaign? The guy defended his colleague for saying that “Epstein’s girls were well-paid for what they did” in a public MIT mailing list that included all his students. Imagine what that toe jam eating bastard says in private. 😂😂😂😂😂😂😂😂

            • m532@lemmy.ml
              link
              fedilink
              arrow-up
              5
              arrow-down
              2
              ·
              3 years ago

              It is absolutely not something “totally different”. They are both enemies of big corporations and want to free the people from the control of the corporations. The smear campaigns have many things in common, like taking events that happened a long time ago, assuming malicious intent, framing something in a deceptive way, accusing without evidence…

        • bluerabbit@lemmy.ml
          link
          fedilink
          arrow-up
          4
          arrow-down
          6
          ·
          3 years ago

          Bold move criticising the CCP on Lemmy. Closed source software = evil, forced labour camps = autonomy

          • AgreeableLandscape@lemmy.ml
            link
            fedilink
            arrow-up
            6
            arrow-down
            1
            ·
            edit-2
            3 years ago

            [Lemmy claims that] forced labour camps = autonomy

            So this pretty strongly indicates that you have never actually read any pro-China arguments and probably only hate them because you’ve been told to. No rational person who supports China thinks that the “Xinjiang genocide” is happening (and there is plenty of hard evidence debunking Western claims that it exists, they’re all over Lemmy so have a look see), and we certainly don’t support any sort of genocide.

            • TheAnonymouseJoker@lemmy.ml
              link
              fedilink
              arrow-up
              6
              ·
              3 years ago

              Recommend bringing in some actual verifiable proof. You know, that concept you Western human rights grifters seem oblivious to.

              Yes I am an Indian. Yes you have met me on Barinsta Telegram group.

                • AgreeableLandscape@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  7
                  arrow-down
                  1
                  ·
                  edit-2
                  3 years ago

                  Yeah, that’s not how it works. You made a claim [that Lemmy’s developers (I assume you also mean admins like me) are funded by the CCP]. Now it is your responsibility to provide evidence before anyone need take it seriously. You don’t get to make a claim and have everyone believe it’s true until someone disproves you.

  • nutomic@lemmy.ml
    link
    fedilink
    arrow-up
    27
    arrow-down
    4
    ·
    3 years ago

    Signal didnt update the source code for the server a whole year, so I would already consider it closed source. Now they are just making it official (but probably still talking about how open they are).

      • nutomic@lemmy.ml
        link
        fedilink
        arrow-up
        17
        arrow-down
        1
        ·
        3 years ago

        Yes they started updating it again. But for a whole year they didnt. So what i’m saying is that their development is not open at all, and for me thats one of the most important parts of open source.

        • ᗪᗩᗰᑎ@lemmy.ml
          link
          fedilink
          arrow-up
          2
          arrow-down
          7
          ·
          3 years ago

          Being developed in secret or rejecting community PR’s does not make a project closed source. They may be your requirements for an open source project, but it doesn’t mean the code is closed source.

          You’re conflating two separate ideas and spreading misinformation to dissuade people away from a project you personally don’t like. I find that behavior dishonest and think we can do better than that.

          • AgreeableLandscape@lemmy.ml
            link
            fedilink
            arrow-up
            9
            arrow-down
            1
            ·
            edit-2
            3 years ago

            Being developed in secret […] does not make a project closed source.

            I don’t have a stake in this, but here’s my two cents:

            It’s highly unlikely they have not updated their backend code for the whole year that their public repo was silent. By the definition of open source, if they made changes to their production codebase and did not disclose them, it means that said codebase was proprietary for that time.

            This is especially true for Signal’s server, since it’s licensed under AGPL-3.0. For ANYONE else using the server code, modifying their production server and not disclosing it for a year is a direct violation of the license’s requirements and in the worst case could get them sued or the right to use the codebase revoked. The only reason that Signal themselves can get away with it is because they own the code so they’re not bound by the license terms, but that means they were explicitly acting outside the bounds of their very own open source project.

    • ᗪᗩᗰᑎ@lemmy.ml
      link
      fedilink
      arrow-up
      6
      arrow-down
      15
      ·
      3 years ago

      Ya’ll really don’t give people a break do you? Make one mistake and you have to live with it forever these days. It’s not like they didn’t release the code or threatened to keep it secret.

        • ᗪᗩᗰᑎ@lemmy.ml
          link
          fedilink
          arrow-up
          3
          arrow-down
          5
          ·
          3 years ago

          That’s my though too. It seems people are jumping to conclusions, but what is the real world alternative other than making public the methods being used so that spammers can just look at the code and operate within documented limits? People are against it, but offering zero alternatives, and instead jumping to “Signal bad, boo!”

  • newhoa@lemmy.ml
    link
    fedilink
    arrow-up
    21
    arrow-down
    2
    ·
    edit-2
    3 years ago

    Purely conspiracy theory here, but this comes just after the reveal that the FBI tried to get user info. Maybe the FBI weren’t happy with the lack of records Signal were keeping and this is a compromise. We have seen this sort of thing before. Gov wants info, an extra closed layer is created. If it’s not this, the timing is unfortunate.

    Anyway, the blog post is very vague. In all those paragraphs they don’t even mention how this new implementation works. Just that the way it works now isn’t enough. Maybe the interfaces they mention becoming public will help understand it better, but of course the code is closed and unreleased so we’ll never really know.

