I currently use Telegram for my friends and family, but have reluctantly come to the conclusion that the UK Government is either reaching agreement for backdoors with messaging services, or is trying its hardest to.
I’m also on Element/Matrix. Before I try to get my contacts to join me on there, should I be aware of any privacy issues or is that a good place to head?
That’s the signal app. The software which runs on their servers is proprietary.
No it’s not: https://github.com/signalapp/signal-server
TIL. Was it in the past?
There was a period where they didn’t push changes to the repo, but all the code was released afterwards and it’s been getting regular updates ever since. But it also doesn’t matter at all, since the Signal client is designed in a way that avoids putting trust in the server. Signal servers could literally be run by the NSA and it wouldn’t matter, as everything is fully end-to-end encrypted, including metadata. The Signal protocol was also updated to use post-quantum cryptography in 2023.
I’m with you on this, I strongly recall there was some sort of not fully open source portion of Signal at least at one point in time.
Edit: ya, they weren’t updating server for awhile, so while there is an open source server, they definitely weren’t running that code for awhile, and may not be running it today. Granted since the decryption happens client side, it shouldn’t matter what the server does to some extent.
https://www.androidpolice.com/2021/04/06/it-looks-like-signal-isnt-as-open-source-as-you-thought-it-was-anymore/
No, the server is on the github account linked above as well. The repo is here.
Signal however doesn’t federate and does not generally support third-party clients.