Viewing a single comment thread. View all comments

potatoes wrote (edited )

My biggest two concerns:

  1. Although the server side software is (sometimes) published, there is no way to verify that the server is actually running that software.
  2. According to Signal TOS, nobody is allowed to build and distribute the Signal app except Signal foundation. I'm not sure if it has a reproducible build system.

Taken together, I am placing a lot of trust in the Signal Foundation.

3dit: there is a community fork/build of the client called Molly. Using it is violating the TOS, but I don't think the signal foundation can really tell which client you are using.


TheNerdyAnarchist OP wrote

If you're that concerned, there's also Session which takes care of the whole central server issue.

That said, at least as history shows, which is all we have to go off of, Signal doesn't provide anything useful to law enforcement.