Signal's Meredith Whittaker on the Telegram security clash

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
hardware-buttons scrape-images linkedin-bot

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • Signal-Server

    Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS

    • Signal apps and server are all on GitHub and frequently updated, for what it's worth: https://github.com/signalapp/Signal-Server https://github.com/signalapp/Signal-iOS.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • Signal-iOS

    A private messenger for iOS.

    • Signal apps and server are all on GitHub and frequently updated, for what it's worth: https://github.com/signalapp/Signal-Server https://github.com/signalapp/Signal-iOS.

  • TextSecure

    A private messenger for Android.

    • > They distribute binaries on app platforms

    They seem to support reproducible builds https://github.com/signalapp/Signal-Android/blob/main/reprod...

    > and don’t allow third party compiled to connect

    They don't want 3rd party clients to connect official servers, and do not support to them, but there is no outright ban.

  • clients

    Bitwarden client applications (web, browser extension, desktop, and cli)

    • > Yeah, but are there any official docs on that?

    If they document it, it becomes a standard and people start to rely on it. Even if the documentation itself is merely to explain the how and why of the database's encryption.

    > Last time I checked, they switched to SqlCipher as well, but with the password in an unencrypted file right next to the database file.

    > What's the threat model of such an odd design choice?

    The only thing that is more secure is to use Window's Credential Manager to store the key, which is what Bitwarden does [0].

    But those credentials can also be easily dumped [1].

    [0] https://github.com/bitwarden/clients/blob/89d7e96b25594e51a7...

    [1] https://gist.github.com/micjabbour/654e67d29cbd62be3587b9f1d...

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Bitwarden starts using the OS password manager service, and it's breaking

    1 project | news.ycombinator.com | 1 May 2024

  • Any update on importing Proton Pass .json/.zip into Bitwarden?

    1 project | /r/Bitwarden | 8 Nov 2023

  • Is it really legit?

    1 project | /r/Bitwarden | 3 Sep 2023

  • Bitwarden autofill login is awful.

    1 project | /r/Bitwarden | 21 Aug 2023

  • My Extension is not acting right, can't get into my Vault

    1 project | /r/Bitwarden | 13 Jul 2023