this post was submitted on 20 Oct 2024
30 points (76.8% liked)

Technology

59381 readers
2894 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
30
Why doesn't Signal forbid third party clients or at least offer a client certification program to ensure security? (feddit.org)
submitted 3 weeks ago* (last edited 3 weeks ago) by [email protected] to c/[email protected]
18 comments fedilink hide all child comments
 

  • Signal forks can have unexpected behaviours like retaining deleted messages and also they don't get updated at the same rate that Signal get updated.

  • Every couple of years I hear a story about hackers disturbing signal with backdoors, which would be impossible or very hard to be done If they blocked third party clients. (Ex: 1)

  • The amount of people who use third party Signal clients are very few anyway.

I saw what WhatsApp did to forbid modification of it's app which works in stopping a lot of distributions, why doesn't Signal do the same?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 34 points 3 weeks ago (1 children)

IIRC, they do forbid third-party clients from their network. You can build it from source, but you won’t be able to connect to production Signal servers.

Third-party clients would not necessarily be a bad thing. Signal has limited resources, and as such has to cut corners. I for one would love a native desktop client that’s not Electron bloatware.

[–] [email protected] 3 points 3 weeks ago* (last edited 3 weeks ago) (3 children)

There are already 2 third party forks I know of, Molly and Signal-JW.

They both use and access the main production Signal servers.

As I said, a compromise here would be to have a client security certification program, where no other clients outside it would be able to use Signal.

[–] [email protected] 11 points 3 weeks ago

I could appreciate a client certification that is optional, like a list of approved clients on their website or something along those lines.

It should not be enforced by killing the client. I like security, but I enjoy software freedom more.

[–] [email protected] 2 points 3 weeks ago

It takes resources to run and maintain such things. Probably not something they feel they can or want to take on.

[–] [email protected] 0 points 3 weeks ago (1 children)

As I said, a compromise here would be to have a client security certification program, where no other clients outside it would be able to use Signal.

You mean running a trojan "as a mean of security", similar to anticheats? Are you sure this is a good idea?

Or if by "program" you mean having some allowed clients as opposite to only the official one allowed, it's a social thing, not a technical one. So it still won't prevent anyone from connecting with another client.

[–] [email protected] 3 points 3 weeks ago (1 children)

I mean having a list of allowed clients.

As I said in my post, WhatsApp already enforce forbidding third party client and it seems to work well.

I don't see why wouldn't Signal improve the security of their users by implementing this, while upsetting the very few users who use third party clients.

[–] [email protected] 1 points 3 weeks ago

How do you imagine this working?