There also was this one controversy they had with F-Droid. To be on F-Droid, you have to let them build the binaries, because otherwise they'd be shipping untrusted blobs. They demanded an exemption and got promptly denied, so there's that. Their official client also uses Google's push notification services, breaking on deGoogled ROMs. And to top that off, their Git is updated in giant commits like "Released verison X", which makes independent code review challenging. And they require a phone number, which goes against some people's threat model.
The initial funding for Tor came from the Navy (where it was created) and the State Department (where it was helpful for Arab spring)
Association with the CIA or In-Q-Tel is not necessarily a bad thing. They have unique requirements for operational security like many other Signal users?
The CIA has access to zero-days. They will just use those for targeted attacks and are generally not in the business of mass surveillance? Whereas the FBI and NSA sorta are to achieve their respective mandates
The State department has since walked back its love for international freedom of speech with the populist movement in Brazil. They’re active in suppressing speech there, just like they were in promoting it in the Middle East.
Notably they want it more widely used because it's really not useful if the only people that connect to Tor are spies. Makes finding spies super easy ("X connected to Tor. Okay, let's go arrest X"). How do you prevent that? Doesn't take a genius to figure that out...
Similarly, CIA/Navy/whatever doesn't want their tools to have zero-days. You might think "zero-days for me, but not for thee" but come on... we all know that doesn't work. If there's an exploit, the exploit works for anyone. You may have an edge in knowing where to look, but you're not going to maintain that edge for long. Worse, good luck finding out if someone else finds out. How do you prevent adversaries from exploiting your tools? Doesn't take a genius to figure that out...
I really hate these conspiracies. Like come on. Yeah, we should be highly critical of US spy agencies and apply a lot of scrutiny. But not everything they touch results in a landmine. They aren't all powerful gods. And they're up against some serious adversaries like China, Russia, and yes, Israel, and the most important one of them all... themselves! Spooks are spooks. They don't trust their neighbors, they don't trust themselves.
And if they were omniscient, surely they'd know the very first rule of security: if there's a backdoor, somebody will find it at the least conveniently possible time.
In a statement, WikiLeaks indicated that the initial stockpile it put online was part of a broader collection of nearly 9,000 files that would be posted over time describing code developed in secret by the CIA to steal data from a range of targets. WikiLeaks said it redacted lists of CIA surveillance targets, though it said they included targets and machines in Latin America, Europe and the United States.
"Russia Today was for 10 years almost the only way to know what's really going on in my country".
I'm only being half-sarcastic. RT will cover factual issues about Western countries that the state-endorsed media won't. But they're still disinformation outlets that should be consumed with a massive grain of salt, just like RFE and RFA.
That's a ridiculous take. Yes, Russian propaganda works best when they are based on a grain of truth, and it often is. However, it is just that - a propaganda machine serving a dictator.
Radio Free Europe was/is not a propaganda outlet any more than the BBC is a propaganda outlet (in fact, this is why Trump hates it). To an authoritarian, free press looks like propaganda.
Showcasing what makes your society great is propaganda only inasmuch as it casts the failures of other models into sharper relief. Liberal democracy is not a propaganda trick, it's just better.
I mean… yes the BBC is very much a propaganda outlet as is every single modern media organization. People who claim their media isn’t propaganda have already been brainwashed.
BBC right before the brexit vote was like: "now we listen to this well spoken university professor tell us why brexit will fix all our problems", and then, to offer balanced views: "we will listen to this random person who likes europe and we picked from a street 3 minutes ago so they don't have a nice coherent speech and will sound like they're stupid"
I'm sorry but this is such a midwit take. Your uber-skepticism of "every single modern media organization" does not make you a savvy free-thinker, it just makes you more likely to fall down some gibbering conspiratorial rabbit hole on youtube or tiktok.
Yes, media entities have biases and viewpoints; no, that doesn't make them propaganda organs.
> The Pentagon's internal watchdog criticized a former official's use of the Signal app in 2021, calling it a breach of the department's "records retention policies" and an unauthorized means of communicating sensitive information.
> "Signal is not approved by the DoD as an authorized electronic messaging and voice-calling application," the report asserted, adding that "the use of Signal to discuss official DoD information does not comply with Freedom of Information Act requirements and DoD's records retention policies."
The highest military council in the country uses Signal to communicate. I think violating FOIA is probably part of the appeal. Or they use that modified Israeli client that stores messages to address those concerns.
They don't use Signal. They use an app that wraps around Signal. There is in fact a difference. Specifically because the purpose of that app is to do exactly what you're accusing Signal of doing. If Signal already did this... why would they pay for the other app?
