• Dehydrated@lemmy.worldOP
      link
      fedilink
      arrow-up
      39
      ·
      edit-2
      9 months ago

      Signal doesn’t “heavily use Google services”. They only use proprietary libraries and integrations for 2 purposes: Donations and push notifications. Signal uses the platform’s native way of handling push notifications, on iOS it’s APNs and on Android it’s FCM. This is also the reason why it’s not available on F-Droid. You can use a fork of the app like Signal-FOSS or Molly. These remove all proprietary dependencies and you can download them from their custom F-Droid repositories.

      • geoma@lemmy.ml
        link
        fedilink
        arrow-up
        14
        ·
        9 months ago

        Molly is wonderful but I use signal-foss because it shares openstreetmap location by default 🤩

            • Dehydrated@lemmy.worldOP
              link
              fedilink
              arrow-up
              2
              ·
              9 months ago

              Have you tried out Molly? If yes, did you use the normal version or the FOSS build? Btw the Version available on Accrescent is also FOSS

              • ✺roguetrick✺@lemmy.world
                link
                fedilink
                arrow-up
                2
                ·
                9 months ago

                Have you tried out Molly?

                Nah, I get hypomania from buproprin. I think ecstacy would put me straight into serotonin syndrome.

              • geoma@lemmy.ml
                link
                fedilink
                arrow-up
                1
                ·
                9 months ago

                I have used it (molly-foss)but haven’t in a while, just waiting for it to enable OSM location sharing to switch back to it. Didn’t know about accrescent. What’s the deal about it compared to droidify or f-droid?

                • Dehydrated@lemmy.worldOP
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  edit-2
                  9 months ago

                  It’s more secure than F-Droid. It’s still in a pretty early stage of development though and currently only offers a handful of apps.

                  • App signing key pinning: first-time app installs are verified so you don’t have to TOFU.
                  • Signed repository metadata: repository contents are protected against malicious tampering.
                  • Automatic, unattended, unprivileged updates (Android 12+): updates are handled seamlessly without relying on privileged OS integration.
                  • First-class support for split APKs: downloaded APKs are optimized for your device to save bandwidth.
                  • No remote APK signing: developers are in full control of their app signing keys.
        • Buddahriffic@lemmy.world
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          9 months ago

          I have to be misunderstanding what you’re saying because it sounds like you’re happy that app shares your location by default? Or do you mean it uses that format by default when you decide to share a location?

          • geoma@lemmy.ml
            link
            fedilink
            arrow-up
            9
            ·
            9 months ago

            I meant that it uses the OSM “format” when I decide to share it voluntarily. That totally makes sense for me. I don’t want to be sharing no Google links.

    • ruplicant
      link
      fedilink
      arrow-up
      17
      ·
      9 months ago

      there is a fork with proprietary dependencies removed called Signal-FOSS, whose repo you can add to F-Droid if you decide to trust it

    • Unreliable@lemmy.ml
      link
      fedilink
      arrow-up
      15
      ·
      9 months ago

      There are several Signal forks on f-droid that remove the need for Google services iirc.

    • onlooker@lemmy.ml
      link
      fedilink
      arrow-up
      14
      arrow-down
      1
      ·
      edit-2
      9 months ago

      To answer your second question: they advertise Signal as a secure and private messenger, so heavily using Google services would be kind of counter-productive. To answer your first question: here.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      5
      ·
      edit-2
      9 months ago

      Because they don’t seem to care about free software I guess

      You can use Molly if you want more freedom. I do wish that Signal would build in orbot to avoid censorship.

        • banneryear1868@lemmy.world
          link
          fedilink
          arrow-up
          2
          arrow-down
          16
          ·
          edit-2
          9 months ago

          The whitepaper explains it in detail. Closed source doesn’t mean worse by default. In a lot of cases the opposite since professionals were hired and paid for their work and the company thinks they have an edge on the competition. Open source is more of a grab bag. Commercial use of open source is plagued by abandoned projects and lack of support obligations, even though it might be better in certain instances.

          • Huschke@lemmy.world
            link
            fedilink
            arrow-up
            8
            ·
            edit-2
            9 months ago

            Closed source does mean it’s worse by default because we can’t verify what the app does. The only things we really know about Whatsapp are:

            1. Meta is scanning your texts before the message is sent. Back when I last used it you could easily verify this by typing a url and having the app underline the url for you.

            2. Meta is collecting an enormous amount of Metadata. This can also be verified by checking the permissions the app has and by various people that have monitored the background activity of the app.

            3. Meta is using the Signal protocol to send the message. However, as previously explained this means nothing because they already scanned the message prior to sending it.

            So with no way to look at the code we have to assume that Meta is collecting and storing the messages and their metadata.

            • banneryear1868@lemmy.world
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              edit-2
              9 months ago

              Most industry standard software that people use in their jobs is closed source. When you watch movies or listen to music or play video games you’re supporting proprietary software. Same with finance and basically any office job. Niche IT jobs are the exception but I’ve been in enterprise IT for 20 years and this is just how it is in a capitalist economy. I’d prefer for public ownership of technology platforms but it’s basically reduced to a consumption model within the current system. Like the platforms people consume media through isn’t very significant, which the open source community puts a lot of ideological importance on. Most open source projects are also abandoned and become obsolete too quickly. I’ve basically been relying on the same set of proprietary Adobe software for part of my income since the 90s, can’t name an open source alternative that does what I need it to do or has this longevity even though I’d prefer it.

              Btw a way you can verify the security of a chat app is by reading case docs from law enforcement about what’s required to obtain communications through said platform. With whatsapp the closest they can get to message content is by retreiving cache from the iPhone chatsearch database, and metadata from WhatsApp about who sent a message to whom and when but not the message contents. Retrieval of WhatApp messages through proprietary security forensics software is limited to how certain phone models and OSs locally cache messages basically. This applies to different platforms the same way though and isn’t something special about WhatsApp or Meta. The unique thing to Meta is how quickly they respond to law enforcement requests about metadata collection.