That’d be irrelevant, because as long as only the clients hold the keys (which we can verify, as those are not only open source but also are under our control, meaning we can check that the upstream open source version is installed and no private keys are being exchanged) there’s no way anyone can read the messages, except the owner of the private key.
The server software is not open source.
30p87@feddit.org 3 months ago
EngineerGaming@feddit.nl 3 months ago
Messages - yes, but there is also metadata. When ALL communication goes through the same servers, it becomes kind of a problem.
massive_bereavement@fedia.io 3 months ago
Untrue. Stop spreading FUD:
https://github.com/signalapp/Signal-Server
30p87@feddit.org 3 months ago
There’s a grain of truth in the claim: We don’t know for sure if the original open source version is actually running on the server.
Plopp@lemmy.world 3 months ago
Isn’t that true of all server side FOSS?
30p87@feddit.org 3 months ago
Yes. We just have to trust them.
bamboo@lemmy.blahaj.zone 3 months ago
They’ve said that they release the source code after it’s running in production:
github.com/signalapp/Signal-Android/issues/11101#…
einkorn@feddit.org 3 months ago
In that case: They started publishing code AGAIN.
The server soft has been available, then not, and apparently now again.