• 64 Posts
  • 6.49K Comments
Joined 1 year ago
cake
Cake day: June 14th, 2023

help-circle


  • And I’m sure in the intervening ten years they haven’t done anything about that

    https://blog.dijit.sh/i-don-t-trust-signal/

    Signal is not open source

    Why would I say something so provably untrue? “Of course signal is open source, it’s on f-droid! (it’s not, actually1); there are even sources on github!” … I can already hear it coming.

    How is it then dear reader, that they developed MobileCoin integrations for over a year without anyone knowing?

    That would be because, they stopped updating sources. We can be reasonably sure that private & unpublished code was in production, otherwise they left some security vulnerabilities unpatched for a long time2. This throws into question the entire nature of what they consider “open source” to mean, they are clearly comfortable deploying non-public software.

    It’s also vanishingly small amounts of people who will use the from-FOSS versions of the client, nearly everyone will be downloading it from Google Play or Apple’s App Store; and they have a long way to go when it comes to verified builds which seems to work when you google it and there’s a page; but in reality if you read the page you’d realise is not possible.

    Which gives a false appearance in my opinion, and that is a large part of my issue honestly; that there is a surface level of “everything is by the book” but underlying it all is: nothing, really. Signal doesn’t give you any option to verify their claims

    If I were in a situation to be signal, if there was a competing implementation that I could point my clients to (similar to how headscale is an implementation of tailscale’s control server); I’d certainly be a lot more comfortable, since then I could be in a situation where I can see all traffic to my server and jail/inspect all traffic coming from the binary distributed Signal client; thus it would allow for independent verification of the binary distributions delivered via Play or the iOS App Store.

    As it stands the whole thing is built on trust and people believe that someone else will do the hard part of reverse engineering every version.

    Which I don’t have to tell you is significantly more effort, requires much more advanced skills and might not even yield results even if there were concerning items yet to be discovered.

    “Moxie says you can run your own server though!”3; I’d like to see where I can change the endpoint in the signal app that’s distributed via Play or App Store; my claim is purely that I can’t verify those and that few enough people run the custom compiled versions to be meaningful. If I was to be smart and want to hide a back door I’d only need one side of every conversation. – please note though, I’m not saying they do this, I’m just saying that they could do this and the only thing that says they don’t is “trust me”.



  • If you can remove the rights of people you don’t like, others can do the same to you

    Except we remove these rights all the time, in large part because of the insidious bigotry that fanatics propagate. Defending the bigots does nothing to expand civil rights for the minorities they are marching to oppress.

    FFS, the ACLU defended the Charleston tiki torch rioters. Whose interests did that serve?

    If it’s not universal it cannot be a right.

    Selective enforcement of civil rights is routine in the US. Hell, the same people crying about Campus Free Speech in 2022 ago were the ones calling for the heads of Palestine Solidarity protesters a year later.


  • Protecting the rights of bad people equally with good ones is what they stand for.

    It isn’t. When you’re describing is a revisionist mission adopted by the New York branch in the 60s and 70s.

    The original mission of the ACLU was the defense of labor agitators, picketers, and organizers - common targets for right wing hate groups.

    This article from Jacobin goes into the transformation of the radical labor rights organizer to centrist Free Speech absolutist.

    The mission has shifted from defending working people to bad people as the ACLU grew divorced from its labor roots.




  • UnderpantsWeevil@lemmy.worldtoEnough Musk Spam@lemmy.worldMusky does it again
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    49
    ·
    3 days ago

    The ACLU is a broken organization for this very reason. They invest a great deal of their time and energy in trying to look nonpartisan by backing some of the most vile and irredeemable people in the country.

    On the flip side, Democrats steer wide of the organization whenever it comes time to run candidates or appoint cabinet positions.

    You’ll never see the head of the ACLU appointed to the DOJ or granted a federal judgeship. No more than a regional leader of Planned Parenthood gets to run for Senate in a bright blue state. They aren’t feeders to high office like the Federalist Society or the Heritage Foundation. All they are good for is fundraising from unhappy liberals.