zlacker

[parent] [thread] 3 comments
1. kelnos+(OP)[view] [source] 2021-04-07 19:10:35
The server being or not being secure is only important to the people who operate it. You can examine the client code and see that your messages are encrypted end to end. Signal's entire security model revolves around the idea that you don't need to trust the server.
replies(1): >>thepti+n5
2. thepti+n5[view] [source] 2021-04-07 19:31:37
>>kelnos+(OP)
There's no concern about metadata leakage?
replies(1): >>outime+3o
◧◩
3. outime+3o[view] [source] [discussion] 2021-04-07 20:50:10
>>thepti+n5
Even if you have access to an up-to-date source code it doesn't guarantee at all they'd be running a completely different version if so they wish. I mean this have just happened yet this question kind of implies you'd still trust such entity to run the server from the source code you have access to. I hope this collective illusion dies already.
replies(1): >>thepti+OW
◧◩◪
4. thepti+OW[view] [source] [discussion] 2021-04-07 23:58:40
>>outime+3o
True, neither the absence of an identified vuln in published source code, nor the absence of published source code can guarantee that you don't have vulns. And sure, a bad-faith operator can always back-door the server and run different code.

But, a good-faith operator can find and fix bugs faster if they operate in the open and in collaboration with the community. "Given enough eyeballs, all bugs are shallow" etc.

[go to top]