cross-posted from: https://lemm.ee/post/56591279
Swedish government wants a back door in signal for police and âSĂ€poâ (Swedish federation that checks for spies)
Letâs say that this becomes a law and Signal decides to withdraw from Sweden as they clearly state that they wonât implement a back door; would a citizen within the country still be able to use and access Signals services? Assuming that google play services probably would remove the Signal app within Sweden (which I also donât use)
I just want the government to go f*ck themselves, yâknow?
What part am I missing? They seem to have the source code of their server and the different apps on their GitHub page.
They still have a tone of open-source stuff. Itâs just that not everything is open-source anymore. Meaning, since everything is not public, we have no way of knowing if this private piece of software is what they say, or anything else actually.
So, trust a company because they say they are not evil? Iâll pass
From Signal Blog 01 Nov 2021:
Improving first impressions on Signal
There isnât any proof that the app you download is built exactly from the source code on github. There could be an intermediate step to inject whatever they want before packaging it for the app stores.
Thereâs also the conspiracy that Signal has been compromised since the beginning as they received initial funding from the CIA. Not sure exactly where I stand on this, but it is plausible.
The protocol itself is open source though so someone could make an open source service with that.
In principle, this statement holds for any app that you donât compile yourself. As weâve learned from the xz disaster last year, even the dource code versions on GitHub donât have to match.
There are at least two Signal versions: The official version, the one from the Guardian Project. For the latter I assume that they build from the publicly available source code. And then there is at least the fork Molly.