Signal massively downloaded amid rising tensions, number one in Denmark - AboutSignal.com
aboutsignal.com
Signal most popular communication app in Google Play Store Denmark. People are looking for a safer alternative to WhatsApp.

Granted, the part

The globally recommended app by privacy and security experts, Signal, is now being downloaded massively and tops the Danish Google Play Store

is a little ironic, but you gotta push this winning tide and then work from that.

  • Vincent@feddit.nlEnglish
    2·
    2 days ago

    What could a client detect? Signal is a US company and will comply with the government. The server can’t be trusted.

    As mentioned before, it could detect that the server is not running the published source code. So long as it’s untampered with, and the published source code is trusted, the server can be trusted. And again, for message encryption that is only an additional layer of protection; the messages are encrypted before reaching the server, so even if the server was malicious, it still couldn’t see the contents. That’s the whole point.

    They can detect if a different app was installed from the store on their phone

    I think you’re conflating points here - the detection was about detecting whether the server had been tampered with.

    I’m not sure what specifically you’re arguing for, here. It would’ve been nice for Signal to not have been in the US, and it can be coerced to stop working altogether, but your communication is at least as safe as any other app, at least the ones of comparable usability. Or are you’re just saying we’re all lost anyway and we might just as well give up and communicate via public Twitter posts?

    • plyth@feddit.orgEnglish
      1·
      6 hours ago

      it could detect that the server is not running the published source code.

      How? The clients can only notice if the API works as specified. The server can constantly be replaced without anybody noticing.

      is at least as safe as any other app, at least the ones of comparable usability. Or are you’re just saying we’re all lost anyway

      So you know the problems of the servers.

      • Vincent@feddit.nlEnglish
        2·
        55 minutes ago

        How? The clients can only notice if the API works as specified. The server can constantly be replaced without anybody noticing.

        See the link I posted before about the secure enclave. (Note that I could’ve been clearer before: it’s not specifically the Signal client app that needs to detect server tampering; any software could.)

        So you know the problems of the servers.

        So what are you saying? Don’t use anything that has a server? (To be fair, I think it’s a good idea to have pure peer-to-peer apps installed as well, but for most situations that would still just come down to “do not communicate digitally at all”.)

        • plyth@feddit.orgEnglish
          1·
          23 minutes ago

          See the link I posted before

          Ok, that’s good.

          So what are you saying?

          That there is risk to rely on the server. It’s unavoidable but should not be neglected.