Signal is testing out a new feature that encrypts message metadata. Once it's widely deployed, their server will facilitate delivering messages but without having access to who is sending them

signal.org/blog/sealed-sender/

@micahflee stay away from Signal, it's too easy to prove that they are full of shit. Sorry for the harsh words. The article doesn't answer my questions, or essentially it does, confirming my fears.

@tuxicoman @micahflee
1. Signal has closed source elements and as such cannot be trusted as a whole
2. The whole business model is talking shit about Telegram using buzz words without actually using good security. I don't trust people who rely on black-mouthing.
3. Hiding metadata is a lot harder than they make it out to be, and the only app I trust about that is bitmessage. Study bitmessage and you understand why this metadata hiding stuff is full of shit.

@lapingvino @micahflee @tuxicoman Signal were far from the only people criticizing Telegram. Also, Telegram's ICO (which I imagine you've invested in, hence all the FUD about Signal) was super shady.

gizmodo.com/why-you-should-sto

@freakazoid @tuxicoman @micahflee I don't invest in any ICO. I trust Telegram because it keeps my dear friends in oppressive regions safe.

@micahflee @tuxicoman @lapingvino And my understanding is that what e2e crypto it does have is home-grown, which is a big no-no. Double ratchet is open source and well-audited.

I do like that Telegram is in F-Droid, but the absence of Signal there is (AIUI) because of a dependency on closed source Google code. You have to trust Google anyway to use it because Android, so I don't see this as a problem.

@freakazoid @lapingvino @micahflee

This is the problem...
Forcing useage of a closed source build (signal APK) on a system needed a closed source root administrator (Google Apps) is a very strange move from an open source advocate.

@tuxicoman @freakazoid @lapingvino

That's not true though.

You can build Signal from source if you want, or download the apk from signal.org/android/apk/ instead of the Play Store, and it runs fine on phones that don't have Google Play Services, or even any proprietary software.

Follow

@micahflee @tuxicoman @freakazoid true, the same friend of mine that explained the closed source thing told that too.

@lapingvino @micahflee @freakazoid

I don't understand then why there is no #Fdroid build of it. It would bring updates easily without Google Apps.

Moxie won't even notice it (other than putting a closed source stuff into his build)

@tuxicoman @lapingvino @freakazoid

There's nothing closed source in the official build.

Personally I'd like Signal in F-Droid. But I think Moxie's argument is that secure software delivery is hard, releasing to two app stores introduces complexity, and F-Droid doesn't give analytics or crash reports. In the end, I think he just doesn't care much because only a tiny (but loud) fraction of the user base doesn't have the Play Store

Sign in to participate in the conversation
esperanto.masto.host

Bonvenon! Malferme al ĉiaj kaj ĉiuj respektemaj esperantistoj.