Can I ask why this is flagged as a duplicate? The comment threads in here feel substantially different than what was being discussed in that older thread linked there.
That the repo was still without current code, another month later, was certainly interesting & novel to lots of people - especially given the 3x upvotes compared to the older story!
But also: now that the linked page has been updated to reflect that Signal has pushed a newer version of source, it's fresh news again, under its current headline. (If it was, by chance, attention to this 'old news' that prompted Signal's update, that also suggests it was more than a simple 'dupe' in significance.)
Yep the date matches perfectly, they hid the signal-server repository explicitly to keep their MobileCoin integration secret for a year. This is bad even for them.
im a little confused what the argument is here. TFA is implying a bunch of server code is being updated without telling anyone, violating their open-source stance. then they release a post, possibly in response to criticism, saying they've been working on a major feature thats ready for its beta release. so now youre arguing the feature they chose to work on feels yucky? this is textbook goalpost moving.
i use signal and my impression of moxie is extremely positive. at face value, a payment system built by moxie and the signal team with cryptocurrency screams "incredible". kind of taken aback by the overwhelming negativity around here.
> While communication is guaranteed to be secure due to the end-to-end encryption implemented in the open-source client apps and the Signal protocol
So the client is open source and guarantees end-to-end encryption regardless of what the server does. Ok, then I honestly don't care. Why should I?
I use Signal for its safety characteristics, which as stated are apparently ensured by the client regardless of what the server does, not because of the server, and I continue to agree with Moxie that federation is a white whale that doesn't solve any regular person problems.
I tend to agree with you - but keybase made a similar argument and then sold out their users to Zoom (with all of the concerns around the CCP's influence over Zoom). When that happens there isn't much recourse except to jump ship.
I think this is unlikely with Signal since Brian Acton's $50M donation is contingent on them keeping inline with the mission (iirc) and also Moxie being involved is a good sign. Plus, realistically if the company gets ruined you're probably better of jumping ship anyway (as long as there's somewhere else to go - matrix? urbit?).
1) Much (most?) of the time, participants don't get to verify their safety numbers, and in those cases you are at least trusting the server to deliver your messages to the right client. There's a potential vector for man-in-the-middle attack (witting or unwitting) on the server side which shouldn't be dismissed here just because users are "supposed to" verify safety numbers.
2) Their behavior regarding server software might be predictive of their behavior regarding client software in the future. Given network effects, it might not be so easy to leave the Signal ecosystem in the future if your social network is on it, so it's worth knowing right now that it's possible that in the future the client software will also be closed-source.
If you think the security aspect of the server don't matter, then can I please have all the metadata that get generated on the server and which only security is the public statement by Moxie Marlinspike that they do not save the logs or store them.
The client only guarantees security in term of the message content. Who talks to who, when, where, how long, and the historical patterns are secured by the policy of the server provider. Trust in the server is critical.
> So the client is open source and guarantees end-to-end encryption regardless of what the server does. Ok, then I honestly don't care. Why should I?
What operations does your client do? How would you know?
If the client is open source and the build is reproducible and you can built it yourself to compare the binary with the official binary on the app store, then.. yes, you can trust that the client is guaranteeing your end-to-end encryption.
If there is a snapshot of open source code which doesn't match the official binary, you have no way to know what the client you run is actually doing. That's why you should care.
This has nothing to do with trusting Signal, good people. If your threat model is such that you care about secure messaging, you can't just trust a binary that's handed to you.
Eh, I don't think open source necessarily implies open development. Being able to look at and modify the source code of the software I use is the bar for "open source" for me; I don't expect every organization to do all their development out in the open. Seems like this code was made available while it was still relevant, so I don't think anyone is really at fault here.
If I can't get a Signal server running myself, or if I can't compile the Signal client and install it on my phone, what's the point of being open source?
They could release a version of the server codebase that is not the production one, and who knows? They could put on the Google Play Store/Apple App Store a version of the client compiled from different sources (and mobile builds are not reproducible), and who knows?
Also the main benefit of FOSS is the possibility to take the source code, modify it, implement new functionality, fork it, and so on. And Signal is against that. So to me it's like a proprietary software.
Telegram on the other hand it doesn't provide an open source server, but the clients are 100% open, you can compile a client from source, modify a client, make third party clients that implements the Telegram protocol with the official libraries. All of that it's useful not only for improving existing clients, but for automating stuff, there are libraries for basically every programming language to interact with Telegram. That to me means being open source, and what distinguish Telegram from all the other applications.
