As mentioned in the comments, plain text keys aren’t bad because they are necessary. You have to have at least one plain text key in order to be able to use encryption

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      The back end is open source, but sometimes they’ve lagged years behind releasing the source code. Other developers have stood up copies of the signal network. Session, for example.

      You can self host your own signal, but it’s not federated, so you’d have nobody to talk to

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          4 months ago

          It’s absolutely FOSS. It is not, however federated. But that is not a requirement to be free and open source software

          You can use the code, however you want, in any project you want.

          • hedgehog@ttrpg.network
            link
            fedilink
            arrow-up
            0
            ·
            4 months ago

            It isn’t, because their business practices violate the four FOSS essential freedoms:

            1. The freedom to run the program for any purpose
            2. The freedom to study and modify the program
            3. The freedom to redistribute copies of the original or modified program
            4. The freedom to distribute modified versions of the program

            Specifically, freedom 4 is violated, because you are not permitted to distribute a modified version of the program that connects to the Signal servers (even if all your modified version does is to remove Google Play Services or something similar).

          • furikuri@programming.dev
            link
            fedilink
            arrow-up
            0
            ·
            4 months ago

            The back end is open source, but sometimes they’ve lagged years behind releasing the source code.

            I think this is the more worrying part if true. The backend is licensed under the AGPL, so this would technically be a violation of their terms

            1. Remote Network Interaction; Use with the GNU General Public License.

            Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software

            Edit: For anyone else reading I looked into it a bit more and looks like the issue came to a head around 3 years ago, with this comment being made after a year of missing source code. The public repo has been pretty active since then, so the issue seems to be resolved

            • Skull giver@popplesburger.hilciferous.nl
              link
              fedilink
              arrow-up
              0
              ·
              4 months ago

              I think this is the more worrying part if true. The backend is licensed under the AGPL, so this would technically be a violation of their terms

              The AGPL doesn’t require you, the author, to do anything. As the copyright holder, you decide the license your code falls under. You publish code with a license so others can use it. You can always do with your own work on your own computers as you wish, assuming you don’t also use other (A)GPL code that forces you to release your own.

              Many companies sell GPL software this way; the (A)GPL version is free to use, but if you don’t want to share your alterations and any code you integrate the (A)GPL code with, you pay money to get a non-AGPL licensed copy. Qt does this, for instance, so car manufacturers can design their closed source vehicle dashboards and open source projects can use Qt to build a Linux desktop.