Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday March 18 2020, @05:47PM   Printer-friendly
from the sending-a-signal-to-use-signal dept.

The Signal messaging progam is now the favored messaging program for the European Commission instead of proprietary messaging programs. The decision was made last month, in February, to prefer it for both internal and external communication.

The Signal open source software is written in JavaScript, TypeScript and CSS and published on GitHub under a General Public Licence v3.0[*] (GPLv3). In particular, the clients are published under the GPLv3 license, while the server code is published under the GNU Affero General Public License v3. The software contains the following features:

  • Voice and video calls to other Signal users;
  • Text messages, files, voice notes, pictures, GIFs, and video messages to other Signal users;
  • Group messaging;
  • Set deletion timers for messages on both the sender and the received devices.

All communications to other Signal users are free of charge and automatically end-to-end encrypted.

[*] Link in source was malformed (lacked URL). Updated to point to official GNU document. --martyb


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by richtopia on Wednesday March 18 2020, @11:07PM (3 children)

    by richtopia (3160) on Wednesday March 18 2020, @11:07PM (#972955) Homepage Journal

    It is good, but not perfect. There was attempts to federate the system, but this was quashed by the developer. I discovered this a few weeks ago when my friend told me to get Signal, the open source encrypted messenger, but I couldn't find it in F-Droid!

    https://en.wikipedia.org/wiki/Signal_(software)#Federation [wikipedia.org]

    While I complain, I don't have a good alternative in mind.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 3, Interesting) by Anonymous Coward on Thursday March 19 2020, @01:56AM (1 child)

    by Anonymous Coward on Thursday March 19 2020, @01:56AM (#973017)

    Matrix is open source, federated, and also has E2E encryption (also OTR-based like Signal). I set it up recently and it's definitely in need of some polish, but it works.

    • (Score: 1, Interesting) by Anonymous Coward on Thursday March 19 2020, @02:38AM

      by Anonymous Coward on Thursday March 19 2020, @02:38AM (#973026)

      The initial bootstrap for Tox is NOT decentralized, since you have to get the initial DHT from somewhere, but after that it goes user to user or user relay user with only key, endpoint and packet data visible to the relays if you are not operating peer to peer over clearnet. Given the dangers of servers shutting down in the federation sense, I think Tox's system adds more portability if more people were to run their own relays, and more apps had a slot in them for adding priority relays (currently you have to add them in the tox.ini file manually which is obviously beyond most modern day users, leaving metadata connecting user accounts available.)

  • (Score: 5, Informative) by TheRaven on Thursday March 19 2020, @09:55AM

    by TheRaven (270) on Thursday March 19 2020, @09:55AM (#973109) Journal
    I consider Signal an adequate compromise. It does have a centralised component, which is not ideal as a single point of failure, but has very little privacy impact. When they had requests for data from the FBI, the only thing that they were able to present was the last time the person in question had logged into the service. Messages are encrypted and padded. They can tell (but promise not to record) the first time you send a message to someone, but after that you have their public key and so you don't need to identify yourself to the service to be able to send the second message (you leave it anonymously, signed with your key then encrypted with the recipient's and the recipient grabs it and decrypts it, discarding the message if it doesn't have a valid signature).
    --
    sudo mod me up