    • AgreeableLandscape@lemmy.ml
      link
      fedilink
      arrow-up
      7
      arrow-down
      3
      ·
      edit-2
      3 years ago

      Holy crap I didn’t even think about this! It’s totally possible and has happened before as you said!

  • sexy_peach@feddit.de
    link
    fedilink
    arrow-up
    18
    ·
    3 years ago

    you forgot XMPP as an alternative. For example the snikket project is developing a XMPP ecosystem with clients for every platform.

  • AgreeableLandscape@lemmy.ml
    link
    fedilink
    arrow-up
    17
    arrow-down
    4
    ·
    3 years ago

    They’re probably going to go the way of Reddit. Slowly making their code proprietary until all of it is, taking all community contributions with it.

    • ᗪᗩᗰᑎ@lemmy.ml
      link
      fedilink
      arrow-up
      2
      arrow-down
      4
      ·
      3 years ago

      Legit question, what is the alternative solution? Build it out in the open for spammers to bypass? The interface to the code will be public, but the implementation will be hidden. Why do you disagree with this? The client is still E2EE and they still collect no metadata.

      • AgreeableLandscape@lemmy.ml
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        3 years ago

        If your spam filter, security system or things in that vein needs to be kept secret to prevent people from bypassing it, it’s probably pretty badly designed.

          • loki@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            3 years ago

            I don’t know, A spam section in the app that sends all messages from numbers outside of your contacts seems good enough for me. Combine it with no notification, flooding prevention, and auto deletion after a period, you’ll never even notice it.

            it might take up space and data usage but it’s better than being closed source.

  • GadgeteerZA@lemmy.ml
    link
    fedilink
    arrow-up
    11
    ·
    3 years ago

    XMPP, and Matrix are going well. Session I think is an alternative to Signal, but the problem you’ll find is how many contacts do you actually have on Session… Matrix is probably the best option as it also can bridge to so many other services.

  • AgreeableLandscape@lemmy.ml
    link
    fedilink
    arrow-up
    9
    ·
    3 years ago

    I just realised something: if every message is e2ee by default as they claim, how the hell do they plan on spam filtering them from the server side?

    • loki@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      3 years ago

      me neither but it’s really not that hard to automate looping through numbers with hopes of hitting a few with signal.

  • Esmail EL BoB@lemmy.ml
    link
    fedilink
    arrow-up
    7
    ·
    3 years ago

    i use xmpp for myself. it’s absolute god

    We got problems around matrix (metadata) and signal (as you seen in the post) but i do not hear much about xmpp is bad :P

    • Lynda@lemmy.ml
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      3 years ago

      My concern about XMPP is how much the server knows about you/contacts. Or you have to install E2EE plugins. Or you have to set it up for Tor. It’s annoying. HOWEVER, it does have the advantage of security separation, instead of having it all wrapped up into a single point of failure.

      • Esmail EL BoB@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        3 years ago

        look i feel you and indeed XMPP admins can know a lot and even reset your password if they want and but the thing is some xmpp servers are big and i’m sure they will not ruin their reputation that easily.

        • sexy_peach@feddit.de
          link
          fedilink
          arrow-up
          2
          ·
          3 years ago

          Also the huge plus with XMPP is that setting up a raspberry pi at home is pretty easy so there shouldn’t be a need for big servers. In the future the one IT person in every Family/Friendgroup could set up snikket and have friends and family use it.

          I doubt we will find a chat solution that’s more secure than that.

  • Lynda@lemmy.ml
    link
    fedilink
    arrow-up
    8
    arrow-down
    3
    ·
    3 years ago

    It wouldn’t be so bad if I wasn’t required to hand them a phone number and my metadata.

    Therefore I’m choosing anonymous platforms.

    • hamborgr@lemmy.ml
      link
      fedilink
      arrow-up
      6
      ·
      3 years ago

      AFAIK there is no actual metadata which can be accessed other than account creation and last account connection timestamps. other than that I totally agree that removing the requirement for a phone number is long overdue and is essential for a private and secure messenger.

  • DamnGoodTech@lemmy.ml
    link
    fedilink
    arrow-up
    11
    arrow-down
    7
    ·
    3 years ago

    It can be very tempting to immediately jump on the “ban signal” bandwagon, but I think it would be wise to take a step back and understand where they’re coming from.

    In reading the blog post their focus is on user privacy as their top priority. I don’t believe signal would make this decision without privacy in mind. What’s the alternative?

    If spammers run rampant, Signal has a bigger privacy nightmare on their hands. Maybe by a miracle you got Grandpa to join you on signal. But a spammer then reached out to him with “hot young singles in your area” and Grandpa just had to click. Now suddenly Grandpa’s retirement savings are gone.

    So I’m not saying it’s not worrisome. I’m saying let’s remain open-minded. After all, it’s nearly impossible to have 100% open source software in any stack. You’re either using an AMD or Intel CPU. They’re both closed source, but they allow you to interact with a privacy community.

  • Halce@lemmy.ml
    link
    fedilink
    arrow-up
    6
    arrow-down
    3
    ·
    edit-2
    3 years ago

    Delta chat and Briar are P2P, so probably okayish, but unfortunately, they are also funded by US regime change bodies to support coup organizers in Latin America etc.

    Hence, I suggest supporting Matrix.org, and modern e2e-first XMPP projects like snikket.org instead.