Signal Is Finally Bringing Its Secure Messaging to the Masses https://www.wired.com/story/signal-encrypted-messaging-features-mainstream/
@micahflee I like the warning about adding more complexity to Signal, and I especially like the example of the Intel feature. That is probably too proprietary to be aided by free software hackers in the event of an exposed vulnerability. Even before exposing a vulnerability, there are probably less people allowed to study the Intel code, so there's less chance of someone finding vulnerabilities.
@micahflee *coughs* Signal Is Finally Bringing Its Centralized Messaging with Goggle Surveillance™† blobs in its APK to the Masses.
It's still up to the user if they want to use Signal on a phone that utilises Google's infrastructure. Signal works just fine without FCM/GSF.
And i would be very surprised if Signal actually ships any proprietary blobs. I'm pretty sure it simply talks to a proprietary API, which 99% of users have on their phones anyway (Google Play Services).
[Sarcasm] of course don’t worry, tapping into a centralized infra of security providers is not a thing. Nothing suspicious in those blobs.
Don’t verify, just trust.
@fll @micahflee That’s your reasoning?—Ignoring linked resources, explanation what ‘implementation’ (former ‘compile’) does in Gradle, direct links to code and the easy task of downloading APK and de‑compiling it?
Providing a verifiable resources is FUD? Maybe I assumed too much from an account on infosec.exchange.
25b7b627614d9351332e3d8d4ed1726e1979317bce6dc09bdf3a966c1ba9471f Signal-website-universal-release-4.55.8.apk → Signal-website-universal-release-4.55.8/smali/com/google/*
No further explanation regarding the technical details? It's just "proprietary code=bad"? Code that I assume is used to be able to use FCM on phones that have GSF installed anyway, and that way avoid the pop-up that warns about battery use.
If you looked at that proprietary code and can see what it does I would very much appreciate further explanation.
It's just that reading your comments i got reminded of a lot of comments putting libre as the only aspect about software, that often ignore important aspects like security and usability for inexperienced users.
@micahflee Really looking forward seeing more people use it and ditch Whatsapp.
They even distribute the APK directly on their website, though I had to use a DispVM with vanilla chromium to actually get the JS to load the latest download link :\
Good news, thanks for pointing out @MichaelAltfield !
I will do some testing soon.
@tapaniraja @setthemfree @micahflee IANA Android dev, but I do believe you're correct. And that was Moxie's defense for requiring gapps for so long, demanding that the community first come up with an alternative.
There's also microG, but I'm not sure how that fits into Signal or push services.
Most messaging apps support polling..
Moxie clearly doesn’t care about the long tail of free/open source users. Signal is targetted to majority of users that do also have Google Play installed.
As for push there is OpenPush for free software: https://f-droid.org/en/2020/02/03/openpush-talk.html
> Using FCM also requires the inclusion of the proprietary FCM client library into open source Android apps like Signal, Wire or even Firefox, which makes them effectively non-free software which cannot be distributed via the fully free F-Droid software repository.
I guess that's the blob mentioned earlier ITT preventing Signal in F-Droid.
You’re most welcome to try to contact Signal (I'd be interested in reading the response too). But given how, cough, cough, “open”, they were towards LibreSignal I wouldn’t hold my breath: https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165
@micahflee I took the headline to mean that Signal would finally be available on F-Droid. Or Signal Desktop would finally be available to users without having to link it to a phone number.
No, I take it to mean that Signal is on-path to add a "GIF" button to their UI that'll leak their oh-so-secret messages right out to thiird parties (ie: giphy) like Wire had done in the interest of making their app more accessible to the "masses"
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!