lithium
TextSecure

lithium | TextSecure | |
---|---|---|
1 | 995 | |
77 | 26,082 | |
- | 1.1% | |
5.5 | 9.9 | |
5 months ago | 6 days ago | |
Java | Kotlin | |
GNU General Public License v3.0 only | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
lithium
-
WhatsApp gives users an ultimatum: Share data with FB or stop using the app
That's a good point. Threema using standard libsodium cryptoboxes (iirc) makes this easier to integrate with than these Axolotl-like protocols, though Threema still uses a custom protocol to communicate chat messages so you'll have to implement that. Also, Wire has a bot API so you don't need to pretend to be a real client to integrate in a chat. https://github.com/wireapp/lithium/wiki
Afaik Signal doesn't have that, there only seem to be third party implementations for bots.
TextSecure
-
Reviewing the Cryptography Used by Signal
That's been a thing since March 2016.
https://github.com/signalapp/Signal-Android/tree/main/reprod...
-
More telcos confirm Salt Typhoon breaches as White House weighs in
And, even if you can connect with your own client, can you trust the server is running the code they claim it is? They were caught running proprietary server code for a time in 2020-2021. https://github.com/signalapp/Signal-Android/issues/11101#iss...
- Signal silently falls back to unsealed sender messages if server returns 401
-
How to Make a Product Secure: A Developer's Perspective
Signal: This messaging app is built with end-to-end encryption at its core. It’s open-source, allowing experts worldwide to audit its security protocols.
-
Should We Chat, Too? Security Analysis of WeChat's Mmtls Encryption Protocol
Signal does a far better job than most. They have open source clients. They sign their builds. The android build is reproducible (you can build it yourself and it will match exactly what they publish, see https://github.com/signalapp/Signal-Android/blob/main/reprod...). Presumably some people in the world do it.
Now of course I personally don't check the app shipped to me from the Google Play Store, but at least I could!
It's not that I disagree with your point at all. There are still many places for world powers to compel companies to spy on users (in both hardware and software). Just want to call out that Signal is doing pretty much the best they can.
-
3G Cell Service Has a HUGE Security Flaw. 🫢
Well, the best thing you can do right now is stop using cell service (particularly 3G networks) whenever possible. For texting and phone calls, use an encrypted internet based service, like Signal or WhatsApp. Use authenticator apps or passkeys for two-factor authentication instead of your phone number.
-
Australia arrests dozens over app allegedly used by criminals worldwide
https://github.com/signalapp/Signal-Android/issues/8974
-
Pavel Durov and the Blackberry Ratchet
There are claims that Signal has already been compromised by the Five Eyes Intel Agencies, albeit through bribery rather than the overt coercion we see here. The key change is that Signal can no longer guarantee end-to-end encryption based on a passphrase tied to the app itself, and known only to the user.
https://github.com/signalapp/Signal-Android/issues/8974
-
Signal's Meredith Whittaker on the Telegram security clash
> They distribute binaries on app platforms
They seem to support reproducible builds https://github.com/signalapp/Signal-Android/blob/main/reprod...
> and don’t allow third party compiled to connect
They don't want 3rd party clients to connect official servers, and do not support to them, but there is no outright ban.
- Telegram has launched a pretty intense campaign to malign Signal as insecure
What are some alternatives?
android - Android application to receive notifications
undiscord - Undiscord - Delete all messages in a Discord server / channel or DM (Easy and fast) Bulk delete
openinwa - Create chat in WhatsApp without saving number to your phonebook
Signal-TLS-Proxy
matrix-puppet-signal - A Signal bridge for Matrix
duckduckgo-locales - Translation files for <a href="https://duckduckgo.com"> </a>
LibreSignal - LibreSignal • The truly private and Google-Free messenger for Android.
session-desktop - Session Desktop - Onion routing based messenger
Signal-Android - Patches to Signal for Android removing dependencies on closed-source Google Mobile Services and Firebase libraries. In branches whose names include "-FOSS". Uses new "foss" or "gms" flavor dimension: build with "./gradlew assembleWebsiteFossProdRelease" (change "Website" to "Play" pre v7.15.4).
Signal-Server - Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS
