Viewing a single comment thread. View all comments

josefStallman wrote

Signal uses their own encryption algorithm that hasn't been extensively examined as other algorithms, and it's use of centralised servers poses problems as well.

3

malifica wrote

I mean like the Double Ratchet Protocol is also used by

  • OMEMO
  • Matrix
  • Wire
  • WhatsApp (eww)

It's not exactly an obscure algorithm.

The Signal protocol has also undergone formal analysis, where it has been determined to be cryptographically sound.

I'm curious as to what you recommend people use over the Signal protocol. Not PGP, I hope.

--

There are valid concerns for Signal as software.

  • Signal is Mobile-Centric

Phones are generally not secure devices. There are a variety of concerns related to trusting phones.

  • Signal is Centralized

Your metadata can be used to determine a lot about you.

  • Signal is Difficult to Compile from Source

Because it is a mobile app and officially recommends installation from Google Play.

  • Signal's Desktop App is a Steaming Pile of Electron Shit

Seriously, it's awful.

--

But none of these very valid concerns are strikes against the Signal protocol. The Signal protocol is secure (as far as we know), and used by some truly brilliant software (like OMEMO).

1