this post was submitted on 24 Jan 2025
765 points (100.0% liked)
Fediverse
32288 readers
216 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Not on FDroid. Not open source
But it is open source. And there's a fork of Signal available on F-Droid called Molly.
It is not open source. That's why its not allowed on fdroid. It has parts that are open source, like most apps. But the app itself is closed source and a risk
The only part that isn't open source is their spam filter.
Nope. Google deps
Can you explain a little more what you mean?
The app requires code from Google that is not open source and has a history of being malware that invades your privacy and steals your data.
I'm not aware of By code from Google it requires. What history of stealing data does signal have?
It requires closed source* google code yes
Can you link me what you're talking about? I'm searching for it and having trouble finding the thing you're describing. The only info I find is about their spam detection (which I already knew about but doesn't sound like it's the thing you're talking about.)
Search in their github issues for "fdroid". Make sure to include closed tickets.
There are lots of good reasons to be upset with how Signal produces builds. And maybe Signal has no good reason why they keep opaque dependencies. But by every common definition of the term, Signal is open source. Being on FDroid is not the definition of open source.
Please don't gatekeep. There are better ways to criticize Signal. This is not one of them.
If your releases include closed source blobs, then your software is closed source.
Following that logic:
Many popular Linux distros contain closed source blobs. Ergo Linux is closed source.
Then that particular build of the distro is closed source. The linux kernel is still open source.
Okay, so the Apache license is a "closed source" license?
Yes
Then nuance is dead and nothing is good enough.
AGPL is good enough.
Signal is licensed under AGPL.
No. Some of the Signal code literally isn't even released. See above.
Linux is an open source kernel. Many operating systems that use linux ars closed source, yes. This is the position of the FSF.
And its why most Linux distros have an option to include closed source or not.
Signal, however, has no option. Its just closed source software.
@ExFed @jagged_circle you mean drivers for external devices ?
Sure. That's one possible vector. Is it "Open Source" software? Yes, they accept contributions for the community. It's is "Libre" software? No, they depend on closed source software.
I'm trying to illustrate that the definition of "open source" can be weaponized for no good reason. Dismissing Signal because it doesn't fit a narrow definition of "open source" makes everybody less secure. I have a hard enough time convincing my non-tech-savvy friends to switch to Signal. There's a snowball's chance in Hell I'll convince them to use something even more obscure.
You're wasting your time. Have the move to a platform that is open source.
@ExFed Lol, I messaged 20+ connections to step over...nobody. We have a saying "what the farmer doesn't know, the farmer doesn't like" I fear signal has to be mentioned a thousand times from all directions before they "trust" it. The publics trust is based on repetition and the concept that a big firm has more to lose than an non profit.
Yes. A thousand times yes. The risk profiles humans naturally adapted to are not well aligned with the artificial risk profiles we see today. I can't fault someone for not transcending their own natural instincts, because heaven knows I can't.