Comment on Time to get serious with E2E encrypted messaging
TokyoMonsterTrucker@lemmy.dbzer0.com 1 month agoThis is such a bad take it seems like deliberate misinformation.
Signal is open-source software maintained by a non-profit. User data is not stored on Signal servers, they have no way to access messages as they are stored and encrypted on your phone. If the Signal Foundation were revealed as bad actors then the open-source code could be forked to a new project.
Feel free to fully evaluate their code here: github.com/signalapp
Adanisi@lemmy.zip 1 month ago
That’s the signal app. The software which runs on their servers is proprietary.
Andromxda@lemmy.dbzer0.com 1 month ago
No it’s not: github.com/signalapp/signal-server
Adanisi@lemmy.zip 1 month ago
TIL. Was it in the past?
NotMyOldRedditName@lemmy.world 1 month ago
I’m with you on this, I strongly recall there was some sort of not fully open source portion of Signal at least at one point in time.
Andromxda@lemmy.dbzer0.com 1 month ago
There was a period where they didn’t push changes to the repo, but all the code was released afterwards and it’s been getting regular updates ever since. But it also doesn’t matter at all, since the Signal client is designed in a way that avoids putting trust in the server. Signal servers could literally be run by the NSA and it wouldn’t matter, as everything is fully end-to-end encrypted, including metadata. The Signal protocol was also updated to use post-quantum cryptography in 2023.
KingRandomGuy@lemmy.world 1 month ago
No, the server is on the github account linked above as well. The repo is here.
Signal however doesn’t federate and does not generally support third-party clients.