Someone made a compilation of academic reviews and blogposts here: https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243 but none of them seem to be real security audit reports, ex. compare with real security audits to Delta Chat: https://delta.chat/en/help#security-audits
You must log in or register to comment.
You can always look at their history “complying” to government orders to hand over user data.
https://signal.org/bigbrother/
No company is going to break the law for you, so live tests seem about as good as a security audit.
You can always look at their history “complying” to government orders to hand over user data.
IIRC by US law they are not allowed to disclose requests from US gov itself
so live tests seem about as good as a security audit.
I would rather prefer real security audits
I would also prefer a server in a jurisdiction that I choose as suitable for my needs. Or, better, a mini-computer on my balcony.
If you and your contacts are all Android, you can Use Briar. It has no central servers and all traffic go through Tor. Open Source and on Fdroid and recommended by privacyguides.org
Yeah, true - I have this installed but inactive for emergencies. It cannot, however, deliver messages when the recipient is offline, and I don’t know how much it drains the battery if left on. So not sure I’d use it as a daily messenger.
Signal is a little sus. We should be applying pressure for them to allow federation. They don’t wanna remove the phone number requirement cos spam sure let everyone else we handle that u keep doing your thing with phone numbers and allow us to do ours and still communicate.
That is kind of naive.
“Allow federation” it’s not a simpke switch, it’s probably a full project of it’s own, and if they only hace X resources for development, taking on a big project like federation might just not be a priority.
