93
Advice column: Why trust Signal?
(freedom.press)
This is a most excellent place for technology news and articles.
It's not and I'm not sure how that article arrived at that conclusion. Their E2EE crypto is problematic homebrew crypto, but that's very, very different from being closed. The whole desktop client including the implementation of that crypto is fully open source and lives right on GitHub. Plenty of people have independently reviewed it and came back with a very iffy impression of the whole thing.
Really the only difference is that Telegram doesn't publish their backend, but the one Signal publishes is missing a couple of bits related to their "spam filter", which happens to take in the source & destination of messages and do anything it wants with them. That doesn't matter for either platform's E2EE properties in any case, since distrusting the server is the whole point of E2EE.
Desktop client does not even have e2e, lol. (I don't know if there are third-party options that do).
I'll freely admit I don't use that thing and was under the assumption it was feature complete. Regardless, the Android and iOS clients are also open, and I've found absolutely no indications that there's any blobs in the repo or the like.
From what I've seen, there are some blobs. At least Telegram-FOSS says:
Same page is where I learned you cannot register from third-party clients btw. Not nearly as big of a blow as removal of desktop registration, but still gross that you'd have to touch a partially-proprietary official app first.