this post was submitted on 11 Oct 2023
146 points (94.0% liked)
Privacy
31993 readers
426 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Signal doesn't trust messages server side. And the official flatpak made by the signal foundation are verified. So as long as you use the flatpak its safe.
Just a note that the flatpak is not made by the Signal Foundation, it is maintained unofficially by the community. See the last sentence on the app description on Flathub:
There's a discussion about the community flatpak's trustworthiness on their repo here and here, a feature request for the Signal Foundation to have an official distro-agnostic release here, but for now the only official Linux release of Signal is for Debian-based distributions.
Fair point but why does signal have a position available for signal desktop on there web page? That's rather odd to have it community maintained.
The Signal Foundation does work on Signal Desktop - but they only release binaries for Mac, Windows, and Debian-based Linux distros. Those are the downloads available on their website, there is no link to the Flatpak on their website.
The community turns that official Debian release into an unofficial Flatpak release. This means that you need to trust the community packagers to be doing the right thing, along with trusting the Signal Foundation. It's an additional layer of trust that you wouldn't need for an official release.
An alternative option would be building the app yourself - there's documentation here and the repo is here, but then you're responsible for keeping up and rebuilding when they have updates. I definitely hope the Signal Foundation releases an official Flatpak, it's not a great position to be in if you're not on a Debian-based distro.
These aren't good reasons
What does this have to do with their ability to support reproducible builds?
this :)