Signal-Server
Signal-iOS
Our great sponsors
Signal-Server | Signal-iOS | |
---|---|---|
200 | 130 | |
8,805 | 10,414 | |
1.0% | 0.8% | |
9.8 | 9.9 | |
about 7 hours ago | 3 days ago | |
Java | Swift | |
GNU Affero General Public License v3.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Signal-Server
-
Signal: Keep your phone number private with Signal usernames
> They could at least BSL the server code and allow others to verify the server code and host but not compete.
This is exactly what they do (except they use AGPL): https://github.com/signalapp/Signal-Server
-
Are Signal Notifications Encrypted ?
https://github.com/signalapp/Signal-Server/blob/main/service/src/main/java/org/whispersystems/textsecuregcm/push/APNSender.java for APNs push notification payloads
- Signal Username Commit
-
Can't link main class in dropwizard project
I am trying to build and run signal server https://github.com/signalapp/Signal-Server
yes it is available here https://github.com/signalapp/Signal-Server/blob/main/service/pom.xml
-
Signal would 'walk' from UK if Online Safety Bill undermined encryption
You could also start your own signal server, but with blackjack, and hookers
-
‘I will show you how safe Telegram is’
The fact that it locks you into using their servers, does not distribute on F-Droid (only Google Play OR an APK with an insecure update mechanism), and has a completely closed-source "abusive message filter" module server side, that could functionally be used for censorship, storing messages for future decryption, or any other number of nefarious purposes - we have no idea since it's not open source (https://github.com/signalapp/Signal-Server/blob/main/.gitmod...).
Additionally, you cannot distribute branded forks or Signal, and if you do fork it, your fork is not allowed to connect to Signal's "official" OWS (open whisper systems) servers - hostility to federation should be viewed with prejudice and suspicion at the very least, it suggests a vested interest in a single point of failure (or control), which goes against user interests.
Further reading: https://drewdevault.com/2018/08/08/Signal.html
-
"The Signal client is built non-reproducibly, so you actually don't know whether it's running the source code available on Github."
It’s actually the signal server that isn’t reproducible because of the abusive message filter that’s in a private repository. It’s clear as day here: https://github.com/signalapp/Signal-Server
-
Links to rooms: What does the link itself reveal?
So phone numbers are not part of group metadata and can’t be accessed directly even if someone gets access to the groups server. However, because (as far as I know) the server still has a 1:1 mapping of UUID <-> phone number that it knows, then if the malicious actor has access to the main Signal server, they’d be able to access the phone numbers of members as well.
-
Huge win for privacy: Facebook tracking is illegal in Europe!
That article is almost 2 years old. Right now GitHub is being updated regularly. Latest update to their server code is from 5 days ago.
Signal-iOS
- Police used Cellebrite to break into my phone, how do I prevent this in the future?
-
Governments spying on Apple, Google users through push notifications -US senator
Fortunately, they did foresee this! The push notification only contains enough information to tell the phone that it should fetch the actual notification content from Signal's servers.
Here's a Signal dev talking about it on the Signal-Android GitHub: https://github.com/signalapp/Signal-Android/issues/12961#iss...
And similarly for Signal-iOS: https://github.com/signalapp/Signal-iOS/issues/962#issuecomm...
-
Privacy is Priceless, but Signal is Expensive
This was a nice, detailed read. I was happy to note this about employee compensation since paying them well is a good thing apart from their personal motivation to work on this (even at a comparatively lower pay than in other companies/projects):
> When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
> We are proud to pay people well. Our goal is to compensate our staff at as close to industry wages as possible within the boundaries of a nonprofit organization.
That said, I really dislike Signal for a few reasons. The first is what many people have already talked about very often — forcing to use a phone number to register. Since the SMS or call costs are quite high, Signal could adopt the iMessage approach to verification, which is having the user send an SMS to the service (this will cost the user some money depending on which country the SMS is sent to). This could be decided based on the country code so that the current SMS OTP model can coexist.
Signal is obstinate on a few aspects on user experience, more so on iOS/iPadOS. Firstly, it refuses to provide a data backup mechanism for iOS/iPadOS. If someone loses their devices, there is no way to restore older messages. Even setting up a new device requires the old device to be in physical proximity to transfer the data. Signal does integrate with CallKit (to act like a phone app) and with Apple’s notification services, but refuses to allow the user to backup the data with a password to encrypt it.
