We build Signal in the open, with publicly available source code for our applications and servers. To keep Signal a free global communication service without spam, we must depart from our totally-open posture and develop one piece of the server in private: a system for detecting and disrupting spam campaigns. Unlike encryption protocols, which are designed to be provably secure even if everyone knows how they work, spam detection is an ongoing chore for which there is no concrete resolution and for which transparency is a major disadvantage.

GadgeteerZA
link
9•8d

It was already debated to death about 3 weeks ago at https://lemmy.ml/post/87578/comment/89158

Tmpod
mod
admin
link
9•8d

Misleading title and 20th repost of this article…

@gmate8@lemmy.ml
link
4•8d

*part of servers

@Yujiri@lemmy.ml
link
6•8d

Honestly I think this is not concerning and this post title is misleading. It’s open source software that calls a closed source library. jimio’s argument makes sense.

Tmpod
mod
admin
link
5•8d

I agree. The vast majority of the server is still open, which, even though it isn’t ideal, is still good compared to the mainstream services. It’s also worth noting (as other people have), that Signal is centralized, so you’re already putting all your trust onto Signal, even if the server and client code is 100% open.

@lemmy_check_that@lemmy.ml
link
2•8d

Well you are only trusting that they will deliver your messages right, all their clients are completely open-source and everything is end-to-end encrypted on the client. Even if they wanted, they could not read your messages, and this would also be true even if their servers were 100% closed-source.

Tmpod
mod
admin
link
2•8d

Good point too.

@gmate8@lemmy.ml
link
1•8d

exactly. and understandable.

Vocaloid01
link
1•7d

Just use Threema

@Echedenyan@lemmy.ml
link
2•7d

Threema server side is non-Free and is also centralized.

Better Matrix or Delta Chat.

PandaCoderPL
link
-1•6d

Threema is centralized as well and it’s also paid so I would say it’s even worse than Signal to be honest.

CHEF-KOCH
link
0•
edit-2
4d

Paying 2 bucks in return for server coasts one single time is not paying… it is more a donation to keep the lights on. Server simply are the expensive part.

You defend already Signal above which is centralized too. So why you defend one system and not the other. Makes absolute no sense. Besides that, Threema plans to open source their app on F-Droid with code. If they also one day open source their entire code, you can theoretically self-host it for your own group or organization. So you give up on things way too fast and underestimate things. I bet you said 2 years ago, stop using signal because it is closed source…

PandaCoderPL
link
3•8d

Signal is centralized and you can’t verify what is running on the server so does it really change anything? I think it doesn’t, so people should stop panicking and switch to some decentralized messengers like Session instead.

@Echedenyan@lemmy.ml
link
1•6d

Try Status instead of Session.

Fully FLOSS and their developers are not dicks who prioritize “muh dont want fixed notification” to digital rights.

PandaCoderPL
link
0•6d

Try Status instead of Session.

I tried it in the past and I was welcomed with messages from scammers and no moderation in any groups that I saw. I may give it second chance one day though.

Fully FLOSS and their developers are not dicks who prioritize “muh dont want fixed notification” to digital rights.

Session is quite new project, gains much more users then Status and thus generates more issues. If you would be a developer and you would prioritize fixing notifications that work for most users anyway over working on new open group server implementation to mitigate spam then your project wouldn’t last long. As a user I would rather see no notifications than get lots of spam that would make the platform unusable.

Vocaloid01
link
1•7d

Kek session. No thank you

PandaCoderPL
link
-1•6d

Could you at least tell me any reasons why you wouldn’t use Session? Nobody will take you seriously if you have no arguments to back up your statement.

@M500@lemmy.ml
link
2•8d

THIS! We have no way of knowing what they are actually doing on their servers so I don’t 100% trust them. Maybe like 90% trust. This really doesn’t change anything.

PandaCoderPL
link
-1•6d

I don’t know where did you get that 90% from but IMO people shouldn’t trust them at all and should use decentralized platforms instead.

@ramberry@lemmy.ml
creator
link
2•8d

The current title seems to be unpopular. Do you have any suggestions for a better title?

@Yujiri@lemmy.ml
link
5•8d

“Signal introduces closed source anti-spam code”

CHEF-KOCH
link
0•
edit-2
8d

Signal is dead.

Point is here . <–

PandaCoderPL
link
3•8d

Technically there are still many people using it because Signal is really user-friendly for those switching from WhatsApp.

CHEF-KOCH
link
-2•
edit-2
8d

Your arguments are weak, all of them. Being fully transparent on both server and client sides is the reason why people put their trust into Signal otherwise you can use other apps and networks.

