undefined | Better HN

0 pointslmm5y ago0 comments

> I thought Signal was open source, and the distributed binaries matched the source

This is sort of true. The source is published and you can build your own binary. But given that you can't distribute Signal outside of official stores and can't pin the version in those official stores (unless you turn off updates on your phone entirely), it's not actually practical to run an audited version, yet alone to make your own changes to the code.

> and that is was allowed to run your own servers. Are the servers even open source?

EDIT: apparently there is now (purported) server source available, not that that means much when there's no way to even know which code a given server is running, yet alone run a server with different code. They claim that their E2E encryption means control of their servers doesn't matter, but their protocol analyses doesn't actually think about what an attacker might be able to do at the server level, IME.

> Are there lirerature regarding the technical/conceptional bits Element/Matrix? What is the tradeoff there?

It uses either the same ratchet protocol as Signal or a very similar one. E2E for group chats is more complicated but I don't think you're giving up anything.

0 comments

2 comments · 2 top-level

lrvick5y ago

I largely agree with you but I don't want to see misinformation spread even when it supports my view.

The signal server source code is open source now in theory, you are just not permitted to run your own server and have it join the Signal network. We have to take their word for it that they are running the code they publish.

90ctemp5y ago

> servers are closed-source. Th

They are open source. Please see github.

j / k navigate · click thread line to collapse