Signal is open source, so our code is regularly scrutinized in addition to regular formal audits. We also constantly monitor security@signal.org for any new reports, and we act on them with quickness while also working to protect the people who rely on us from outside threats like phishing with warnings and safeguards.
This is why Signal remains the gold standard for private, secure communications. 5/
@signalapp I disagree because your platform is #proprietary, #SingleVendor, #SingleProvider and doesn't allow for #SelfHosting, #SelfCustody of all the Keys and you demand #PII in the form of a #PhoneNumber which can be used.to track users down!
If #Signal was as secure as claimed, it would've been shut down like #EncroChat, #SkyECC & others...
@kkarhan Signal is literally open-source, meaning its source code is public, not proprietary: https://github.com/signalapp. Signal does not hold any user's secret keys.
@pixelcode neither are there reproduceable builds nor is #Signal's #backend opensoirce'd nor is it possible to #SelfHost.
Thus it is #proprietary #SaaS!
@kkarhan You could have simply clicked on the link to find out that Signal have published the source code of all their apps and of their server, instead of making false claims out of thin air.
There's literally an entire manual on reproducing builds: https://github.com/signalapp/Signal-Android/blob/main/reproducible-builds%2FREADME.md
Also, nothing and no one stops you from self-hosting the Signal server.
@pixelcode @kkarhan I have followed their #ReproducibleBuilds over the years, they never actually reproduce the whole thing from source, just the easy parts. Last I checked, all their native code is just pulled in as binaries when using their reproducer setup. Plus, they can't reproduce the proprietary Google libraries https://github.com/signalapp/Signal-Android/blob/556bcda58ae65abbba75bf899a43666ba6d9d427/app/build.gradle.kts#L533
