i've just seen a comment in a post, in this very community, saying people trust signal because of missinformation (from what i could undertand).
if this is true, then i have a few questions:
-what menssaging app should i use for secure communications? i need an app that balances simplicity and security.
-how to explain it to my friends who use signal because i recomended?
-what this means for other apps in general?
In regards to Signal, this is largely not true. Sealed sender has been signal's metadata hiding protection for like 6 years or something. The only information signal has is your phone number, your account creation time, and the last time you contacted their servers.
They also have a server implementation on github, so it seems to be open source to me. (I could be missing something though)
You are right though, that it uses centralized servers and requires a phone number, which are sticking points for a lot of people.
Give me ssh access to their centralized server so I can verify this "sealed sender" idea is working.
Otherwise this is a "trust me bro" claim.
This doesn't really make sense to me, what do you mean? Client-side you do different computation for sealed sender delivery/receipt. What's your normal standard of trust that a hosted, open source project is running the same code that they've made public?
I think if they store any metadata that we don't know about, the lie runs very very deep, like to conspiracy theory levels that don't really make sense for a registered nonprofit: https://signal.org/bigbrother/
Its a centralized service, you have no idea what code they're running. You can't host your own.
Also they went a whole year one time without publishing any server code updates until they got a lot of backlash for it. Still, since its centralized, it can't be trusted to be running what they say they are.