Here is their own marketing explanation. I remember this, because coincidentally, this was one the first times I heard of Signal. Not a good first impression 💁🏻♀️
The whole point of end-to-end encryption is that you don’t have to trust their server: it cannot read your messages. Then for metadata, the question is about what metadata they are receiving at all (if they don’t receive it, then you don’t care if the server is proprietary) and what they do with it (e.g. for the private contact discovery, the idea is that you can verify that the code receiving your contact list is doing what it should (it’s open source), and you can verify that this code is the one running in the secure enclave.
You don’t need the whole server to be open source: only the important parts.
For the purposes of security and encryption, you’re right, and that’s not why it looked bad.
For someone coming from open protocols like email, XMPP, atom, and Fedi, it was not a good first impression to see their system grown ever more owned-by-them.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.ml
Subscribe to see more stories about technology on your homepage
What’s that closed-source server side? What does it do? Source?
Here is their own marketing explanation. I remember this, because coincidentally, this was one the first times I heard of Signal. Not a good first impression 💁🏻♀️
The whole point of end-to-end encryption is that you don’t have to trust their server: it cannot read your messages. Then for metadata, the question is about what metadata they are receiving at all (if they don’t receive it, then you don’t care if the server is proprietary) and what they do with it (e.g. for the private contact discovery, the idea is that you can verify that the code receiving your contact list is doing what it should (it’s open source), and you can verify that this code is the one running in the secure enclave.
You don’t need the whole server to be open source: only the important parts.
For the purposes of security and encryption, you’re right, and that’s not why it looked bad.
For someone coming from open protocols like email, XMPP, atom, and Fedi, it was not a good first impression to see their system grown ever more owned-by-them.