• 0 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: June 25th, 2023

help-circle
  • I agree that signal has a more robust security model. What I mean is that itbhasbalso habe risks, and a lot of people are ignoring it.

    The backdoor could be a sleeping function activated from outside to targets of interest or ‘special’ updates from the google store (i.e.: with the help of google install a different version of the app to the target). But I’m not a security nor android expert, and it’s all theoretical if this attack vector is possible, but I think that is unlikely.

    Also, if the NATO country where I live wants to spy my mobile, it would use Pegasus 🤷🏽‍♀️

    Off topic: The Signal reproducible builds don’t work since, at least, may.


  • Signal can add backdoors to their own app and, if the app get compromised (or the device) the security of the encryption model is not relevant. It’s the reason because I see comparable Signal and Telegram.

    Signal is open source, but (info based in this 3 years old thread on f-droid):

    1. Have binary blobs and propietary dependencies.
    2. Don’t let reproducible builds.
    3. It’s hostile to forks (they blocked libreSignal from their servers)
    4. Don’t want independent builds from f-droid (nor any fork in f-droid)

    Which no seems FOSS friendly.