this post was submitted on 07 Feb 2025
383 points (99.0% liked)
Technology
72764 readers
2076 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
But you should also be aware that Signal does not federate, so the company can be bought. They have control over all accounts and the servers, without easy way to migrate away again. So it might just be another trap.
Try to use federated services (like matrix), they are more robust against hostile take overs.
At least (to my knowledge) the Signal messages are decrypted on the client end, so buying the company doesn't give them automatic access to messages.
Having said that, I'm sure a hostile new owner could update the app to decrypt and then send the messages as plaintext to the servers if they wanted..
Well, you can still insert client side decryption into the app.
But it isn't really about the messages, it is about the control of the servers and the accounts. You cannot easily move away from their servers, because you will lose your contacts. This gives the people controlling the servers power over you. A sort of vendor lockin.
That's why all clients are fully open-source. You can also use a fork like Molly.
AFAIK, Signal does not want anyone to use alternative clients, has that changed?
As far as I know moxie, signals lead dev, considers only the use of the officially build and distributed client authorized to use their servers.
So if they ever manage to detect someone using their services with an alternative client, they might delete your account.
https://techcrunch.com/2016/11/07/signal-app-maker-rebuts-criticism-of-dev-direction-by-calling-for-more-community-help/
Moxie has resigned a few years ago. The article you linked to is 9 years old, Signal leadership has changed a bunch of times since. Signal can't detect that you're running an alternative client, because that check would require them to include some new code in the official client. Even if they did this, they couldn't just ban anyone who's client doesn't pass the check, since it could just be an older version of the official client. They could force everyone to use the official app, but they really have no reason to invest time and effort into enforcing this. Molly is only available for Android, and it isn't even on the Play Store or the official F-Droid repo, so the user base naturally won't be as big.