For security software like Signal it does. When there is a lag in publishing server source code, the running version isn't what the public can inspect, but an old one that is no longer valid.
And it produces the appearance that they have something to hide, like the need to sanitize the source and get rid of something. Maybe it is just embarrassing WIP stuff, maybe a backdoor.
Moxie is also using his position as the creator of Signal to promote and integrate his pet cryptocurrency project MobileCoin as a payment provider for Signal, of which he owns a majority stake in.
Technical merits of MobileCoin aside, it's not a good look.
Signal is really not inspiring confidence right now.
EDIT: Sorry, Moxie is only serving as a paid technical advisor to MobileCoin--it is not his project and presumably does not own stake in MobileCoin. So that's better, but remains to be seen what enfolds.
Found a summary of events here if anyone can confirm:
1. MobileCoin premines 250m coins
2. Moxie gets paid for being on their advisory board
3. Moxie directs his non-profit to integrate MobileCoin in secret
4. MobileCoin offers 1/5 of their premine for sale.
It's practically a principle of the Signal project to discourage third-party clients. Signal's security work is done, for obvious reasons, mostly clientside. If you have a diversity of clients, you're stuck with the lowest common denominator of mainstream clients. Without them, you can roll out any feature you want to.
Interestingly, this brand-new custom coin they're using is not Proof-of-Work or Proof-of-Stake.
> The MobileCoin Consensus Protocol avoids the environmentally-damaging mathematical “work” required by Proof-of-Work (PoW) consensus protocols like Bitcoin and realizes a much higher transaction rate than the Bitcoin consensus protocol. In contrast to Proof-of-Stake (PoS) consensus protocols, practical control of governance in MCP is ceded to the users who are trusted the most by the extended MobileCoin community, rather than to the wealthiest users who control the largest financial stakes.
So it is POT. Proof of Trust. If you break it, it is crackpot and goes up in smoke /s
I am not familiar with this Quorums consensus mechanism, but in general I feel - especially given the scammy veil surrounding the entire field - that it is quite early to adopt such as-yet unproven technology in production software that is widely used by people where security and privacy (among others) is utterly important.
Hi there! Signal-Android developer here. Are you following the steps listed in our repo[1]? The steps use the very same docker image we use to build our releases.
I ran a private Synapse server on an OpenBSD host w/ an encrypted fs. The only problem I ever had was I messed around w/ the SSL cert and someone's mobile app cached the old one, causing some connectivity problems (uninstalling and reinstalling did the trick, finally).
The mobile app is a little unpolished. It constantly wants you to validate other sessions, always flashes the "loading" graphic whenever you switch to it, etc. Those two things feel a little half-baked--enough that my friends were like "no thanks" (I know, I know but, what can you do).
But broadly I still think it's very promising and would personally use it if I could get anyone else to. They're also building another server in Go that should have much better performance, if you're interested in that kind of thing.
Been using it for a while now, mostly through bridges. e2ee works pretty much seamlessly now, as does the entire federation thing. Cross-device verification is simple; manual fingerprint comparisons have been replaced by the simple emoji comparison screens also found in other apps.
If you don't want to bother setting up a server (and power to you, because server maintenance is annoying) just register with any open Matrix server you deem reliable enough. The matrix.org one is (obviously) pretty popular. As an end user, the federation stuff is no different from your average email address; there's a domain you store your stuff on and send your stuff through, that server is part of your address. If you make an account with a service provider that goes down, your messages disappear, same thing as would happen if Gmail or iCloud would take their servers down.
If you want the security of your domain but none of the hassle of managing a server, you can get managed Matrix servers from different providers these days [0]. Just get your own domain like normal, so your address will always be your own property and you can take it somewhere else if you really need to, and point the domain records at the servers of your provider.
If you do want to set up a server and join the Matrix network, there's an Ansible playbook [1] that'll set everything up on your server. You can also use the complete guide [2] if you want to manage everything manually. If you have any trouble getting federation to work, there's a nice diagnostic utility [3] that can help you identify the most common problems.
Alternative client are coming along nicely now, as well. For the longest time, encryption support was missing from the major ones (with "solutions" like running a pantalaimon instance in the mean time), but e2ee support has been added to most clients now. The only fully-featured client without encryption support I've come across has been GNOME's Fractal. On mobile, Fluffychat [4] has been working well for me, and on desktop Element [5] has been working well, too.
