this post was submitted on 17 Jun 2023
14 points (66.7% liked)
Privacy
31609 readers
178 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How exactly is Signal anti-FOSS? This might have been a problem before (the article is from 2021) but I checked the Github link in the article and the server was updated 18 hours ago with frequent updates this year alone. I also find the source of funding argument to be pretty flimsy. Though I do agree with the conclusion that federated alternatives are better for privacy. For my personal threat model Signal is fine for me.
No hate though, it's an interesting read, I'd like to see more discussions like this.
They are extremely begrudging when it comes to providing a fully FOSS apk. They push really hard for their app to be pulled from Google's servers and refuse to do an F-Droid build or even set up their own instance where they can push whatever they want.
There are legitimate reasons for not wanting to use Fdroid and their builds are apparently reproducible, not sure what you mean about not being fully FOSS either. https://signal.org/blog/reproducible-android/
The client app is FOSS other than the Google blob for notifications. The server SW is partly closed source because they say that is needed to prevent spammers.
Such as?
Some developers don't like their key signing process.
The security risk their signing process introduces. My guess would be Signal wants a 0% chance of a malicious client being distributed, hence why they only allow direct apk downloads (which self-updates, essentially making an F Droid build obsolete) and Google Play. I would also guess this is why Signal only packages a deb package (if anyone knows a better way to run Signal desktop on fedora [besides the flatpak] than my current solution of spinning up a Mint Virtual Machine [maybe distrobox?] please let me know!) and literally has no official support for rpm based distributions.
cope. all they need to do is set up an F-Droid. typical that this is still isn't answered, as usual