Secondly, I found this paragraph in this post to be disingenuous:
> Such practices are often accompanied by “growth hacking” and engagement maximization techniques that leverage dark patterns to keep people glued to feeds and notifications. While Signal is also free to use, we reject this kind of manipulation, focusing instead on creating a straightforward interpersonal communications app. We also reject business models that incentivize such practices.
Signal on iOS/iPadOS wants the user to enable notifications and to share contacts. If notifications are disallowed and if contacts upload is disallowed, it will pester every few days about it. One might think this is a silly mistake that Signal isn’t aware of. But it was reported some years ago and Signal responded that it will not fix it because it believes this is the only way. [1] Not even an option where this is a toggle for those who want no notifications or don’t want to share contacts (Signal does have a toggle for contact joining notifications).
Signal is also not that reliable in delivering messages in a timely manner compared to other apps (the GitHub repo has many repetitive issues on this topic over all these years).
Finally, since Signal has poorer UX in general, which isn’t an easy or cheap thing to handle, I use it only with less than a handful of people who I know and who use it.
I’d donate occasionally so that Signal can continue to exist, but I don’t feel like supporting it every month with all these issues, some of which look like Signal showing me the middle finger.
[1]: https://github.com/signalapp/Signal-iOS/issues/4590#issue-72...
-
App crashes on open | iOS 16.5 | will stop donation
However, this is not unique to my setup, some others have opened a github issue as well https://github.com/signalapp/Signal-iOS/issues
Yeah I was able to find a few tasks that might be similar to your issue, though I don't know the exact details how the app behaves in your case, as in if you get error message or something like in this issue, or if it just closes on open like in this issue comment. Regardless, the generated crash report from the phone itself is probably good to add in your email to support (which is different from the debug log, just to specify in case you have been sending only that, here's a link for more details).
-
Rewriting the Messenger codebase for a faster, smaller, simpler messaging app
Can anyone shed light on where the complexity is coming from? Even 360kloc for a chat client seems excessive - its original size, 1.7Mloc, is hard to accept. How does it break down - e.g. 120kloc UI, 120kloc networking/data, and 120kloc other?
(For comparison I dl'd https://github.com/signalapp/Signal-iOS and ran cloc. It's about 400kloc of Swift, so I guess it's in the ballpark. I just wouldn't have guessed it was so big, and I'd like to know why.)
My bet is on "object-oriented obfuscation" and bloat caused by "modern" coding styles. Looking through the Signal source you linked to, I see tons of the former. There is an absolutely insane amount of boilerplate-looking code in here, for example: https://github.com/signalapp/Signal-iOS/tree/main/Signal/src...
I don't know Swift or the iOS UI API, but a lot of that code seems to be manually creating and positioning UI elements and otherwise implementing UI functionality that I'd expect the OS to handle. It's a lot of code that should really be data (arrays, structures).
To offer a huge contrast, a long time ago I wrote an MSNP chat client in pure Win32, and it was around 2kloc. The binary was 24KB. Of course it only supported contacts, presence, and text messaging, but I still can't see features like audio/video or the crypto that Signal has needing 100x more, especially if they use OS functionality for much of them.
-
Voice messages are not using headphones microphone
GitHub link: https://github.com/signalapp/Signal-iOS/issues/5399
- Signal will exit the UK rather than comply with onerous new restrictions on end-to-end encryption
What are some alternatives?
mollyim-android - Enhanced and security-focused fork of Signal.
matrix-docker-ansible-deploy - 🐳 Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
libsignal-protocol-javascript - This library is no longer maintained. libsignal-protocol-javascript was an implementation of the Signal Protocol, written in JavaScript. It has been replaced by libsignal-client’s typesafe TypeScript API.
Signal-TLS-Proxy
simplex-chat - SimpleX - the first messaging network operating without user identifiers of any kind - 100% private by design! iOS, Android and desktop apps 📱!
ringrtc
TextSecure - A private messenger for Android.
session-desktop - Session Desktop - Onion routing based messenger
Synapse - Synapse: Matrix homeserver written in Python/Twisted.
nostr - a truly censorship-resistant alternative to Twitter that has a chance of working