TL;DR: go to https://app.element.io/#/register, pick a username, and give it a try in your browser. You can join a bunch of the bridged IRC servers to get a feel of the conversation flow if you have no contacts on Matrix.
It's been like this for a while, and the project owner's attitude is pretty negative overall. I do use signal daily, but I believe it's likely compromised ala lavabit.
I thought they were never compromised? They shut down rather than comply with the order
>The service suspended its operations on August 8, 2013 after the U.S. Federal Government ordered it to turn over its Secure Sockets Layer (SSL) private keys, in order to allow the government to spy on Edward Snowden's email
Only children trust Signal. A "private" messenger that only works by attaching to your phone number. Another nail in the coffin.
Edit: Look at that, negative points on my post that fast. We sure do have TLA's in here screening every single comment, while ensuring that this thread stays out of the front page.
Guys, give it up already. No one with a bit of intelligence falls for your "app-traps"
I wish. Status has even less adoption and dev support. If I have bugs on signal for MMS with my carrier, I presume any smaller niche messenger will be tougher to have loved ones adopt and will have even more bugs.
From an open source perspective Signal-Server is still not open and never was: No outside contributions and no public issues. No community. No installation documentation. etc. ... and recently they seem to have added a dependency to DynamoDB: https://github.com/signalapp/Signal-Server/commit/0dcb4b645c... (2 weeks after they were overloaded from user registrations)
That was FaceTime that they intended to open source, and it was supposedly a patent troll that forced them to move FaceTime to a more centralized design (it was originally P2P) which in turn made open sourcing more problematic.
[+] [-] dang|5 years ago|reply
[+] [-] throwitaway12|5 years ago|reply
Edit: Also, you cannot post on the other link for some reason?
[+] [-] Klonoar|5 years ago|reply
[+] [-] gojomo|5 years ago|reply
But also: now that the linked page has been updated to reflect that Signal has pushed a newer version of source, it's fresh news again, under its current headline. (If it was, by chance, attention to this 'old news' that prompted Signal's update, that also suggests it was more than a simple 'dupe' in significance.)
[+] [-] bilal4hmed|5 years ago|reply
Just a few minutes ago the server code was updated. Im honestly not happy about this. Feels yucky
[+] [-] RL_Quine|5 years ago|reply
[+] [-] kryogen1c|5 years ago|reply
i use signal and my impression of moxie is extremely positive. at face value, a payment system built by moxie and the signal team with cryptocurrency screams "incredible". kind of taken aback by the overwhelming negativity around here.
[+] [-] akvadrako|5 years ago|reply
I've been worried about it but now I see they had a good reason I have hope the behavior changes.
[+] [-] BugsJustFindMe|5 years ago|reply
So the client is open source and guarantees end-to-end encryption regardless of what the server does. Ok, then I honestly don't care. Why should I?
I use Signal for its safety characteristics, which as stated are apparently ensured by the client regardless of what the server does, not because of the server, and I continue to agree with Moxie that federation is a white whale that doesn't solve any regular person problems.
[+] [-] gonehome|5 years ago|reply
I think this is unlikely with Signal since Brian Acton's $50M donation is contingent on them keeping inline with the mission (iirc) and also Moxie being involved is a good sign. Plus, realistically if the company gets ruined you're probably better of jumping ship anyway (as long as there's somewhere else to go - matrix? urbit?).
[+] [-] DavidSJ|5 years ago|reply
1) Much (most?) of the time, participants don't get to verify their safety numbers, and in those cases you are at least trusting the server to deliver your messages to the right client. There's a potential vector for man-in-the-middle attack (witting or unwitting) on the server side which shouldn't be dismissed here just because users are "supposed to" verify safety numbers.
2) Their behavior regarding server software might be predictive of their behavior regarding client software in the future. Given network effects, it might not be so easy to leave the Signal ecosystem in the future if your social network is on it, so it's worth knowing right now that it's possible that in the future the client software will also be closed-source.
[+] [-] hoophoop|5 years ago|reply
You should because any successful centralized messenger is one update away from becoming entirely closed source.
If Signal will reach say a billion users it will be able to do that without significant userbase loss, due to network effect.
> safety characteristics, which as stated are apparently ensured by the client regardless of what the server does
In reality, the contact social graph and the frequency and pattern of messages between users is leaked.
Any global observer can do a correlation attack thanks to the centralized servers (and absence of onion routing).