  • Signal got millions of dollars yet they cannot host their own servers and trust Amazon, Google and Azure aka MS. They never said what they did with the money in detail.
  • In case the server source code is there you can run some basic tests to check if what is promised is really true or not, if their close the servers and add changes without releasing the source no can can detect if the servers are compromised or not. It is all about trust and verification. For example you can use new Signal app you compiled yourself with new features in it and quickly reveal if the server supports it already or not. How it works is explained here. If Signal had the docs on the new protocols, it would have been fine, but this was not the case.
  • You can break the key-exchange and use that to break open the E2E-Encryption. In theory, once you open this up you can fake auth + decide what messages are coming through.
  • The only protection against tampering is that messages can’t be read and no additional metadata is stored as far as the client source tells us. Assuming that someone is tampering with the encryption part, nothing would come trough or you would get error messages.
  • Signal acted unprofessional, first there was no updated source code, then they updated under pressure from the community and now they close it again. This is a serious thing.
  • Last time when Signal did not updated the source code in their servers we had conflicts, for example things like reactions etc. did not worked with the version of the server on public github.
  • There are instructions on how to deploy the server code.
  • Most people use Store apps like Google Play Store or Apple Clown Store and they need to trust them, fully because they have no technical knowledge to verify the builds and Google etc do not provide checksums directly on their pages so you also cannot quickly check it against something.
  • They will not federate and they are very hostile with forks. They think centralization and absolute control over the network is key.
  • This is a problem with ethics, for some people this is important. The claim this is done because of spam is weird because most people never saw spam in years.
  • Security by obfuscation isn’t security, Telegram pulls the same argument.

It’s time to abandon ship. Let this MF die once and for all.

PandaCoderPL
link
2•6d

Your arguments are weak, all of them.

You are either replying to wrong comment or you see something that I didn’t write. Anyway, i just stated the fact that Signal is not dead, which is true. I didn’t defend Signal nor tried to do so and you can see it here.

Being fully transparent on both server and client sides is the reason why people put their trust into Signal

It doesn’t really matter in case of centralized platform because you have no way to verify that Signal servers are actually running exactly same code as the one that is public.

otherwise you can use other apps and networks.

This is exactly what I’m doing so I don’t have to put all trust into one central entity.

Signal got millions of dollars yet they cannot host their own servers and trust Amazon, Google and Azure aka MS. They never said what they did with the money in detail.

This is a good point, especially the one about Amazon. It wouldn’t really change anything if Signal would use own servers but using for that is Amazon is even worse.

In case the server source code is there you can run some basic tests to check if what is promised is really true or not

No, you are not able to verify what is running on the server unless you are the one who is controlling it.

if their close the servers and add changes without releasing the source no can can detect if the servers are compromised or not. It is all about trust and verification.

They are closing source only of small part of the server but in case of Signal it doesn’t really matter that much because there is no way of verifying what is actually running on the server.

For example you can use new Signal app you compiled yourself with new features in it and quickly reveal if the server supports it already or not.

Like you said, it would only verify if all new features are already supported. Still, you wouldn’t know if there are any backdoors or not because the client would work in exactly same way in both cases.

How it works is explained here. If Signal had the docs on the new protocols, it would have been fine, but this was not the case.

This is related only to the protocol and has nothing to do with verifying what is running on the server.

You can break the key-exchange and use that to break open the E2E-Encryption. In theory, once you open this up you can fake auth + decide what messages are coming through.

Technically you are right but it’s not specific to Signal.

The only protection against tampering is that messages can’t be read and no additional metadata is stored as far as the client source tells us.

Source of the client doesn’t tell you how the server handles your data though. Signal can store what they are collecting instead of deleting/hashing it. Hashing phone numbers is pointless anyway because those can be pretty quickly brute-forced nowadays.

Assuming that someone is tampering with the encryption part, nothing would come trough or you would get error messages.

Hopefully it would work that way.

Signal acted unprofessional, first there was no updated source code, then they updated under pressure from the community

I partially agree with that. They didn’t publish the code because they were working on new feature, but in my opinion it’s just stupid excuse.

now they close it again. This is a serious thing.

They close it to prevent spam. There are many other ways to mitigate spam though.

Last time when Signal did not updated the source code in their servers we had conflicts, for example things like reactions etc. did not worked with the version of the server on public github.

I understand that but it’s not a big deal to be honest.

There are instructions on how to deploy the server code.

Thank you for the links.

