259
WhatsApp and Signal messages at risk of surveillance following EncroChat ruling, court hears | Computer Weekly
(www.computerweekly.com)
this post was submitted on 28 Jul 2024
259 points (100.0% liked)
Technology
70249 readers
3468 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Especially with Signal being open source. What stops the official Signal company from advertising another fork?
The server software is not open source.
Untrue. Stop spreading FUD: https://github.com/signalapp/Signal-Server
There's a grain of truth in the claim: We don't know for sure if the original open source version is actually running on the server.
Isn't that true of all server side FOSS?
Yes. We just have to trust them. Or selfhost, which I'm doing with almost everything.
Why not use eg. Matrix then?
XMPP as defined where?
For privacy, I guess OMEMO is the current gold standard regarding XMPP; however, agreeing on a feature set between clients apart from the most basic stuff wasn't always easy (and I guess it still isn't).
Also, I guess XML has fallen out of style for this kind of use case. Matrix is just JSON over REST, which I guess is kind of nice nowadays?
XML kind of suffers the jack of all trades curse. If you just have two sides exchanging messages using a well-defined protocol, why go for something that offers schema definition, DTD, XSL transformation? These come with costs, and if you don't use them, why XML in the first place?
All of this combined with the fact that the communication model of XMPP and Matrix is different - XMPP closer to email where a server relays messages between clients while in Matrix, everything is a synchronized (?) room, even direct messages between two participants - would have required bending or extending the spec so much that it wouldn't have been XMPP in the original spirit anyways. So instead, a new protocol was designed that incorporated a lot of lessons learned in the decade before it.
You're free to continue using XMPP, after all, bridges exist.
XMPP was doing great until Google and Meta EEE'd it, but it's still alive and well.
They've said that they release the source code after it's running in production:
https://github.com/signalapp/Signal-Android/issues/11101#issuecomment-815400676
In that case: They started publishing code AGAIN.
The server soft has been available, then not, and apparently now again.
That'd be irrelevant, because as long as only the clients hold the keys (which we can verify, as those are not only open source but also are under our control, meaning we can check that the upstream open source version is installed and no private keys are being exchanged) there's no way anyone can read the messages, except the owner of the private key.
Messages - yes, but there is also metadata. When ALL communication goes through the same servers, it becomes kind of a problem.
"Gruyere Signal"