On Wed, Apr 7, 2021, 9:18 AM Benedikt Wildenhain wrote: The server no longer being open source is the least of Signal's problems in terms of getting blood on its hands. Privacy isn’t an optional mode - it’s just the way that Signal works. In which I commented on a claim that "using Signal is perfectly safe!" A claim that has caused more than one activist in Hong Kong or mainland China to get disappeared, very likely.Įven better than a side note would be a MASSIVE warning about this on the SignalApp front page instead of the marketing-blurbesque: It's all in the unedited original comment. This is due to the fact that the client uses end-to-end encryption with minimal metadata leakage. That was my point.Īpparently I forgot to quote the sentence that specifically mentions clients. An explanation on why it took so long to release the source would be nice tho.īut that's an attack that happens on the client, not on the server (what we're discussing here), and is not Signal-specific (malicious IMEs could affect all apps). This discussion isn't necessarily about the security/privacy Signal gives, but rather Signal to advertise their server as open-source while it's not.ĮDIT : Server source has been updated! 365ad3a. I think the Signal team should at least tell why the server repo is not being updated at the moment.ĮDIT : To be clear: using Signal is safe! Even if a malicious server was used, your messages are safe. The Signal Server repository hasn’t been updated since April 2020.I noticed that there are two apis not in the server code.Where is new Signal Server code? Why not share Signal?.To the Signal Team: Signal Server Github Repository.The latest version of Signal's server is proprietary and cannot be audited by anyone.There is a lot of discussion going on this topic in both the community forum and Reddit for months now.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |