• Lucy :3@feddit.org
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        4 months ago

        There’s a grain of truth in the claim: We don’t know for sure if the original open source version is actually running on the server.

          • Lucy :3@feddit.org
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            4 months ago

            Yes. We just have to trust them. Or selfhost, which I’m doing with almost everything.

                  • Laser@feddit.org
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    edit-2
                    4 months ago

                    we already had XMPP available and well developed.

                    XMPP as defined where?

                    For privacy, I guess OMEMO is the current gold standard regarding XMPP; however, agreeing on a feature set between clients apart from the most basic stuff wasn’t always easy (and I guess it still isn’t).

                    Also, I guess XML has fallen out of style for this kind of use case. Matrix is just JSON over REST, which I guess is kind of nice nowadays?

                    XML kind of suffers the jack of all trades curse. If you just have two sides exchanging messages using a well-defined protocol, why go for something that offers schema definition, DTD, XSL transformation? These come with costs, and if you don’t use them, why XML in the first place?

                    All of this combined with the fact that the communication model of XMPP and Matrix is different - XMPP closer to email where a server relays messages between clients while in Matrix, everything is a synchronized (?) room, even direct messages between two participants - would have required bending or extending the spec so much that it wouldn’t have been XMPP in the original spirit anyways. So instead, a new protocol was designed that incorporated a lot of lessons learned in the decade before it.

                    You’re free to continue using XMPP, after all, bridges exist.

        • bamboo@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          4
          ·
          4 months ago

          They’ve said that they release the source code after it’s running in production:

          sorry the source for one of our services was so far behind. We often don’t push source until we release things, and there were a few overlapping releases that happened in that period which made it awkward to push at any moment and put us behind. Additionally, we’ve seen a large increase in spam, and a reluctance to immediately publish the exact anti-spam measures we were responding with to a place where spammers could immediately see them combined with the above to cause this extreme delay.

          https://github.com/signalapp/Signal-Android/issues/11101#issuecomment-815400676

      • einkorn@feddit.org
        link
        fedilink
        English
        arrow-up
        5
        ·
        4 months ago

        In that case: They started publishing code AGAIN.

        The server soft has been available, then not, and apparently now again.

    • Lucy :3@feddit.org
      link
      fedilink
      English
      arrow-up
      4
      ·
      4 months ago

      That’d be irrelevant, because as long as only the clients hold the keys (which we can verify, as those are not only open source but also are under our control, meaning we can check that the upstream open source version is installed and no private keys are being exchanged) there’s no way anyone can read the messages, except the owner of the private key.