this post was submitted on 25 Aug 2024
250 points (95.6% liked)

Technology

59554 readers
3406 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] umbrella@lemmy.ml 13 points 2 months ago (1 children)

also their encryption is proprietary. you can't actually know its good.

[–] pressanykeynow@lemmy.world -4 points 2 months ago (1 children)

That's incorrect, their client is opensource, you can check their e2ee yourself.

[–] todd_bonzalez@lemm.ee -5 points 2 months ago (1 children)

The encryption algorithm may be open source, but they rolled it themselves. It is proprietary encryption.

[–] pressanykeynow@lemmy.world 7 points 2 months ago (2 children)

Again, it's not, go to their github, check the code of the client, compile it yourself, and make a reproducible build to check that the client they ship to your phone is the same. You are talking nonsense.

[–] skeezix@lemmy.world 6 points 2 months ago

Todd is a known bullshitter

[–] todd_bonzalez@lemm.ee -2 points 2 months ago* (last edited 2 months ago)

You're not getting what I'm saying, because you don't understand what "proprietary" means in this context.

Proprietary encryption ≠ Proprietary code.

You can roll your own shitty novel encryption algorithm and license it under GPL if you want, it's still proprietary encryption in that Signal has its own unvetted encryption algorithm instead of using a trusted existing algorithm.

EDIT: How are people not understanding this?

Proprietary licensing is different from a proprietary way of doing things.

If you folks think that a GitHub repo and GPL license are all you need to vet an encryption algorithm, and you think that absolves an novel untested algo from being called "proprietary encryption" you're gonna get burned one day because your trust was built on not understanding encryption.

Signal built their own encryption algorithm. That's proprietary encryption. If you still think I'm wrong, pick up a dictionary, look up "proprietary" and "encryption", and you might just have a chance at understanding that "proprietary" is an adjective that can apply to a lot of different words.