Most people use Store apps like Google Play Store or Apple Clown Store and they need to trust them

Unfortunately you are right on this one and people can’t get Signal from F-Droid either. If someone truly cares about privacy they should get Molly, it’s available in developer’s F-Droid repository as well.

fully because they have no technical knowledge to verify the builds and Google etc do not provide checksums directly on their pages so you also cannot quickly check it against something.

That’s nothing new but thank you for giving people next reason why they shouldn’t trust Google.

They will not federate and they are very hostile with forks.

To be honest I saw only one developer who was really aggressive towards anybody who even thought about forking Signal and creating alternative client.

They think centralization and absolute control over the network is key.

I fully agree with that statement.

This is a problem with ethics, for some people this is important. The claim this is done because of spam is weird because most people never saw spam in years.

Signal has so many users and everything is E2EE so it would be quite difficult to tell what percent of users actually received spam messages.

Security by obfuscation isn’t security, Telegram pulls the same argument.

You are right.

It’s time to abandon ship. Let this MF die once and for all.

Unfortunately for you, Signal will last a bit longer than your GitHub account.

CHEF-KOCH
link
-2•
edit-2
6d

I think my GitHub Account is fine. Your quotes makes the conversation almost impossible to follow, maybe this is what you wanted.

Wrong statements from you

  • Your argumentation that it does not matter because it is centralized is still wrong. Assuming Signal changes something on the server you will get errors which forces someone to update the App. Given the fact that most people use Play Store not even the open source argument, according to you matters at all because you also already need to trust Google Play Store.
  • You can verify server code if you run your own, I provided the link.
  • E2EE is no argument at all because no one here is able to verify nor audit it. No one normally audits every app release nor is someone able to find backdoors even there are some. We had this with OpenSSL which was compromised years before someone even noticed. Audits are normally expensive and no one does them for free because you waste lots of time and need to review the code. In most cases flaws are found my accident or if someone specifically checks certain parts of it.
  • The rest is blah blah from you agree with me, why even bother quoting me there is beyond me.

Signal is dead. Period. No need to use it when there are alternatives. This is what this is about, the rest is now defending a broken system.

PandaCoderPL
link
1•4d

I think my GitHub Account is fine.

I did read part of your post and to be honest I don’t think there is even reason to read the rest. Basically you are saying that no contact informations indicate that someone likes to harass people and less repositories on Git means that someone has no knowledge. Some people just don’t want to be contacted outside that one platform where they are talking to you and number of repisitories doesn’t mean that your statements are taken more seriously.

Your quotes makes the conversation almost impossible to follow, maybe this is what you wanted.

No, as you can see this is my style of replying to any longer statement to avoid confusion about which part I’m replying to. You are pretending to be such an expert in every area yet you are spreading complete misinformation but reading reply from top to bottom shouldn’t be an issue for you.

Your argumentation that it does not matter because it is centralized is still wrong.

Can you prove that code that is running on Signal servers is exactly the same code that is published? No, you can’t. Of course, if Signal would add some modifications that wouldn’t be compatible with current client but published source code of the server wouldn’t get updated then you could actually tell that something is wrong but my point is that they could do modifications that are compatible with the client and at the same time harmful to the users and in that case you wouldn’t be able to tell any difference.

Assuming Signal changes something on the server you will get errors which forces someone to update the App.

I’m pretth sure some modifications doesn’t need users to update the client.

You can verify server code if you run your own, I provided the link.

But in case of Signal you are not running your own server so you are not able to verify what is running there.

The rest is blah blah from you agree with me, why even bother quoting me there is beyond me.

By disrespecting me, you are not making me take you more seriously but from your blog post I see that you are just behaving that way daily until someone agrees with your every word.

Signal is dead. Period.

Project is not dead if there are still users using it.

No need to use it when there are alternatives.

Going by that logic you wouldn’t use anything because there is always some alternative. Why are you on Lemmy when Postmill is alternative? Why would you use Postmill if Lemmy is an alternative? People are using whatever fits their threat model and this is the part that you refuse to understand for some unknown reason.

CHEF-KOCH
link
0•4d

After days, you still do not let it go, quote everything to make a clusterf. out of it as I or others are not capable of understanding what you say. Do you quote the previous sentence in real life and then answer his question, no because it makes things worse.

  • Please always read everything and not only parts what you want to support because you are based.
  • Of course you can verify code on the server if you self-host it, again the instructions are given. If you love signal that much and you have an userbase with 1000+ people, you go through the hassle and self-host it. The degoogle people do that all the time across multiple platforms, session and whatnot. For some platform it is more effort than for others, point granted, but everything is possible.
  • You are here on lemmy, lemmy is FOSS oriented so yes for people here it is dead. Same like Facebook or you argue we shall continue supporting them because there are people. Stop defending dead systems. The Signal Team was not transparent on important things and this alone is a factor to not support or use their stuff. Period.
  • Your argument that modifications can or will happen, is pointless. Signal already did change something in the past on the server code. They even notified users of it with a blog post. This is part of how they work. Again, the normal user will so or so not able to verify it even if they release the source code or even show what exactly they changed with insights and links to their servers because this is beyond most people skills.

