zlacker

[return to "Signal Server code on GitHub is up to date again"]
1. red_tr+G1[view] [source] 2021-04-07 15:08:20
>>domano+(OP)
Is there any mechanism to validate that the code running on Signal's servers is the same as on Github?
◧◩
2. hoopho+w3[view] [source] 2021-04-07 15:17:04
>>red_tr+G1
No.

If Signal /was/ federated it would be a strong hint that the server code stays the same.

And even if it's not the same, people would be able to run their own trusted servers.

◧◩◪
3. ViViDb+yF[view] [source] 2021-04-07 18:00:53
>>hoopho+w3
Federation pretty much guarantees the opposite. There would likely be many servers running many different versions whereby you’d have no way of knowing which are trusted or not. It, by design, distributes trust. This means there are more parties to trust.

Anyway, Signal is designed to handle all the private bits at the client side with e2ee so you have to put as little trust in the server as possible.

[go to top]