Signal is working on a standalone version of its desktop app that does not require a smartphone. Signal Desktop will also gain additional options when used as a linked device.
Signal’s end to end encrypted, yes… But we do the key exchange process through Signal’s servers, don’t we? How do we know they don’t store copies of the keys? Does the client have a mechanism in place to make sure the man in the middle doesn’t do anything funny? I haven’t actually delved very deep into the code, but it sounds like I should.
And… Sure, their server code may be open source too, but nobody guarantees that that’s the code actually running on their servers.
A US organization can be required by law to lie when they are contacted by the government under extreme penalties if they don’t do as they are told. There is no proof that Signal is really posting their real demands. They could be actually required to post everything except certain demands marked secret.
You know, I’ve been thinking…
Signal’s end to end encrypted, yes… But we do the key exchange process through Signal’s servers, don’t we? How do we know they don’t store copies of the keys? Does the client have a mechanism in place to make sure the man in the middle doesn’t do anything funny? I haven’t actually delved very deep into the code, but it sounds like I should.
And… Sure, their server code may be open source too, but nobody guarantees that that’s the code actually running on their servers.
deleted by creator
A US organization can be required by law to lie when they are contacted by the government under extreme penalties if they don’t do as they are told. There is no proof that Signal is really posting their real demands. They could be actually required to post everything except certain demands marked secret.
They ship their app with blobs, so we cannot verify what their app is doing.