Sure you should be suspicious. You should always be suspicious. Especially if it...

gruez · 2025-06-16T22:18:36 1750112316

>Like checking out Signlas Open Source code.

What's preventing them from serving a backdoored version? xz was open source as well, that didn't stop the backdoor. There might be reproducible builds on android, but you can't even inspect the executable on iOS without jailbreaking.

mos_6502 · 2025-06-17T04:15:07 1750133707

Signal designs their systems from the ground up to deliver verifiable trust mechanisms (via remote attestation) along with data minimization/zero-access encryption techniques.

Here’s one such example, which is also an interesting technical deep dive: https://signal.org/blog/building-faster-oram/

cherryteastain · 2025-06-16T23:02:33 1750114953

You can instead install a FOSS fork of Signal like Molly [1] built by F-Droid directly from the source code

[1] https://molly.im/

Tijdreiziger · 2025-06-17T02:52:30 1750128750

Isn’t that against Signal’s terms of service? Won’t they ban you?

sneak · 2025-06-17T03:21:42 1750130502

It is neither against the signal software’s license, nor it is against the signal service’s terms of service.

This is a false meme spread because the Signal founder (who is no longer with the company) didn’t like people making forks without changing the API server URL and running their own servers.

Open source software doesn’t work like that, however.

Tijdreiziger · 2025-06-17T05:06:42 1750136802

Whether they’re open source doesn’t matter (for this question). They control (their instance of) the server.

As you say, I do remember them issuing some threats about it, so it would be interesting to know if they’ve changed their stance on this.

(Discord, as an example, has banned users for using alternative clients.)

sneak · 2025-06-17T14:26:26 1750170386

Alternative clients are banned in the Discord TOS. The Signal TOS is on their website and doesn’t prohibit any clients.

Also, separately, the idea that you can only use a service with a certain client is dumb.

Imagine if a website said you can only use a certain browser, or they ban you. It’s ridiculous.

eviks · 2025-06-17T03:08:40 1750129720

How would that calm suspicion if you're not arr/ign-orant and understand that continuous security audit is practically impossible at an individual level?