We don’t know. We don’t have access to what’s running on their servers. (yes i know that the source code is available, but there’s no way to check if that’s the same thing running on the servers). And this is a problem for me: i have to trust a walled garden.
The government seizing an entire batch of amazon servers seems unrealistic
Usually the government goes there a just takes whatever is in the rack they want. Screw the legal business that are there. That’s what happened with the pirate bay raid. If the US government wants to shut it down. It just needs to knock on the amazon door.
the data would be encrypted anyway. Do they even store messages on servers, anyway?
The problem is that you have to trust them. You have to trust a chain of organizations based in the US.
Signal pays millions (who pays for this? i have my doubts that monthly donations will pay for this forever) to amazon for the servers. So using them and sending them money is the same as giving money to amazon.
If you are fine with these risks, then use it. Better using signal than using messenger and whatsapp.
We don’t know. We don’t have access to what’s running on their servers.
Aren’t they audited, tho?
(yes i know that the source code is available, but there’s no way to check if that’s the same thing running on the servers)
But isn’t this true for most services, such as Matrix as well? Nothing assures that a Matrix instance is running the exact code on git.
Usually the government goes there a just takes whatever is in the rack they want.
But if your threat model is the goverment, aren’t all services affected as well? If they want to take element’s servers, they will. If you selfhost and they want to take your server, they will?
The problem is that you have to trust them.
I feel like in communication apps you’re always going to have to rely on trust. Even if you self-host in a Swiss server, with the best intentions and security practices… Other people are going to have to trust you. You trust yourself, but others might not.
But isn’t this true for most services, such as Matrix as well? Nothing assures that a Matrix instance is running the exact code on git.
It’s valid for any server. But for signal messaging is even worse than the competitors because it’s centralized.
If you selfhost and they want to take your server, they will?
Correct. With signal there’s no way to escape the US government, but with matrix (or other federated protocol) you can make it harder, so it won’t be worth it the resources spent. You can also host it where the US government don’t have any reach.
Even if you self-host in a Swiss server, with the best intentions and security practices… Other people are going to have to trust you. You trust yourself, but others might not.
But who is more trustworthy? The US government or the swiss government?
Also, the point is to avoid american services. Signal is an american service.
We don’t know. We don’t have access to what’s running on their servers. (yes i know that the source code is available, but there’s no way to check if that’s the same thing running on the servers). And this is a problem for me: i have to trust a walled garden.
Usually the government goes there a just takes whatever is in the rack they want. Screw the legal business that are there. That’s what happened with the pirate bay raid. If the US government wants to shut it down. It just needs to knock on the amazon door.
The problem is that you have to trust them. You have to trust a chain of organizations based in the US. Signal pays millions (who pays for this? i have my doubts that monthly donations will pay for this forever) to amazon for the servers. So using them and sending them money is the same as giving money to amazon.
If you are fine with these risks, then use it. Better using signal than using messenger and whatsapp.
Aren’t they audited, tho?
But isn’t this true for most services, such as Matrix as well? Nothing assures that a Matrix instance is running the exact code on git.
But if your threat model is the goverment, aren’t all services affected as well? If they want to take element’s servers, they will. If you selfhost and they want to take your server, they will?
I feel like in communication apps you’re always going to have to rely on trust. Even if you self-host in a Swiss server, with the best intentions and security practices… Other people are going to have to trust you. You trust yourself, but others might not.
It’s valid for any server. But for signal messaging is even worse than the competitors because it’s centralized.
Correct. With signal there’s no way to escape the US government, but with matrix (or other federated protocol) you can make it harder, so it won’t be worth it the resources spent. You can also host it where the US government don’t have any reach.
But who is more trustworthy? The US government or the swiss government?
Also, the point is to avoid american services. Signal is an american service.