Going by that logic you wouldn’t use anything because there is always some alternative. Why are you on Lemmy when Postmill is alternative? Why would you use Postmill if Lemmy is an alternative? People are using whatever fits their threat model and this is the part that you refuse to understand for some unknown reason.

Yes there is always another alternative and there always will be, this is a good thing and not a bad. You ditch stuff the moment it is dead and move on, that is how the internet works. Otherwise, use existing alternative that exist since years, it is called XMPP. I am also btw. on Postmill and some other platforms. I am just not as active over there as I am on e.g. Reddit, Lemmy etc. But you compare now platforms in general to messenger apps who are mostly designed to deliver private stuff while as public forums are not private at all because everyone can read your stuff, so the attempt to make your point failed here. If I hear stuff like threat model, really … cringe man… The normal user gives a shit about wasting his time reviewing some security models.

You contradict yourself a lot btw on one side you say decentralized is what people use yet you argue with me about that signal is okay to use, it is not.

I don’t know where did you get that 90% from but IMO people shouldn’t trust them at all and should use decentralized platforms instead.

I assume you do not use Signal here and defend a product which is from community standpoint dead.

Now let it go and stop quoting every line it makes things worse, third time I say this…

CHEF-KOCH
link
-2•
edit-2
4d

I suggest locking the thread, red pilled people spreading their based opinion here which is not helpful at all.

Facts are

  • Signal went closed source with the Security through obscurity argument, which is reason enough to ditch this MF.
  • You need phone number too, sure there are workaround but this is not what most people want.
  • Signal Team is intransparent and has history of not answering important questions.
  • Closed source is enough reason to not suggest it.
  • The topic is already multiple times covered, the last time was this one.
  • People already tried to attack me here in this thread with BS which is not even related to Signal or anything at all, not going to call names here, but check it bellow.

Personal comment If someone gives me 50 Mio. in funding I wont let people down like this. What Signal team does here is more than pathetic, they spit in everyones face taking the money and they expect us to swollow the pill.

Give me the money I do better and I hang myself if I let someone down like Signal team did - you can quote me on this. No I am not suicidal it just expresses how most people think about the story and how they betrayed their own community.

@TheAnonymouseJoker@lemmy.ml
mod
link
5•4d

Look, getting up in arms over Signal is not doing much. Why? Because everyone’s threat model is not the same. Not everyone is wanting 100% anonymity when using Signal. Signal is a replacement for WhatsApp, not XMPP or Matrix or Retroshare.

Sit back for 10 minutes and think over again. I understand pretty well what you are trying to convey, and it is problematic in a similar way the points you are raising against others’ arguments.

Please quote whoever attacked you personally, and I am going to take action against it. Harassment is not welcome on Lemmy. We all want a civil platform here.

@southerntofu@lemmy.ml
link
1•3d

Not everyone is wanting 100% anonymity when using Signal.

Strongly disagree. As someone who has lots of friends and comrades using Signal on a daily basis, the fact that you have to tie it to a phone is (rightfully) perceived by anarchists as a threat against us.

@TheAnonymouseJoker@lemmy.ml
mod
link
2•3d

If you are using Signal for anonymity, then you need to learn how to pick the correct tools for the correct job. You go to XMPP or Matrix or Retroshare or some chat over I2P for that, not Signal.

The only thing you can achieve properly, for the most part, is pseudonymity, and not anonymity over Signal, because your SIM is being tracked, unless you have a working VoIP provider that cannot be traced back to you.

PandaCoderPL
link
1•4d

Please quote whoever attacked you personally, and I am going to take action against it. Harassment is not welcome on Lemmy. We all want a civil platform here.

I’m pretty sure this user is talking about me after I disagreed with him multiple times in this discussion. Feel free to review the discussion and let me know if any of my statements is harassing this user in any way.

CHEF-KOCH
link
-1•3d

It is off-topic and smear campaign against me, my work that is all. How is that relevant to topic. It s not.

@TheAnonymouseJoker@lemmy.ml
mod
link
4•3d

Here goes for both of you, @CHEFKOCH@lemmy.ml and @PandaCoderPL@lemmy.ml, please do not fight it out here publicly. If you want to pick a fight, go do it in DMs or a realtime chat platform like Matrix or XMPP.

