We don’t know. We don’t have access to what’s running on their servers.
Aren’t they audited, tho?
(yes i know that the source code is available, but there’s no way to check if that’s the same thing running on the servers)
But isn’t this true for most services, such as Matrix as well? Nothing assures that a Matrix instance is running the exact code on git.
Usually the government goes there a just takes whatever is in the rack they want.
But if your threat model is the goverment, aren’t all services affected as well? If they want to take element’s servers, they will. If you selfhost and they want to take your server, they will?
The problem is that you have to trust them.
I feel like in communication apps you’re always going to have to rely on trust. Even if you self-host in a Swiss server, with the best intentions and security practices… Other people are going to have to trust you. You trust yourself, but others might not.
But isn’t this true for most services, such as Matrix as well? Nothing assures that a Matrix instance is running the exact code on git.
It’s valid for any server. But for signal messaging is even worse than the competitors because it’s centralized.
If you selfhost and they want to take your server, they will?
Correct. With signal there’s no way to escape the US government, but with matrix (or other federated protocol) you can make it harder, so it won’t be worth it the resources spent. You can also host it where the US government don’t have any reach.
Even if you self-host in a Swiss server, with the best intentions and security practices… Other people are going to have to trust you. You trust yourself, but others might not.
But who is more trustworthy? The US government or the swiss government?
Also, the point is to avoid american services. Signal is an american service.
Aren’t they audited, tho?
But isn’t this true for most services, such as Matrix as well? Nothing assures that a Matrix instance is running the exact code on git.
But if your threat model is the goverment, aren’t all services affected as well? If they want to take element’s servers, they will. If you selfhost and they want to take your server, they will?
I feel like in communication apps you’re always going to have to rely on trust. Even if you self-host in a Swiss server, with the best intentions and security practices… Other people are going to have to trust you. You trust yourself, but others might not.
It’s valid for any server. But for signal messaging is even worse than the competitors because it’s centralized.
Correct. With signal there’s no way to escape the US government, but with matrix (or other federated protocol) you can make it harder, so it won’t be worth it the resources spent. You can also host it where the US government don’t have any reach.
But who is more trustworthy? The US government or the swiss government?
Also, the point is to avoid american services. Signal is an american service.