Remember early this year when WhatsApp changed its policy about sharing data with Facebook in an attempt to start profiting off of the large WhatsApp user base? Lots of people thought that switching to Signal would be a good solution to that. Signal was an open source app and service that had great end-to-end encryption to ensure your communications privacy. You may also remember my article called “Stop being naive when it comes to things like WhatsApp, Telegram, Signal, etc.” Signal happens to be one of those centralized messaging service that you need to be suspicious of. It’s clearly designed to amass a large group of users and then switch to some type of business plan that can take advantage of those users.
Well, Signal has just taken another step towards removing that privacy & security trust that they tried so hard to earn. That’s right, Signal is going closed-source!
Why is this going to be bad for users? Well, having closed-source components on a centralized system means that the people in charge of that system can do anything they want with user data without the users knowing. Open-source is the ultimate way of building trust in terms of security & privacy, and Signal is now weakening that aspect of their product. Sure the rest of that blog posts SAYS they still care about security & privacy and provides a bunch of excuses for making that decision, but going closed-source after building a user base on openness is pretty suspicious.
Furthermore, as FediFollows notes, “If Facebook/Google/Amazon offers Signal Foundation, for example, $20 billion to Signal either as a purchase or a donation or some kind of partnership agreement, what happens next? We don’t know. What we do know is most Signal users would be stuck the same way most Whatsapp users were when its privacy was degraded.”
Like what Apple is doing with adding content scanning back-doors to iMessage, Signal is doing this under the guise of reducing spam.
This is just the next step towards Signal becoming more un-ethical. Earlier this year they did something else suspicious with the MobileCoin cypto-currency support. You can learn more about that in this video:
These shady tactics should not come as a surprise as this is just history repeating itself. All of the centralized messaging apps that we’ve been using since the 1990’s have had similar predictable behavior: 1. do whatever possible to get lots of users, 2. do something to take advantage of those users, 3. profit, 4. lose users and become irrelevant. The only ones that have lasted are the ones that are completely open like email, IRC, and XMPP.
Signal doesn’t really need to be centralized and their spam blocking software doesn’t really need to be closed source. There are dozens of open-source spam blocking programs for the completely decentralized and open-source email protocol. We’ve got Apache SpamAssassin, MailCleaner, OrangeAssassin, etc. You can even get an open-source email client that uses the same Signal interface. See: 10 Ways Delta Chat is Better than WhatsApp, Signal, and Telegram. Signal probably wants to be centralized and closed source so that they can be in control and feed users money making scams like Mobile Coin.