zlacker

[return to "Signal Server code on GitHub is up to date again"]
1. woah+ny[view] [source] 2021-04-07 17:31:45
>>domano+(OP)
A lot of these comments are just manifestations of the kneejerk HN "crypto bad" reflex. Here's the deal:

- Whether or not Signal's server is open source has nothing to do with security. Signal's security rests on the user's knowledge that the open source client is encrypting messages end to end. With that knowledge, the server code could be anything, and Signal inc. would still not be able to read your messages. In fact, having the server code open source adds absolutely nothing to this security model, because no matter how open source and secure the server code might be, Signal inc. could still be logging messages upstream of it. The security rests only upon the open source client code. The server is completely orthogonal to security.

- Signal's decision to keep early development of the MobileCoin feature set private was valid. Signal is not your weekend node.js module with two stars on Github. When changes get made to the repo, they will be noticed. This might mess up their marketing plan, especially if they weren't even sure whether they were going to end up going live with the feature. Signal is playing in the big leagues, competing with messengers which have billions of dollars in marketing budget, will never ever be even the smallest amount open source, and are selling all your messages to the highest bidder. They can't afford to handicap themselves just to keep some guys on Hacker News happy.

- Signal's decision to keep development to the (private) master branch, instead of splitting the MobileCoin integration into a long-running feature branch is a valid choice. It's a lot of work to keep a feature branch up to date over years, and to split every feature up into the public and non-public components which then get committed to separate branches. This would greatly affect their architecture and slow down shipping for no benefit, given that the open sourceness of the server is orthogonal to security.

◧◩
2. pmlnr+M21[view] [source] 2021-04-07 19:33:39
>>woah+ny
> A lot of these comments are just manifestations of the kneejerk HN "crypto bad" reflex.

Nope. It's a reaction to "who the f* asked for this in a messaging app?!".

◧◩◪
3. cptski+aI1[view] [source] 2021-04-07 22:44:54
>>pmlnr+M21
Unless you have your head thoroughly buried in the sand, you'd understand that all the major players allow people to send money AND people are using those platforms to send money.

When people evaluate a new messaging client, the minimum feature set required to be considered viable now includes sending money for a lot of the population.

* removed insult

◧◩◪◨
4. pmlnr+NH2[view] [source] 2021-04-08 08:17:24
>>cptski+aI1
> all the major players allow people to send money AND people are using those platforms to send money.

So if major players jump off a cliff, everyone should always follow?

> the minimum feature set required to be considered viable now includes sending money for a lot of the population.

? No, thank you. Not where the actual banking system is working.

[go to top]