Someone made a compilation of academic reviews and blogposts here: https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243 but none of them seem to be real security audit reports, ex. compare with real security audits to Delta Chat: https://delta.chat/en/help#security-audits
You can always look at their history “complying” to government orders to hand over user data.
https://signal.org/bigbrother/
No company is going to break the law for you, so live tests seem about as good as a security audit.
You can always look at their history “complying” to government orders to hand over user data.
IIRC by US law they are not allowed to disclose requests from US gov itself
so live tests seem about as good as a security audit.
I would rather prefer real security audits
I would also prefer a server in a jurisdiction that I choose as suitable for my needs. Or, better, a mini-computer on my balcony.
If you and your contacts are all Android, you can Use Briar. It has no central servers and all traffic go through Tor. Open Source and on Fdroid and recommended by privacyguides.org
Yeah, true - I have this installed but inactive for emergencies. It cannot, however, deliver messages when the recipient is offline, and I don’t know how much it drains the battery if left on. So not sure I’d use it as a daily messenger.
A security audit would be great, but their most recent request was from Santa Clara county, and several previous ones are also from US jurisdictions. You can read about the content of what they were able to provide to the courts.
They’re obviously private. And if you’re concerned about the app, use the fork Molly.
I guess I don’t see what more a security audit would reveal that we couldn’t deduce by examining the code or real-life examples.
deleted by creator
I only talk quietly in loud rooms, can’t trust Signal.
I only talk a mixture of Cantonese Mandarin and English in the Style of Shakespeare
Signal is a little sus. We should be applying pressure for them to allow federation. They don’t wanna remove the phone number requirement cos spam sure let everyone else we handle that u keep doing your thing with phone numbers and allow us to do ours and still communicate.
That is kind of naive.
“Allow federation” it’s not a simpke switch, it’s probably a full project of it’s own, and if they only hace X resources for development, taking on a big project like federation might just not be a priority.
yet the reason that “Signal is expensive” https://signal.org/blog/signal-is-expensive/ is because they didn’t go for a federated approach, they spend more money just to keep the servers running than resources spent on development
Not to mention the SMS bills
deleted by creator