All I see is a petty argument between you two, and getting riled up over what is typical privacy community drama. Do not make yourself another GrapheneOS vs CopperheadOS, it makes both look like fools.

PandaCoderPL
link
0•3d

please do not fight it out here publicly.

@CHEFKOCH@lemmy.ml publicly accused me of harassing him so I felt it will be good to defend myself also publicly.

If you want to pick a fight, go do it in DMs or a realtime chat platform like Matrix or XMPP.

Of course that would be a better option but I didn’t want to look like I’m avoiding his baseless accusations. If someone is calling me out publicly, they can be sure I will answer publicly as well.

All I see is a petty argument between you two, and getting riled up over what is typical privacy community drama. Do not make yourself another GrapheneOS vs CopperheadOS, it makes both look like fools.

I was only replying to that user and for me, the argument related to his past activity is over. Hopefully he will understand that and will also stop replying to me about that issue.

I appreciate that your reaction but I hope you will try to understand my point of view as well. Thank you in advance.

CHEF-KOCH
link
-2•
edit-2
3d

First useful comment here. Thanks.

I suggest locking this thread, cleaning it. My Guild is here. People with objective and constructive criticism are welcome.

I already predict that this will happen and requested multiple times to lock this because this is all off-topic and a vendetta against my in person, nothing more. The user simply wanted to smuggle his argument inside wrapped up Signal posts to make me look like a fool which is motivation, I speculate that this is someone from the arkenfox team in an alt account or someone who is a fanboy of them, which would explain the refusal of valid arguments.

@TheAnonymouseJoker@lemmy.ml
mod
link
1•3d

The moment I see another spark that is about to become a housefire in this thread, I will lock it. I doubt anything will happen now.

PandaCoderPL
link
0•3d

Disagreeing with your statements is not smear campaign against you.

CHEF-KOCH
link
-2•
edit-2
3d

Claiming something without been involved, checking so-called made up facts and abusing it on a high traffic website is a smear campaign, as per definition.

It makes it so or so not better because it is still off-topic. It is also not your argument at all, it is something you found on the internet or someone send you and an attempt to discredet me, nothing more.

PandaCoderPL
link
0•3d

Claiming something without been involved, checking so-called made up facts and abusing it on a high traffic website is a smear campaign, as per definition.

The problem is that from what I know those facts are not made up, I’m not abusing this and Lemmy is not really high traffic website. If my goal would be to spread this information about you, then I would definitely use any other website but I’m only using those facts as part of our conversation so that’s completely different situation.

It makes it so or so not better because it is still off-topic. It is also not your argument at all, it is something you found on the internet or someone send you and an attempt to discredet me, nothing more.

If it’s offtopic then just end this part of our discussion at this point. In future, if you don’t want people to remind you of your past then simply change your username or just don’t do anything bad.

CHEF-KOCH
link
-1•
edit-2
3d
  • The problem is that I provided evidence that the so-called facts are made up. You refuse. I said GitHub website, not Lemmy for the high-traffic abuse argument, which is true. Besides the GitHub staff closed the thread and the members got warned, even this fact is presented by my link which you still ignore to accept. Please read the GitHub ToS regarding abusing issue tickets to harass someone, it is harassment because they never contacted me in the first place, my email and my Twitter etc. is all known and welcome for constructive criticism.
  • The problem is that you answer here in order to attempt to discreet me, please provide evidence that not one of the arkenfox members are behind this account. Those people showed multiple times that they chase me - as a person - across multiple platforms because they are obsessed with me and that I might do a better job.
  • It is off-topic the moment you try to discredit me with an internet link which has nothing to do with facts, Signal or that Signal now closes parts of their code and servers.
  • I never did anything bad, I stand to my failures, and I always did. Everyone makes mistakes and professionalism is to stand to them and apologize, whenever I did mistake I did mention it and I did apologize.

You accuse someone which you never tried to contact before, come with a link which had to be closed b an GitHub staff due to misinformation and call this fact. According to you, earth must be flat because it is also written somewhere on the internet.

I urge you to stop spreading misinformation regarding my person because you want to discredit me to make your stuff look better. You failed here miserably. Please stay on the topic, Lemmy is FOSS community. Signal is not anymore FOSS which was the reason it got attention in the first place.

We have sufficient alternatives, they are mentioned here by fine people of Lemmy.

PandaCoderPL
link
1•3d

The problem is that I provided evidence that the so-called facts are made up.

No, you didn’t.

Besides the GitHub staff closed the thread and the members got warned, even this fact is presented by my link which you still ignore to accept.

