this post was submitted on 13 Mar 2025
18 points (78.1% liked)

Privacy

1442 readers
140 users here now

Protect your privacy in the digital world

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be nice, civil and no bigotry/prejudice.
  2. No tankies/alt-right fascists. The former can be tolerated but the latter are banned.
  3. Stay on topic.
  4. Don't promote big-tech software.
  5. No reposting of news that was already posted. Even from different sources.
  6. No crypto, blockchain, etc.
  7. No Xitter links. (only allowed when can't fact check any other way, use xcancel)

Related communities:

founded 4 months ago
MODERATORS
fxomt@lemmy.dbzer0.com
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
fxomt@piefed.social
18
Signal has no known/published real security audit? (lemmy.ml)
submitted 3 days ago by adbenitez@lemmy.ml to c/privacy@lemmy.dbzer0.com
12 comments fedilink hide all child comments
 

Someone made a compilation of academic reviews and blogposts here: https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243 but none of them seem to be real security audit reports, ex. compare with real security audits to Delta Chat: https://delta.chat/en/help#security-audits

you are viewing a single comment's thread
view the rest of the comments
[–] Telorand@reddthat.com 22 points 3 days ago (1 children)

You can always look at their history "complying" to government orders to hand over user data.

https://signal.org/bigbrother/

No company is going to break the law for you, so live tests seem about as good as a security audit.

[–] adbenitez@lemmy.ml 8 points 3 days ago (4 children)

You can always look at their history “complying” to government orders to hand over user data.

IIRC by US law they are not allowed to disclose requests from US gov itself

so live tests seem about as good as a security audit.

I would rather prefer real security audits

[–] Telorand@reddthat.com 4 points 3 days ago

A security audit would be great, but their most recent request was from Santa Clara county, and several previous ones are also from US jurisdictions. You can read about the content of what they were able to provide to the courts.

They're obviously private. And if you're concerned about the app, use the fork Molly.

I guess I don't see what more a security audit would reveal that we couldn't deduce by examining the code or real-life examples.

[–] EngineerGaming@feddit.nl 3 points 3 days ago (1 children)

I would also prefer a server in a jurisdiction that I choose as suitable for my needs. Or, better, a mini-computer on my balcony.

[–] IDKWhatUsernametoPutHereLolol@lemmy.dbzer0.com 1 points 2 days ago (1 children)

If you and your contacts are all Android, you can Use Briar. It has no central servers and all traffic go through Tor. Open Source and on Fdroid and recommended by privacyguides.org

[–] EngineerGaming@feddit.nl 4 points 2 days ago

Yeah, true - I have this installed but inactive for emergencies. It cannot, however, deliver messages when the recipient is offline, and I don't know how much it drains the battery if left on. So not sure I'd use it as a daily messenger.

[–] Coldmoon@sh.itjust.works 2 points 3 days ago (1 children)

I only talk quietly in loud rooms, can’t trust Signal.

[–] IDKWhatUsernametoPutHereLolol@lemmy.dbzer0.com 2 points 2 days ago

I only talk a mixture of Cantonese Mandarin and English in the Style of Shakespeare