108
Signal under fire for storing encryption keys in plaintext
(stackdiary.com)
If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
The back end is open source, but sometimes they've lagged years behind releasing the source code. Other developers have stood up copies of the signal network. Session, for example.
You can self host your own signal, but it's not federated, so you'd have nobody to talk to
So effectively its not FOSS.
It's absolutely FOSS. It is not, however federated. But that is not a requirement to be free and open source software
Think of it like this, Linux is free and open source software, even if I don't give you a shell on my computer.
You can use the code, however you want, in any project you want.
I think this is the more worrying part if true. The backend is licensed under the AGPL, so this would technically be a ~~violation~~ of their terms
Edit: For anyone else reading I looked into it a bit more and looks like the issue came to a head around 3 years ago, with this comment being made after a year of missing source code. The public repo has been pretty active since then, so the issue seems to be resolved