The issue is still open and last comment was written two weeks ago so either you live in some different reality or your so-called evidence is made up.

The only member who got warned and then permanently banned in that situation was you. Your GitHub account is still banned since 2018. Now try to convince me and others that this happened because GitHub stuff was wrong and they don’t know their own ToS.

Please read the GitHub ToS regarding abusing issue tickets to harass someone, it is harassment because they never contacted me in the first place, my email and my Twitter etc. is all known and welcome for constructive criticism.

Please quote the part of GitHub those which states that the users have to contact you in any way before exposing you and showing evidence against you.

The problem is that you answer here in order to attempt to discreet me, please provide evidence that not one of the arkenfox members are behind this account. Those people showed multiple times that they chase me - as a person - across multiple platforms because they are obsessed with me and that I might do a better job.

Can you show me any proof that anyone related to arkenfox is chasing you over multiple platforms and that I’m doing the same?

It is off-topic the moment you try to discredit me with an internet link which has nothing to do with facts, Signal or that Signal now closes parts of their code and servers.

You were the one spreading misinformation, not facts, so I reminded people about who you are so they can better understand why are you behaving that way and that they shouldn’t worry about you attacking them if they disagree with you.

I stand to my failures

By writing really long post, spreading misinformations and users who exposed you and claiming that amount of knowledge is measured by number of your repositories.

I never did anything bad

You should better educate yourself if you think that plagiarizing other’s work is nothing bad.

Everyone makes mistakes and professionalism is to stand to them and apologize

And that’s what you should do few years ago instead of writing long and meaningless post.

You accuse someone which you never tried to contact before

You have no way to know that.

come with a link which had to be closed b an GitHub staff due to misinformation and call this fact.

The GitHub issue is still open and even active. The only user who got punished in this situation was you.

According to you, earth must be flat because it is also written somewhere on the internet.

No, because it was proven that earth is not flat. You still didn’t prove that you didn’t plagiarize other’s work.

I urge you to stop spreading misinformation regarding my person because you want to discredit me to make your stuff look better. You failed here miserably.

You are the one trying to accuse me of harassment only because I gave you the link to facts about yourself.

Please stay on the topic, Lemmy is FOSS community. Signal is not anymore FOSS which was the reason it got attention in the first place.

It doesn’t matter. If you are using Lemmy, it doesn’t mean you can’t use messenger that was FOSS for most of the times.

We have sufficient alternatives, they are mentioned here by fine people of Lemmy. This is why Signal is for FOSS enthusiasts dead, and this statement is not wrong.

You are wrong again. Signal is dead but only for you, just one tiny person that is trying to prove that he did nothing bad.

CHEF-KOCH
link
0•
edit-2
4d

I already made my point.

  • Signal is dead - at least for the Lemmy community, among other communities like degoogle. There is nothing to argue about it, closed source … end of story. There is nothing to fight or to discuss over it.
  • You can use XMPP with encryption already, and hold on to it. Nothing wrong with it, I also expressed that already, or you move on and use alternative stuff.
  • We had such discussions here on Lemmy now, the first comment or what already showed a link to the same discussion.

I can take criticism, it was just to make my point how useless the discussion here has become.

I request again here in public to lock the topic because the bias on this is very strong and people do not let it go even if you prove them wrong.

PandaCoderPL
link
1•4d

I suggest locking the thread, red pilled people spreading their based opinion here which is not helpful at all.

You are basically out of arguments, you know that you were wrong so now you are suggesting locking the thread to avoid further discussion. You posted this shortly after replying to me so I wouldn’t have chance to reply back. Having last message in the discussion doesn’t mean you are right though.

Signal went closed source with the Security through obscurity argument, which is reason enough to ditch this MF.

Explain this: https://github.com/signalapp/Signal-Server Signal is mostly open source, only mechanisms related to blocking spam are closed source.

You need phone number too, sure there are workaround but this is not what most people want.

It’s not a big deal for some people because everyone has different threat model. Some people are using Signal with their family and friends who already have their phone number anyway.

Signal Team is intransparent and has history of not answering important questions.

Could you link to at least one source that proves it?

Closed source is enough reason to not suggest it.

You are using the same argument twice to make your message longer so it looks smarter? Above you can see link to source code of Signal server.

People already tried to attack me here in this thread with BS which is not even related to Signal or anything at all

You were the one who was constantly saying that code that is running on the server can be verified if you have access to the server. Of course it can, but how is it related to Signal?

not going to call names here, but check it bellow.

You don’t even have to. Also this kind of behavior is really childish: “I could do that but I will not do it”. If you are not going to do it then why did you even mention that.

