this post was submitted on 07 Feb 2025
380 points (99.0% liked)
Technology
63134 readers
3388 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
No it's not: https://github.com/signalapp/signal-server
TIL. Was it in the past?
I'm with you on this, I strongly recall there was some sort of not fully open source portion of Signal at least at one point in time.
Edit: ya, they weren't updating server for awhile, so while there is an open source server, they definitely weren't running that code for awhile, and may not be running it today. Granted since the decryption happens client side, it shouldn't matter what the server does to some extent.
https://www.androidpolice.com/2021/04/06/it-looks-like-signal-isnt-as-open-source-as-you-thought-it-was-anymore/
There was a period where they didn't push changes to the repo, but all the code was released afterwards and it's been getting regular updates ever since. But it also doesn't matter at all, since the Signal client is designed in a way that avoids putting trust in the server. Signal servers could literally be run by the NSA and it wouldn't matter, as everything is fully end-to-end encrypted, including metadata. The Signal protocol was also updated to use post-quantum cryptography in 2023.