[+] [-] belorn|5 years ago|reply
The client only guarantees security in term of the message content. Who talks to who, when, where, how long, and the historical patterns are secured by the policy of the server provider. Trust in the server is critical.
[+] [-] jjav|5 years ago|reply
What operations does your client do? How would you know?
If the client is open source and the build is reproducible and you can built it yourself to compare the binary with the official binary on the app store, then.. yes, you can trust that the client is guaranteeing your end-to-end encryption.
If there is a snapshot of open source code which doesn't match the official binary, you have no way to know what the client you run is actually doing. That's why you should care.
This has nothing to do with trusting Signal, good people. If your threat model is such that you care about secure messaging, you can't just trust a binary that's handed to you.
[+] [-] cmckn|5 years ago|reply
[+] [-] alerighi|5 years ago|reply
They could release a version of the server codebase that is not the production one, and who knows? They could put on the Google Play Store/Apple App Store a version of the client compiled from different sources (and mobile builds are not reproducible), and who knows?
Also the main benefit of FOSS is the possibility to take the source code, modify it, implement new functionality, fork it, and so on. And Signal is against that. So to me it's like a proprietary software.
Telegram on the other hand it doesn't provide an open source server, but the clients are 100% open, you can compile a client from source, modify a client, make third party clients that implements the Telegram protocol with the official libraries. All of that it's useful not only for improving existing clients, but for automating stuff, there are libraries for basically every programming language to interact with Telegram. That to me means being open source, and what distinguish Telegram from all the other applications.
[+] [-] corty|5 years ago|reply
And it produces the appearance that they have something to hide, like the need to sanitize the source and get rid of something. Maybe it is just embarrassing WIP stuff, maybe a backdoor.
[+] [-] sim_card_map|5 years ago|reply
https://github.com/LibreSignal/LibreSignal/issues/37#issueco...
[+] [-] stevenhuang|5 years ago|reply
Moxie is also using his position as the creator of Signal to promote and integrate his pet cryptocurrency project MobileCoin as a payment provider for Signal, of which he owns a majority stake in.
Technical merits of MobileCoin aside, it's not a good look.
Signal is really not inspiring confidence right now.
EDIT: Sorry, Moxie is only serving as a paid technical advisor to MobileCoin--it is not his project and presumably does not own stake in MobileCoin. So that's better, but remains to be seen what enfolds.
Found a summary of events here if anyone can confirm:
1. MobileCoin premines 250m coins
2. Moxie gets paid for being on their advisory board
3. Moxie directs his non-profit to integrate MobileCoin in secret
4. MobileCoin offers 1/5 of their premine for sale.
5. Signal announcement spikes price to $60
https://twitter.com/lrvick/status/1379536536459431937
[+] [-] rvz|5 years ago|reply
Last commit was 5 days ago: [0]
As for not playing nice with third-party clients, I can give you that point.
[0] https://github.com/signalapp/Signal-Server/commit/365ad3a4f8...
[+] [-] RL_Quine|5 years ago|reply
https://web.archive.org/web/20210311053716/https://github.co...
As of earlier this month, the repository was a year out of date.
[+] [-] tptacek|5 years ago|reply
[+] [-] makeworld|5 years ago|reply
> The MobileCoin Consensus Protocol avoids the environmentally-damaging mathematical “work” required by Proof-of-Work (PoW) consensus protocols like Bitcoin and realizes a much higher transaction rate than the Bitcoin consensus protocol. In contrast to Proof-of-Stake (PoS) consensus protocols, practical control of governance in MCP is ceded to the users who are trusted the most by the extended MobileCoin community, rather than to the wealthiest users who control the largest financial stakes.
https://github.com/mobilecoinfoundation/mobilecoin/tree/mast...
[+] [-] rapnie|5 years ago|reply
I am not familiar with this Quorums consensus mechanism, but in general I feel - especially given the scammy veil surrounding the entire field - that it is quite early to adopt such as-yet unproven technology in production software that is widely used by people where security and privacy (among others) is utterly important.
[+] [-] sschueller|5 years ago|reply
I have not been able to get it to compile but have not spent much time trying to figure out why it doesn't want to compile.
[+] [-] greysonp|5 years ago|reply
[1] https://github.com/signalapp/Signal-Android/tree/master/repr...
