Recent searches
Search options
Signal is open source, so our code is regularly scrutinized in addition to regular formal audits. We also constantly monitor security@signal.org for any new reports, and we act on them with quickness while also working to protect the people who rely on us from outside threats like phishing with warnings and safeguards.
This is why Signal remains the gold standard for private, secure communications. 5/
@signalapp I disagree because your platform is #proprietary, #SingleVendor, #SingleProvider and doesn't allow for #SelfHosting, #SelfCustody of all the Keys and you demand #PII in the form of a #PhoneNumber which can be used.to track users down!
- If #Signal was as secure as claimed, it would've been shut down like #EncroChat, #SkyECC & others...
@kkarhan Signal is literally open-source, meaning its source code is public, not proprietary: https://github.com/signalapp. Signal does not hold any user's secret keys.
@pixelcode neither are there reproduceable builds nor is #Signal's #backend opensoirce'd nor is it possible to #SelfHost.
- Thus it is #proprietary #SaaS!
@kkarhan @taylan You could have simply clicked on the link to find out that Signal have published the source code of all their apps and of their server, instead of making false claims out of thin air.
There's literally an entire manual on reproducing builds: https://github.com/signalapp/Signal-Android/blob/main/reproducible-builds%2FREADME.md
Also, nothing and no one stops you from self-hosting the Signal server.
@pixelcode @taylan that is simply not true.
@signalapp is #centralized and there's no way one can verify the code released for the servers is what they actually run.
Unlike your replies my criticisms ain't founded based off "#TrustMeBro!" but systemic issues I highlight which #Signal refuses to address or take seriously!
I did not claim Signal isn't centralised. I did not claim it's possible to verify which software runs on a foreign server.
Unlike you, I substantiated my statements by citing a source – namely a link pointing to Signal's collection of Git repos which contain the source code of their client & server software and a manual explaining how to reproduce Signal's builds, which you continue to ignore.
The one making claims without stating any sources at all are you.
@pixelcode @taylan @signalapp the #centralization, espechally without means to hide it's traffic via @torproject / #Tor makes it trivial to detect and track @signalapp / #Signal users.
- Add to that the fact that Signal has #PhoneNumbers = #PII on them and the fact they are incorporated in the #USA, thus subject to #CloudAct and it's not a matter if they snitch on users but how many thousands if not millions got subopena'd to this day.
And with no self-custody of keys it's trivial to #Room641A the users if the devs get "motivated" under threat of spending the rest of theor lives in jail.
@pixelcode@social.tchncs.deFor every messenger there's the risk of someone finding out that you use that messenger (for example when you download the app without a proxy or when you rent a server for self-hosting). So what?
Nothing and no one stops you from voluntarily using Tor to connect to Signal (Orbot, InviZible, Advanced Privacy etc.). For those oppressed by authoritarian regimes, Signal offers easy-to-use censorship-circumvention proxy support built into the app.
https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support
Neither knowing your phone number nor the Cloud Act nor both in combination gives Signal the magical ability to “snoop” on your end-to-end encrypted chats or to circumvent Sealed Sender, if that's what you're trying to express with your PII argument. https://signal.org/blog/sealed-sender/
Long-term secret keys and session keys are generated and stored on the end-user's device and are never sent to the server. It's called end-to-end encryption for a reason. Wiretapping doesn't change that.
@pixelcode @taylan Your nonchalant "So what?" gets people publicly murdered by the state in many juristictions...
- Which is why there is no substitute to teaching proper #TechLiteracy ffs!
If things were so easy as in "JuSt UsE sIgNaL!" then @signalapp would be shut down.
- Or do you really think that in a world where multi-year long sting ops like #ANØM / #OperationIronside / #OperationTrøjanShield get greenlit that @Mer__edith would risk dying of old age in jail for non-paying users?
If you do think so then you should really get some professional help, cuz you seem rather lost...
- #Signal doesn't even bother to have an #OnionService, much less to provide means to use their service without self-doxxing with a #PhoneNumber, which at best is pseudonymous and requires money to attain and maintain...
It's #centralization is an absolute nightmare and mist be deemed as criminally neglectful!
Who was murdered by the state only because they used a specific messaging app? Please provide a source.
Who says Signal would be shut down? Again, you just make up claims.
The fact that you use Signal is not confidential, and someone finding out that you do is not “doxxing”.
Tech literacy ≠ fabricating conspiracy theories
@pixelcode I'm not gonna violate confidentiality just to win an argument on the internet.
- I have helped people with a literal DoA bounty on their head escape a literal warzone and enshure their comms are clean and secure.
Mark my words: #Signal is a sting op and the day they get caught snitchin' you can apologize to me in person.