Hacker News new | past | comments | ask | show | jobs | submit login

What do you mean 'not fully released'? It's here: https://github.com/signalapp/Signal-Server



Is that the version that is actually deployed to their servers, though?


Is that possible for Signal to prove in a meaningful way?


Intel SGX? They are already using it for some portion of the server code.


Well your signal client performs SGX remote attestation before sending any contact data to ensure that the server codebase matches a valid release. So if they're not running the published source, your client will refuse to share your contact information and social graph. Note that messages are e2e encrypted on the client side, so they don't enter into it.


Isn't that impossible to prove for any OSS backend out there?


Why wouldn't it be?


because https://www.reddit.com/r/privacy/comments/qlw1ag/signal_is_a...


Surely you could link to the actual blog pose rather than a subreddit that regularly crosses the border into conspiracy theory territory.


Backdoors.


It's not complete, they made a blog post recently where they stated that they have closed source code in use.

I think it was about spam




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: