undefined | Better HN

0 pointsintricatedetail5y ago0 comments

No messenger is secure. You never know if the code that is being run is the same as reviewed. If you want true privacy, then you need to encrypt messages yourself (with e.g. PGP)

0 comments

7v3x3n3sem9vv5y ago

Signal messenger uses reproducible builds. You can compare the source code to the app that's published to the app store to confirm that they're being honest.

I don't know if any other competitors who do the same. As Signal messages are end-to-end encrypted, Even if their servers were compromised, your messages would still be secure. As they use a rotating key, unlike manually using PGP, even if one of the keys was intercepted, they would not be able to decrypt any of your other messages. Using PGP, if someone steals your private key, all your messages are now vulnerable.

https://signal.org/blog/reproducible-android/

290830113977785y ago

Wouldn't building (& hosting) the server, building the client, and communicating only with accounts using your server be just as good?

Note that this isn't just theoretical - there are governments using Matrix, but not necessarily federating with other instances.

generalizations5y ago

Ok, fair enough. I overstated it. I'm just wondering why it's not being discussed here.

j / k navigate · click thread line to collapse