As mentioned in the comments, plain text keys aren’t bad because they are necessary. You have to have at least one plain text key in order to be able to use encryption

  • jet@hackertalks.comEnglish
    11·
    7 months ago

    The back end is open source, but sometimes they’ve lagged years behind releasing the source code. Other developers have stood up copies of the signal network. Session, for example.

    You can self host your own signal, but it’s not federated, so you’d have nobody to talk to

      • jet@hackertalks.comEnglish
        10·
        7 months ago

        It’s absolutely FOSS. It is not, however federated. But that is not a requirement to be free and open source software

        Think of it like this, Linux is free and open source software, even if I don’t give you a shell on my computer.

        You can use the code, however you want, in any project you want.

        • hedgehog@ttrpg.network
          1·
          7 months ago

          It isn’t, because their business practices violate the four FOSS essential freedoms:

          1. The freedom to run the program for any purpose
          2. The freedom to study and modify the program
          3. The freedom to redistribute copies of the original or modified program
          4. The freedom to distribute modified versions of the program

          Specifically, freedom 4 is violated, because you are not permitted to distribute a modified version of the program that connects to the Signal servers (even if all your modified version does is to remove Google Play Services or something similar).