> - They claim federation is impossible… yet matrix has it.
I believe the claim was that it's hard to adapt to changing markets and be federated [1]. Comparing Signal's market share to Matrix's is obviously not a direct cause-and-effect, but Matrix hasn't yet proven that you can get mass adoption that way.
> - They claim openness but are actively hostile to linux distributions and f-droid.
I'm too lazy to find the specific GitHub comment, but IIRC there was a specific list of features they'd need to actively support F-Droid. It is now available in the Guardian Project's F-Droid repository though [2].
No, but Signal doesn't have to prove that centralised services can be successful: other services have already done that for them.
At the same time, it has reached far more regular users than Matrix has. I believe market penetration is at about 15% here in the Netherlands, which is a ways off from WhatsApp, but a pipe dream for Matrix.
> Nothing about any of the protocols we’ve developed requires centralization; it’s entirely possible to build a federated Signal Protocol-based messenger, but I no longer believe that it is possible to build a competitive federated messenger at all.
> They claim full open source but for several years they did not release the server.
Specifically, they didn't publish the source for their server-side from 20 April 2020 to 6 April 2021 [0] while they secretly added a cryptocurrency payment system to which Moxie was a paid technical advisor [1], which Moxie denied they were doing in January 2021 [2].
See? Mostly nerdy stuff. Like these complaints are weird to put side by side with how we'd critique all the big companies. Its not that we shouldn't critique them (we should) it is that it's weird when we are discussing big tech and act like companies like Signal, Mozilla, ffmpeg, or whatever aren't good models to look up to because they aren't perfect. Because right now the alternative is the status quo.
I mean the critiques are mostly valid but wanted to point out they're mostly technical.
I really wish the server was fully open. I feel like that could actually create a mixed federated ecosystem. At worst be optional, right? I can get where he's coming from (and now Meredith), but I think there's a lot of value in it and they've solved hard problems before. Even just the ideas of mesh nets in local areas could be a real win for privacy and security.
Being a Linux user and signal user for quite some time I'm confused at that critique. What's hostile? That it's electron? I mean that does suck but I've used various open source desktop versions and some TUIs. No real issues so far. What am I missing?
Generally the talk I hear about government money is implications of back doors. Just seems like they are more interested in getting encrypted communications into other people in other countries hands. At least that's my understanding of the mission of the organization that's funding them. They'd want that as secure as possible. Government isn't a single entity. If the complaint is morally taking money from the government, yeah it was a weird move. Kinda seems out of character. But not too crazy. Personally I'm okay if they aren't building weapons and there's no strings attached. My understanding is it's not enough money to justify that.
They're not really technical. If you say you do reproducible builds and you don't it's just… dishonesty?
Like selling you no chemical fertilisers vegetables and then using them anyway.
It's hostile because they want you to use their binary build… which you don't know if it corresponds to the source they have online. And can't verify due to the binary blob.
edit: you trust the USA army to not ask any control in exchange for that money? Remember there's no reproducible builds really, and that installing via app store which is linked to an account is very easy to send vulnerable versions to journalists or whistleblowers.
I don't know how you say "not technical" and "reproducible builds" in the same breath.
Look, I'm mostly with you. My point is that the issues we argue over are only things us nerds care about. Not the average person.
> you trust the USA army to not ask any control in exchange for that money?
Warrants suspicion, for sure. I stated so.
From what I know, the money was not through the military. It was through Radio Free Asia, an organization suspected to have ties to the CIA. Notably, the CIA is concerned with foreign targets, not at home. So like I argued, it is entirely reasonable for "the government" to want perfectly encrypted communication systems in the hands of people they want overthrowing a current regime while also not wanting that service to be used at home.
The government isn't a single super intelligent entity working together. It is a fucking shit show of organizations (and sub-organizations) with entirely opposing goals.
They're a non-profit... their books are open. If you are really concerned, switch to Molly. Or idk, use iMessage, WhatsApp, or Telegram. Because those have far less suspicion, right? Sure, you could use Matrix, but I can't get my grandma to use Matrix, but I can Signal. I'll take what I can get.
I never hated on Signal, on the contrary I recommend it too many people but I can say that the energy consumption on Android is in many cases abysmal for multiple years now and related issues in the Github issue tracker are being ignored. This is for me unacceptable for someone claiming to build high quality software and accepting my donations.
Signal spends a lot of time doing things it doesn't need to do.
For example: Signal doesn't need a cryptocurrency implementation. Signal does need a commercial product offering so they're not just donation funded (there's several obvious, useful applications here - they're doing none of them).
