Privacy

33499 readers

288 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

154

Signal Server is effectively closed source software right now (lemmy.ml)

submitted 3 years ago by [email protected] to c/[email protected]

133 comments fedilink hide all child comments

The Signal Server repository hasn't been updated since April 2020. There are a bunch of links about this here but I found this thread the most interesting.

To me, this is unforgivable behaviour. Signal always positioned themselves as "open source", and the Server itself is under the best license for server software (AGPLv3 -- which raises questions about the legality of this situation).

Signal's whole approach to open source has constantly been underwhelming to say the least. Their budget-Apple attitude (secrecy, i.e. "we can never engage the community directly", "we will never merge/accept PRs", etc) has lead to its logical conclusion here, I guess. I have been somewhat of a "Signal apologist" thus far (I almost always defend them & I think a lot of criticism they get it very unfair) but yeah I'm over Signal now.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 3 years ago* (last edited 3 years ago) (15 children)

Well there was Wire, which offered e2e encryption, an open protocol and opensource clients and backend, it has been audited, and it was based in Swiss which is times better than the US. I tried to move a lot of people there, but luckily I failed, considering it has been bought by an advertisement company recently

[–] [email protected] 3 points 3 years ago (13 children)

Wire was pretty good, true. I used it a bit, but chose Signal because Wire (similarly to Matrix, for now) doesn’t encrypt any/most metadata, whereas Signal encrypts everything and always has.

And like you said, it’s since been sold to an advertising company. Not sure if that’d even be possible with Signal since it’s owned by a non-profit (admittedly not always the case, I guess it could have been possible when they were still OWS).

In both cases, their centralised nature means changing ownership can be devastating (like in the case of Wire). This is why I believe Matrix is the future. Its community is much healthier and active in the development of the ecosystem (3rd party clients, bridges, they actually accept PRs, etc...)

[–] [email protected] 8 points 3 years ago (11 children)

Signal encrypts everything and always has.

This is not exactly true. Encrypting metadata is most times impossible due to the server needing to know who to deliver messages to (at the very least). "Sealed sender" is now a thing (though i don't know how strong a protection that is), but to my knowledge Signal continues to aggressively expose users' phone numbers both to the server (in a hashed formed, for contact discovery) and to other users in public chatrooms. Please correct me if wrong.

it’s owned by a non-profit

A non-profit doesn't mean you need to do good. Also, it can turn into a for-profit over the years. It's in fact a conscious strategy of startups in the field of "sharing economy" (remember couchsurfing?)

This is why I believe Matrix is the future.

Matrix is one among others, but i'm not convinced a single solution is going to be the best:

Matrix really has a startup vibe and introduces a lot of complexity (reinventing quite a few wheels along the way), to the point the current situation is there's only one bad client/server implementation (really resource-hungry)
Jabber/XMPP has a much slower but dedicated non-profit ecosystem (let's not even talk about the commercial branches) and lots of client/server options for all hardware/systems, but the clients don't have good UX/polishing
ActivityPub has a vibrant ecosystem but most clients are web-oriented (such a shame) and tailored to a specific use-case (peertube/mastodon/pixelfed)

They all have strong arguments going for/against them. I believe interoperability is the only way to go. These network are doing mostly the same thing, and there's no reason we can't talk across networks.

Which brings me to the fact matrix folks really don't seem to care about interoperability though i hope i'm wrong about this.

[–] [email protected] 3 points 3 years ago (1 children)

FluffyChat is a decent alternative client (with E2EE support). If you don't need e2ee there's actually a healthy number of clients, and some of them do seem to have it on their roadmap

https://matrix.org/clients/

Point taken on server implementations though

[–] [email protected] 2 points 3 years ago

FluffyChat is not an option because it doesn't support proxies including Tor. If you're using fluffychat please open an issue there for integrated tor support like Conversations/Gajim does in the Jabber/XMPP world :)

load more comments (9 replies)

load more comments (10 replies)

load more comments (11 replies)