Telegram is notoriously insecure and routinely cooperates with govs behind the scenes while talking a big game about speech and privacy. Even their limited opt-in (roll their own) encryption is sus. The more you know 🌈
@Mer__edith Tbf, most people I know (including me) who also use Tg don't use it because of their encryption but because the app is much faster and has better UX :~
I'm till annoyed at Signal for all those little things like enabling "jumbo emojis" but not offering a setting for that to disable it. Since it's open source I probably should contribute it but after many many 2nd hand interactions with the dev team I really don't want to any more. The Signal GitHub is probably one of the most toxic places for discussion. I've seen things shut down like: Local-only customization options, improved reproducibility, alternative clients/publishing, regular release of server source code, etc.
Often a reason was given but when contributors wanted to find solutions for that problem the thread was locked and moved to a discussion space where nothing happens except for "oh, we had this discussion 100 times already". I'm glad Signal, at least, now allows push notifications outside of Google Services.
I'll still use Signal primarily, but it's "open source" only de jure and mostly just source available and trying to contribute to it is just traumatizing. Which is really sad.
@ljrk kinda sounds like the same sort of hostile environment that led to xz... I would hope that @Mer__edith looks into that and improves the culture there.
@zenspider@Mer__edith Well, at xz we had 1 unpaid maintainer who was friendly to contributors but the way he was treated was toxic. Here you have toxic treatment of potential contributors, simply leading to less (diverse) contributions and Signal being much of a "firmly led" project rather than a community effort.
Which makes sense to a certain degree, Signal is immensely critical software. But then again, adding a toggle to disable jumbo-emojis is a different thing.
@ljrk@Mer__edith immensely critical software with the clunkiest slowest UI. It is not a pleasure to use at all... And it sounds like anyone trying to improve that is going to be run off.
@zenspider@Mer__edith Unfortunately. And I don't want to dunk on the devs, it's incredibly hard to make security usable and despite all, Signal is one of the most usable security products.
But there's a lot of room for improvement and the culture of the project still has a lot of moxie air (with all due respect for his ability) around it. I hoped that after him leaving things'd improve, but that wasn't the case from my experience.
@ljrk@zenspider Open source ≠ contributions accepted from anyone. Open source allows people validate and examine our work. Building and maintaining usable robust high availability software is a huge amount of forever work, and requires close coordination and sustained effort. Sometimes we do accept outside contributions. But this is not a volunteer led effort nor could it be and continue to serve the many many millions of people who rely on signal for secure, private comms.
I agree that Signal is open source, legally speaking. What you are describing "validating and examining" is what is commonly considered "source available" and I do not think that we should restrict the meaning of open source to this rather narrow definition. Source available heavily restricts development to a chosen few who are privileged to build their vision forward. There've been many cases of this model going awry for a multitude of reasons and actually encouraging an open source model of contributions increases the resilience of the software by untying it from the brand, product, development and service monopoly.
I acknowledge that building software such as Signal is a big task and I of course outside contributions may seem like a nuisance here. But in the end those contributions reflect what people want of a messenger and thus also why they may not be using Signal. And, after all, Signal is on the mission to enable secure conversations for all, and not for only the select few whose use-case and all of their contacts' use cases matches the one of the devs.
Finally, I don't mean to say that Signal should become a volunteer run effort. That's not what open source means either. A project can have full time devs + volunteer contributions.
@Mer__edith It is just a pity that signal still has not the same functionality as telegram or whatsapp. In particular the fact that I cannot use it on all my android devices (phone and tablet) but that I have to designate one of them where I use signal. That makes signal not practical for daily use, I miss too much messages while on my tablet.
@Mer__edith rest of the alt text "
🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪"
Add comment