Post · bonfire.cafe

@strypey@mastodon.nzoss.nz · 5 months ago

"[Vincent] Ramos makes some very incriminating statements to the FBI in an undercover operation, and they arrest him. And they say; you need to put a backdoor into Phantom Secure, and let us read all of the messages of the 10,000 users (or whatever) ... or we're going to arrest you."

#JosephCox, 2024

https://www.theverge.com/2024/5/23/24163389/joseph-cox-dark-wire-fbi-phone-startup-anom-criminals-secure-messaging-decoder-interview

And we know that nothing like this has happened to the people behind the hosted Signal services, because ... ?

#encryption #messaging #Signal

slime

@trewq@infosec.exchange replied · 5 months ago

@strypey difference is, the signal app is open source

Strypey

@strypey@mastodon.nzoss.nz replied · 5 months ago

@trewq
> the signal app is open source

They publish source code under open licenses, yes, and good on them. But ...

How do we know the server code they publish is what they use in production?

How do we know their apps are compiled from exactly the code they publish?

Anyone ever compiled it the apps from scratch and set up a server, to see if it really behaves anything like the hosted service and the signed apps they distribute on Goggle Prey Store?

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.1 no JS en

Automatic federation enabled