[+] [-] gentleman11|5 years ago|reply
[+] [-] camgunz|5 years ago|reply
The mobile app is a little unpolished. It constantly wants you to validate other sessions, always flashes the "loading" graphic whenever you switch to it, etc. Those two things feel a little half-baked--enough that my friends were like "no thanks" (I know, I know but, what can you do).
But broadly I still think it's very promising and would personally use it if I could get anyone else to. They're also building another server in Go that should have much better performance, if you're interested in that kind of thing.
[+] [-] jeroenhd|5 years ago|reply
If you don't want to bother setting up a server (and power to you, because server maintenance is annoying) just register with any open Matrix server you deem reliable enough. The matrix.org one is (obviously) pretty popular. As an end user, the federation stuff is no different from your average email address; there's a domain you store your stuff on and send your stuff through, that server is part of your address. If you make an account with a service provider that goes down, your messages disappear, same thing as would happen if Gmail or iCloud would take their servers down.
If you want the security of your domain but none of the hassle of managing a server, you can get managed Matrix servers from different providers these days [0]. Just get your own domain like normal, so your address will always be your own property and you can take it somewhere else if you really need to, and point the domain records at the servers of your provider.
If you do want to set up a server and join the Matrix network, there's an Ansible playbook [1] that'll set everything up on your server. You can also use the complete guide [2] if you want to manage everything manually. If you have any trouble getting federation to work, there's a nice diagnostic utility [3] that can help you identify the most common problems.
Alternative client are coming along nicely now, as well. For the longest time, encryption support was missing from the major ones (with "solutions" like running a pantalaimon instance in the mean time), but e2ee support has been added to most clients now. The only fully-featured client without encryption support I've come across has been GNOME's Fractal. On mobile, Fluffychat [4] has been working well for me, and on desktop Element [5] has been working well, too.
TL;DR: go to https://app.element.io/#/register, pick a username, and give it a try in your browser. You can join a bunch of the bridged IRC servers to get a feel of the conversation flow if you have no contacts on Matrix.
[0]: https://matrix.org/hosting/
[1]: https://github.com/spantaleev/matrix-docker-ansible-deploy
[2]: https://github.com/matrix-org/synapse/blob/master/INSTALL.md
[3]: https://federationtester.matrix.org/
[4]: https://fluffychat.im/en/
[5]: https://element.io/get-started
[+] [-] ndiscussion|5 years ago|reply
[+] [-] gruez|5 years ago|reply
>The service suspended its operations on August 8, 2013 after the U.S. Federal Government ordered it to turn over its Secure Sockets Layer (SSL) private keys, in order to allow the government to spy on Edward Snowden's email
[+] [-] coolspot|5 years ago|reply
Add requirement of a phone number to create an account.
[+] [-] rOOb85|5 years ago|reply
[+] [-] morelisp|5 years ago|reply
[+] [-] throwitaway12|5 years ago|reply
Only children trust Signal. A "private" messenger that only works by attaching to your phone number. Another nail in the coffin.
Edit: Look at that, negative points on my post that fast. We sure do have TLA's in here screening every single comment, while ensuring that this thread stays out of the front page.
Guys, give it up already. No one with a bit of intelligence falls for your "app-traps"
[+] [-] krick|5 years ago|reply
[+] [-] chrisco255|5 years ago|reply
Mozilla Public License - E2E Encryption - P2P Messaging - Active community & git repo - Integrated Ethereum wallet for Web3 access
[+] [-] speedgoose|5 years ago|reply
[+] [-] tgsovlerkhgsel|5 years ago|reply
It has:
* E2E encryption * Awesome new features * Decentralization * Everything you ever wanted
Small drawbacks:
* Can't actually talk to any of the people you want to talk to.
[+] [-] Phobophobia|5 years ago|reply
[+] [-] karussell|5 years ago|reply
From an open source perspective Signal-Server is still not open and never was: No outside contributions and no public issues. No community. No installation documentation. etc. ... and recently they seem to have added a dependency to DynamoDB: https://github.com/signalapp/Signal-Server/commit/0dcb4b645c... (2 weeks after they were overloaded from user registrations)
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] Chlorus|5 years ago|reply
[+] [-] kitsunesoba|5 years ago|reply
[+] [-] meepmorp|5 years ago|reply
[+] [-] zaik|5 years ago|reply
[deleted]
[+] [-] stevespang|5 years ago|reply
[deleted]
[+] [-] alexfromapex|5 years ago|reply
[+] [-] yellowyacht|5 years ago|reply
That's a serious accusation you are 'feeling'. What evidence do you have?