They may be sponsored by the US Government, or by cryptographers with ties to the government.

https://thebaffler.com/salvos/the-crypto-keepers-levine

It’s a long read, but it’s quite good. Here’s a snippet to whet your palate where he describes some of the prominent people behind these projects:

At least that’s how they saw themselves. My reporting revealed a different reality. As I found out by digging through financial records and FOIA requests, many of these self-styled online radicals were actually military contractors, drawing salaries with benefits from the very same U.S. national security state they claimed to be fighting. Their spunky crypto-tech also turned out, on closer inspection, to be a jury-rigged and porous Potemkin Village version of secure digital communications. What’s more, the relevant software here was itself financed by the U.S. government: millions of dollars a year flowing to crypto radicals from the Pentagon, the State Department, and organizations spun off from the CIA.

For context: I have become very interested in the debate amongst app users such as Telegram, Signal, Threema, etc… and I know that many people claim that Signal is the very best amongst all of them but there’s something really sketchy about its location (US based) and the fact that the government can for anyone to comply with their orders and forbid them from telling anyone about it via gag orders (see Durov’s comments on this: https://t.me/durov/59).

Both are fascinating reads, and certainly help me appreciate platforms like Telegram and Threema even more. Regarding Threema, today they posted a comparison between their app and the competition, and found this interesting tidbit regarding Signal:

https://threema.ch/en/blog/posts/messenger-comparison-2021

Signal enjoys an outstanding reputation among experts, and it’s certainly a good alternative to WhatsApp. However, just like WhatsApp, it requires users to disclose personally identifiable information: Providing a phone number is mandatory. As a US company, Signal is also subject to the CLOUD Act, which entitles US authorities to access data from IT service providers that are based in the US.

Also: I just learned that FB spends millions of dollars every year on marketing and trying to influence people to not use platforms such as telegram.

  • oriond
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    4 years ago

    It has always created a conflict to me the fact that Signal is open source and yet there are no forks out there. You would think someone would come with a fork outside the US or something.

    Sometimes I have even thought that Signal may be a social engineering effort from the NSA, or some three letter agency to bring and spy on all the “people that have something to hide” I mean, wouldn’t it be brilliant?

    Besides, on any centralized service, you never know that they are actually running the published “open source” code and not a modified one.

    For security, I would go to Matrix in a self hosted server.

    *Edit: minor typos

      • nutomicA
        link
        fedilink
        arrow-up
        10
        arrow-down
        1
        ·
        4 years ago

        There reason there are no big third party clients is that the devs don’t want to have to deal with bugs in third party clients/maintaining API stability etc… Also, a bad implementation could potentially lead to compromising the Security of the people using it.

        That is no reason to prohibit f-droid.org from compiling Signal from source and distributing it. That point alone is very suspicious for me.

        The whole point of Signal is that everything is E2EE, so you don’t even have to trust the server.

        You have to trust the Google Play server that the Signal apk it sends is actually built from the published source code.