ContactDiscoveryService
Signal-Server
ContactDiscoveryService | Signal-Server | |
---|---|---|
70 | 200 | |
270 | 8,856 | |
- | 0.6% | |
0.0 | 9.8 | |
about 1 year ago | 15 days ago | |
C | Java | |
GNU Affero General Public License v3.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ContactDiscoveryService
- Is it generally ok to store phone numbers in a firestore database?
-
7 Best Open-Source Alternatives To WhatsApp In 2023
[1] https://signal.org/blog/private-contact-discovery/
-
WhatsApp data leak: 500M user records for sale
Signal uses SGX for remote attestation, which presumably lets the client verify that the code running on the server is a build of the OSS code and not a modified version. But I don't know the details or if this is reliable.
SGX and remote attestation described here:
https://signal.org/blog/private-contact-discovery/
-
WhatsApp data breach sees nearly 500 million user records up for sale
Signal does private contact discovery and the effort they've gone to to do this is quite impressive.
- A brief family story about convincing boomer parents to Signal
- Elon on Signal
- Absolutely Insane "Feature"
-
Types of Execution Environments, Attestation and SGX
TEEs have numerous privacy-enhancing applications that may benefit users. One of them is, as discussed earlier, private contact discovery; the Signal application uses a contact discovery service enhanced using Intel SGX, a TEE technology, to protect its users' privacy. A similar application of TEEs is performing malware analysis in a remote cloud service, so that the service may not identify users by the contents of their devices, such as the applications they have installed, especially important as 98.93% of users may be uniquely identified by the list of applications they have installed.
-
Twilio Incident: What Signal Users Need to Know
Signal (or, more accurately, one of its predecessors) used to use client-side private set intersection for contact discovery, but this scales poorly [1].
Now they use a solution based on Intel SGX and server-side trusted computing [2].
[1] https://signal.org/blog/contact-discovery/
[2] https://signal.org/blog/private-contact-discovery/
- Where are Signal servers located and how is it safer than Swiss-based Threema ?
Signal-Server
-
Signal: Keep your phone number private with Signal usernames
> They could at least BSL the server code and allow others to verify the server code and host but not compete.
This is exactly what they do (except they use AGPL): https://github.com/signalapp/Signal-Server
-
Are Signal Notifications Encrypted ?
https://github.com/signalapp/Signal-Server/blob/main/service/src/main/java/org/whispersystems/textsecuregcm/push/APNSender.java for APNs push notification payloads
- Signal Username Commit
-
How to Selfhost Signal Server?
git clone https://github.com/signalapp/Signal-Server.git
- Children’s data is probably being collected by messengers
- Belgorod People's Republic: "We need any fresh information on the enemy (equipment, manpower and the movement of motorized rifle companies that were sent to put out the fire) in this sector. Please only submit when YOU ARE SURE IT IS SAFE TO DO IT. Otherwise, don't post information."
-
Can't link main class in dropwizard project
yes it is available here https://github.com/signalapp/Signal-Server/blob/main/service/pom.xml
-
Signal would 'walk' from UK if Online Safety Bill undermined encryption
You could also start your own signal server, but with blackjack, and hookers
-
‘I will show you how safe Telegram is’
The fact that it locks you into using their servers, does not distribute on F-Droid (only Google Play OR an APK with an insecure update mechanism), and has a completely closed-source "abusive message filter" module server side, that could functionally be used for censorship, storing messages for future decryption, or any other number of nefarious purposes - we have no idea since it's not open source (https://github.com/signalapp/Signal-Server/blob/main/.gitmod...).
Additionally, you cannot distribute branded forks or Signal, and if you do fork it, your fork is not allowed to connect to Signal's "official" OWS (open whisper systems) servers - hostility to federation should be viewed with prejudice and suspicion at the very least, it suggests a vested interest in a single point of failure (or control), which goes against user interests.
Further reading: https://drewdevault.com/2018/08/08/Signal.html
-
"The Signal client is built non-reproducibly, so you actually don't know whether it's running the source code available on Github."
It’s actually the signal server that isn’t reproducible because of the abusive message filter that’s in a private repository. It’s clear as day here: https://github.com/signalapp/Signal-Server
What are some alternatives?
whatsapp-viewer - Small tool to display chats from the Android msgstore.db database (crypt12)
matrix-docker-ansible-deploy - 🐳 Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
TextSecure - A private messenger for Android.
mollyim-android - Enhanced and security-focused fork of Signal.
TelegramAndroid - Fork client of Telegram app for Android.
libsignal-protocol-javascript - This library is no longer maintained. libsignal-protocol-javascript was an implementation of the Signal Protocol, written in JavaScript. It has been replaced by libsignal-client’s typesafe TypeScript API.
simplex-chat - SimpleX - the first messaging network operating without user identifiers of any kind - 100% private by design! iOS, Android and desktop apps 📱!
Signal-TLS-Proxy
simplexmq - ⚙️ SimpleXMQ - A reference implementation of the SimpleX Messaging Protocol for simplex queues over public networks.
element-ios - A glossy Matrix collaboration client for iOS
ringrtc