WhatsApp and Signal messages at risk of surveillance following EncroChat ruling, court hears | Computer Weekly

Alb087@lemmy.ml to Technology@lemmy.world – 249 points –
WhatsApp and Signal messages at risk of surveillance following EncroChat ruling, court hears | Computer Weekly
computerweekly.com
51

You are viewing a single comment

The server software is not open source.

Untrue. Stop spreading FUD: https://github.com/signalapp/Signal-Server

There's a grain of truth in the claim: We don't know for sure if the original open source version is actually running on the server.

They've said that they release the source code after it's running in production:

sorry the source for one of our services was so far behind. We often don't push source until we release things, and there were a few overlapping releases that happened in that period which made it awkward to push at any moment and put us behind. Additionally, we've seen a large increase in spam, and a reluctance to immediately publish the exact anti-spam measures we were responding with to a place where spammers could immediately see them combined with the above to cause this extreme delay.

https://github.com/signalapp/Signal-Android/issues/11101#issuecomment-815400676

5 more...

In that case: They started publishing code AGAIN.

The server soft has been available, then not, and apparently now again.

5 more...

That'd be irrelevant, because as long as only the clients hold the keys (which we can verify, as those are not only open source but also are under our control, meaning we can check that the upstream open source version is installed and no private keys are being exchanged) there's no way anyone can read the messages, except the owner of the private key.

Messages - yes, but there is also metadata. When ALL communication goes through the same servers, it becomes kind of a problem.

5 more...