undefined | Better HN

0 pointsjosh26007y ago0 comments

Whoa... I don't work for and have never worked for Signal. Feel free to ask Moxie if I have ever worked for Signal and the answer will be an abject "no".

I think it's worth meditating on the tradeoffs of your system design. Nothing is perfect.

Signal is trying to do the best that it can, and I really think that the starting line in writing secure software is open sourcing the whole thing from top to bottom. Anything less isn't auditable.

Note: I edited this post to make the language more addressable. I love the work Keybase is doing, but I want them to open source their server.

0 comments

3 comments · 1 top-level

zeeboo7y ago· 2 in thread

How does open sourcing the server help you audit what their servers are running? There's no way to know if what's open source matches their running code, and if the security of the system depends on the server being open, it's not secure.

josh2600OP7y ago

Because if you don't trust it you can run the server yourself and see if the behavior is correct AND over time as we move to a world where servers become better able to verify the code they're running, we can improve the trust model.

Given the choice between having the server code open sourced or not, the choice that is higher trust has to be open source.

zeeboo7y ago

That's just false. You can get all of the trust information necessary from the client. It's exactly the same amount of trust.

edit: To be clear, even if they open sourced the server right now, I would not even look at the code to determine if running the client was safe. The only time I would care to look at the server code is if the client's correct operation depends on the server running specific code. If it doesn't do that, then the server code doesn't matter. And if it does do that, I wouldn't trust the system, anyway.

1 more reply

j / k navigate · click thread line to collapse