Personal comment If someone gives me 50 Mio. in funding I wont let people down like this.

Did you give them the money? Signal got funding so they can do whatever they want with it. People have different needs and expectations so it’s not really possible to create perfect messenger that would make everyone happy.

What Signal team does here is more than pathetic, they spit in everyones face taking the money and they expect us to swollow the pill.

I disagree with that statement. Signal is constantly being updated, new features are being added, bugs are getting fixed, you are the only one who is complaining that Signal team got the money but they are not doing what you want them to do with it. Luckily for you, Signal is open source so you can fork it and make your own messenger that will look just like you want it.

Give me the money I do better

Can you do it without plagiarizing other’s work though?

CHEF-KOCH
link
-1•4d

You are basically out of arguments, you know that you were wrong so now you are suggesting locking the thread to avoid further discussion. You posted this shortly after replying to me so I wouldn’t have chance to reply back. Having last message in the discussion doesn’t mean you are right though.

I am not out of arguments, I explained multiple times that your audit argument does not hold because in reality no one audits server code. You refuse to accept it and continue your nonsense.

Explain this: https://github.com/signalapp/Signal-Server Signal is mostly open source, only mechanisms related to blocking spam are closed source.

The app as well as the server code can be closed sourced afterwards, which happened now partially. If more and more crypto stuff gets added then what will happen next, they close that too.

It’s not a big deal for some people because everyone has different threat model. Some people are using Signal with their family and friends who already have their phone number anyway.

Some people also use XMPP with their family, according to your previous logic, why abandon XMPP.

Could you link to at least one source that proves it?

Here.

You are using the same argument twice to make your message longer so it looks smarter? Above you can see link to source code of Signal server.

Because you mentioned it 3 times now, you quote everything to make a mess now to make it look like that what you say is true, which is not. Please provide evidence that normal people audit source code of the app or the server code, there is none.

You were the one who was constantly saying that code that is running on the server can be verified if you have access to the server. Of course it can, but how is it related to Signal?

It can if you run your own, you talk about decentralization, so there you have it.

You don’t even have to. Also this kind of behavior is really childish: “I could do that but I will not do it”. If you are not going to do it then why did you even mention that.

You act childish, you come with arguments written by clowns. How is that related to Signal, harassment is not wanted here on Lemmy.

Did you give them the money? Signal got funding so they can do whatever they want with it. People have different needs and expectations so it’s not really possible to create perfect messenger that would make everyone happy.

If the govt. funds project, then everyone indirectly gave the money. A messenger claims to be private and then wants your phone number, well that alone is a no go. You can simply use a QR-Code to add new contacts.

I disagree with that statement. Signal is constantly being updated, new features are being added, bugs are getting fixed, you are the only one who is complaining that Signal team got the money but they are not doing what you want them to do with it. Luckily for you, Signal is open source so you can fork it and make your own messenger that will look just like you want it.

The server code was not updated for over one year, this is not constantly, in the meantime features did break. Luckily your argument about open source does not hold because can you audit it, no. So there you have it. And how does open source help if something is outdated or if the server code is changed, it does not help at all.

Can you do it without plagiarizing other’s work though?

I can and I debunked the wrong accusation here, which you refuse to read in full, as you admitted here.

How is that relevant to OP, you try to discredit me or my work based on some so called-findings from people who copy everything out of Bugzilla and other sources. What you do here is harassment and proves my point exactly. No arguments, coming with years old stuff from GitHub that violates GitHub Tos by abusing issue tickets for harassment, congrats.

PandaCoderPL
link
0•3d

I am not out of arguments, I explained multiple times that your audit argument does not hold because in reality no one audits server code. You refuse to accept it and continue your nonsense.

Where did I even mention that auditing code of the server would change anything? I was only saying that you can’t verify what is running on the server so it doesn’t really matter if Signal makes that code open source or not.

The app as well as the server code can be closed sourced afterwards, which happened now partially. If more and more crypto stuff gets added then what will happen next, they close that too.

Now I can agree because you added that code of the server is partially closed.

Some people also use XMPP with their family, according to your previous logic, why abandon XMPP.

Who said anything about abandoning XMPP? I already said that people are free to use whatever they want because everyone has different threat model. Of course there are projects that I will recommend or not but nobody is forced to listen to my opinions.

https://dessalines.github.io/essays/why_not_signal.html

Thank you for the link, I will definitely check it out later.

Because you mentioned it 3 times now

Ans you still refuse to understand it.

you quote everything to make a mess now to make it look like that what you say is true, which is not.

