• adbenitez@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      8
      ·
      2 days ago

      You can always look at their history “complying” to government orders to hand over user data.

      IIRC by US law they are not allowed to disclose requests from US gov itself

      so live tests seem about as good as a security audit.

      I would rather prefer real security audits

      • EngineerGaming@feddit.nl
        link
        fedilink
        arrow-up
        3
        ·
        1 day ago

        I would also prefer a server in a jurisdiction that I choose as suitable for my needs. Or, better, a mini-computer on my balcony.

          • EngineerGaming@feddit.nl
            link
            fedilink
            arrow-up
            3
            ·
            1 day ago

            Yeah, true - I have this installed but inactive for emergencies. It cannot, however, deliver messages when the recipient is offline, and I don’t know how much it drains the battery if left on. So not sure I’d use it as a daily messenger.

      • Telorand@reddthat.com
        link
        fedilink
        arrow-up
        4
        ·
        2 days ago

        A security audit would be great, but their most recent request was from Santa Clara county, and several previous ones are also from US jurisdictions. You can read about the content of what they were able to provide to the courts.

        They’re obviously private. And if you’re concerned about the app, use the fork Molly.

        I guess I don’t see what more a security audit would reveal that we couldn’t deduce by examining the code or real-life examples.