This blog is reserved for more serious things, and ordinarily I wouldn’t spend time on questions like the above. But much as I’d like to spend my time writing about exciting topics, som…
Again, it’s not, go to their github, check the code of the client, compile it yourself, and make a reproducible build to check that the client they ship to your phone is the same. You are talking nonsense.
You’re not getting what I’m saying, because you don’t understand what “proprietary” means in this context.
Proprietary encryption ≠ Proprietary code.
You can roll your own shitty novel encryption algorithm and license it under GPL if you want, it’s still proprietary encryption in that Signal has its own unvetted encryption algorithm instead of using a trusted existing algorithm.
EDIT: How are people not understanding this?
Proprietary licensing is different from a proprietary way of doing things.
If you folks think that a GitHub repo and GPL license are all you need to vet an encryption algorithm, and you think that absolves an novel untested algo from being called “proprietary encryption” you’re gonna get burned one day because your trust was built on not understanding encryption.
Signal built their own encryption algorithm. That’s proprietary encryption. If you still think I’m wrong, pick up a dictionary, look up “proprietary” and “encryption”, and you might just have a chance at understanding that “proprietary” is an adjective that can apply to a lot of different words.
The encryption algorithm may be open source, but they rolled it themselves. It is proprietary encryption.
Again, it’s not, go to their github, check the code of the client, compile it yourself, and make a reproducible build to check that the client they ship to your phone is the same. You are talking nonsense.
You’re not getting what I’m saying, because you don’t understand what “proprietary” means in this context.
Proprietary encryption ≠ Proprietary code.
You can roll your own shitty novel encryption algorithm and license it under GPL if you want, it’s still proprietary encryption in that Signal has its own unvetted encryption algorithm instead of using a trusted existing algorithm.
EDIT: How are people not understanding this?
Proprietary licensing is different from a proprietary way of doing things.
If you folks think that a GitHub repo and GPL license are all you need to vet an encryption algorithm, and you think that absolves an novel untested algo from being called “proprietary encryption” you’re gonna get burned one day because your trust was built on not understanding encryption.
Signal built their own encryption algorithm. That’s proprietary encryption. If you still think I’m wrong, pick up a dictionary, look up “proprietary” and “encryption”, and you might just have a chance at understanding that “proprietary” is an adjective that can apply to a lot of different words.