Oddbean new post about | logout
rabble | 2 months ago (raw) | root | parent | reply | flag +2 
 I think it’s exceedingly unlikely signal is compromised given the way they are open source with various ways of verifying builds.
MarcG | 2 months ago (raw) | root | parent | reply | flag +1 
 Rabble- doesn't it impossible to really answer if we don't know what code runs server-side? 

Also, FYI There is the Molly fork of signal which is FOSS including push notifications, and which still connects to the signal servers.
graffiti | 2 months ago (raw) | root | parent | reply | flag 
 If you find yourself forced to use a network that is under the control of, designed by and/or operated by a potential adversary, then you're going to need end to end encryption.

- Phil Zimmermann
JeffG | 2 months ago (raw) | root | parent | reply | flag +3 
 Yeah. I think the encryption is unlikely to be compromised. But given the centralized identity servers the metadata could easily be compromised.