I already said that I’m using quotes to make my reply more readable and less confusing, especially in case of longer statements. Quotes doesn’t make anything look more true, it’s just personal preference and my style of replying to others.

Please provide evidence that normal people audit source code of the app or the server code, there is none.

How do you know there is none? Do you know what every single person on the planet is doing right now? I highly doubt it.

It can if you run your own, you talk about decentralization, so there you have it.

Decentralization is not related to Signal either because AFAIK all servers are owned by one company.

You act childish, you come with arguments written by clowns. How is that related to Signal, harassment is not wanted here on Lemmy.

Let the moderators decide if this is harassment.

A messenger claims to be private and then wants your phone number, well that alone is a no go.

Privacy is not 0 or 1. Like I said before, people have different threat models so for some people will not care about using their own phone number for Signal, when others will not use Signal or even any mobile device at all.

The server code was not updated for over one year, this is not constantly

I said that Signal was constantly being updated, not the code of the server.

I can and I debunked the wrong accusation here, which you refuse to read in full, as you admitted here.

I already explained why I refused to read your explanation in full:

I did read part of your post and to be honest I don’t think there is even reason to read the rest. Basically you are saying that no contact informations indicate that someone likes to harass people and less repositories on Git means that someone has no knowledge. Some people just don’t want to be contacted outside that one platform where they are talking to you and number of repisitories doesn’t mean that your statements are taken more seriously.

What you do here is harassment and proves my point exactly.

Saying that you were plagiarizing work is not harassment but warning for other users who will be interacting with you in any way in future.

CHEF-KOCH
link
0•
edit-2
3d

Where did I even mention that auditing code of the server would change anything? I was only saying that you can’t verify what is running on the server so it doesn’t really matter if Signal makes that code open source or not.

No one audits code, this is the point, I have even proven that with the OpenSSL Heartbleed argumentation. Open source does not help at all here, you can also reverse closed source stuff. This is what you do not understand. You can change stuff on the server and it will break stuff for your clients, a short test if you add feature x into the app, then check if the current server accepts it or not. Yes, this is a small test everyone can do.

Now I can agree because you added that code of the server is partially closed.

And how long until they close everything. The betrayed their community. I said, give me the money, I do better, hiring people or do it yourself with 50 Mio is easily archived.

Who said anything about abandoning XMPP? I already said that people are free to use whatever they want because everyone has different threat model. Of course there are projects that I will recommend or not but nobody is forced to listen to my opinions.

You said according to my logic. The normal user does not even know what threat model is.

Thank you for the link, I will definitely check it out later.

Yes, read it and really read everything and not only the headers like you did with my link.

I already said that I’m using quotes to make my reply more readable and less confusing, especially in case of longer statements. Quotes doesn’t make anything look more true, it’s just personal preference and my style of replying to others.

This is more readable, oh my god. Really. Your logic and weak arguments are beyond cringe.

Decentralization is not related to Signal either because AFAIK all servers are owned by one company.

Nope, Signal uses AWS, Google and Azure. There are fallback servers etc.

Let the moderators decide if this is harassment.

Yup, this thread gets closed anyway and maybe ends up that we both get banned because spam.

Privacy is not 0 or 1. Like I said before, people have different threat models so for some people will not care about using their own phone number for Signal, when others will not use Signal or even any mobile device at all.

No one said nor implied it. You mention thread model now 3 times, well I assume you do not even know what it is. Your aggressive - I wanna be right here - argument does not hold. You defend a system which turned on their users and make arguments up to make it look less shocking than it is, people trusted Signal but only if it is FOSS. That changed, and there is no arguing here.

I already explained why I refused to read your explanation in full

This is from basically the headers and not the full thing. Again you do not read links in full, you have no credibility nor reputation at all. Why shall someone believes a random account created 2 months ago which aggressively defends Signal because he wants to be right, failing the point that this OP is about that parts are closed source now.

No, I provided sufficient evidence that the arkenfox people are liar and hypocrites. This is a fact.

Saying that you were plagiarizing work is not harassment but warning for other users who will be interacting with you in any way in future.

There is no proof for this claim, I even explained it in detail. Again, using other statements from the internet makes you look like am amateur. Or do you believe earth is flat because it is written down.

I request again this topic gets locked, people here defend it without any arguments or links at all. The thread is already abused as smear campaign which is entirely off-topic. I have my own guild here on lemmy, if there is something to say, do that there and I will address all concerns.

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 10 users / day
  • 38 users / week
  • 165 users / month
  • 332 users / 6 months
  • 3 subscribers
  • 248 Posts
  • 1.45K Comments
  • Modlog