On Sun, 23 Aug 2020 14:03:21 +0300 Andrei POPESCU <andreimpope...@gmail.com> wrote:
> On Vi, 21 aug 20, 13:07:56, Charles Curley wrote: > > On Fri, 21 Aug 2020 13:31:00 -0500 > > Paul Johnson <ba...@ursamundi.org> wrote: > > > > > GnuPG. It's in Debian, there's Windows versions on its website, and > > > it's not some mystery box like Signal. > > > > ++ > > > > It also has the advantage that the cryptext will stay encrypted on any > > intermediate servers. WhatsApp and Signal claim their traffic is, but > > one must take their word for it. > > Signal is free and open source software. > > Please do feel free to inspect the source code for potential back doors > or vulnerabilities. I do use Signal on mobile, and I want to like it, but there are a few things about it that just really bother me (these may not be relevant to the OPs situation): 1) The requirement of associating accounts with (real, working) phone numbers. 2) The (current) refusal [1] to provide an option to export messages into a format easily accessible by the user. (I know, I can read and try to understand Signal's code, and then write my own decryptor - thanks, Signal). 3) The strong encouragement of the use of Google's Play Store to install the mobile app, and the strong discouragement of other, FLOSS compatible, methods of installation. [2] Discussion of these and many other issues with Signal: [3] I'm just a user, and not a very advanced one at that, but I can't get away from the feeling that Signal is somewhat user-hostile, with an attitude of "Trust us - Moxie is a legend, our code is great (and FLOSS), and we really care." All true, to be sure, but still. [1] https://github.com/signalapp/Signal-Android/issues/7586 [2] https://signal.org/android/apk/ [3] https://github.com/privacytools/privacytools.io/issues/779 Celejar
