They may be sponsored by the US Government, or by cryptographers with ties to the government.
https://thebaffler.com/salvos/the-crypto-keepers-levine
It’s a long read, but it’s quite good. Here’s a snippet to whet your palate where he describes some of the prominent people behind these projects:
At least that’s how they saw themselves. My reporting revealed a different reality. As I found out by digging through financial records and FOIA requests, many of these self-styled online radicals were actually military contractors, drawing salaries with benefits from the very same U.S. national security state they claimed to be fighting. Their spunky crypto-tech also turned out, on closer inspection, to be a jury-rigged and porous Potemkin Village version of secure digital communications. What’s more, the relevant software here was itself financed by the U.S. government: millions of dollars a year flowing to crypto radicals from the Pentagon, the State Department, and organizations spun off from the CIA.
For context: I have become very interested in the debate amongst app users such as Telegram, Signal, Threema, etc… and I know that many people claim that Signal is the very best amongst all of them but there’s something really sketchy about its location (US based) and the fact that the government can for anyone to comply with their orders and forbid them from telling anyone about it via gag orders (see Durov’s comments on this: https://t.me/durov/59).
Both are fascinating reads, and certainly help me appreciate platforms like Telegram and Threema even more. Regarding Threema, today they posted a comparison between their app and the competition, and found this interesting tidbit regarding Signal:
https://threema.ch/en/blog/posts/messenger-comparison-2021
Signal enjoys an outstanding reputation among experts, and it’s certainly a good alternative to WhatsApp. However, just like WhatsApp, it requires users to disclose personally identifiable information: Providing a phone number is mandatory. As a US company, Signal is also subject to the CLOUD Act, which entitles US authorities to access data from IT service providers that are based in the US.
Also: I just learned that FB spends millions of dollars every year on marketing and trying to influence people to not use platforms such as telegram.
Signal has not been able to provide the US gov with personal data as they only store the date of account creation and a signal ID number. Look at how signal handles these information requests right now.
You’re totally right. Signal has demonstrated its full proof against US courts. But perhaps not against security agencies. Signal stores private keys in the cloud. Relying on SGX extensions to keep them from being trivially broken. Signal could be compromised, SGX could be compromised, something we don’t realize in that supply chain could be compromised. So it could just be a long-term honeypot. But if you’re a threat model does not include US security apparatus, you’re fine
Too bad it does not have an F-droid Version. I would have installed otherwise.
There’s an APK download on their webpage: https://signal.org/android/apk/
It has always created a conflict to me the fact that Signal is open source and yet there are no forks out there. You would think someone would come with a fork outside the US or something.
Sometimes I have even thought that Signal may be a social engineering effort from the NSA, or some three letter agency to bring and spy on all the “people that have something to hide” I mean, wouldn’t it be brilliant?
Besides, on any centralized service, you never know that they are actually running the published “open source” code and not a modified one.
For security, I would go to Matrix in a self hosted server.
*Edit: minor typos
There is no point in forking Signal, as XMPP with OMEMO is more or less the same thing, but better.
There are a few niche third party clients:
- scli (Signal)
- siggo (Signal)
- signal-weechat(Signal)
The reason there are no big third party clients is that the devs don’t want to have to deal with bugs in third party clients/maintaining API stability etc… Also, a bad implementation could potentially lead to compromising the Security of the people using it.
Besides, on any centralized service, you never know that they are actually running the published “open source” code and not a modified one.
You don’t know that either on a decentralised service, unless you self host. And even if you self-host, you likely interact with hosts that you don’t trust, and you still need to give them a lot of metadata.
The whole point of Signal is that everything is E2EE, so you don’t even have to trust the server.
There reason there are no big third party clients is that the devs don’t want to have to deal with bugs in third party clients/maintaining API stability etc… Also, a bad implementation could potentially lead to compromising the Security of the people using it.
That is no reason to prohibit f-droid.org from compiling Signal from source and distributing it. That point alone is very suspicious for me.
The whole point of Signal is that everything is E2EE, so you don’t even have to trust the server.
You have to trust the Google Play server that the Signal apk it sends is actually built from the published source code.
Removed by mod
Yeah, I think it’s important to point out that I’m not saying that Signal is a bad app or that it doesn’t do what it claims it does. But when it comes to who’s funding these projects, it matters a lot. In contrast, look at telegram, whose main backer is a libertarian semi-anarchist billionaire. He’s been backing up the entire operation for a long time now although they will move into using ads and offering plus services to make it self-sustainable in the future. On that front, I trust Durov more than I would trust Signal coders and people affiliated to the project who, in turn, have ties to the feds in the USA. So all in all, at least in my case, I will be sticking to Threema and Telegram for the foreseeable future.
The Signal Foundation is also funded by Silicon Valley billionairs these days (for example the WhatsApp founders who cashed out to Facebook).
Removed by mod
deleted by creator
