Privacy

33055 readers

625 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

149

Signal on F-droid Guardian Repo (lemmy.today)

submitted 2 days ago* (last edited 21 hours ago) by sic_semper_tyrannis@lemmy.today to c/privacy@lemmy.ml

44 comments fedilink hide all child comments

I just noticed today that Signal (not talking Molly) is now available on F-Droid via the "Guardian" repository.

Just wanted to give everyone a heads up.

you are viewing a single comment's thread
view the rest of the comments

[–] KnightontheSun@lemmy.world 4 points 1 day ago* (last edited 1 day ago) (3 children)

Please forgive if this is a stupid question, but what is the difference between the play store version and this? Assuming it is not altered by a bad actor.

[–] Wolfie@lemm.ee 6 points 1 day ago

As i recall, ALL apps in google play store, have to have some sort of google shit embedded into it. Therefore, its better to download something outside of google if you want to remain degoogled.

[–] refalo@programming.dev 3 points 1 day ago (1 children)

I would hope the difference is that the f-droid version does not contain any proprietary code.

[–] Andromxda@lemmy.dbzer0.com 1 points 18 minutes ago

No, it's not a special "FOSS" version, it's just the official binary distributed through the Guardian Project repo (as I have proven: https://lemmy.dbzer0.com/comment/16230276). If you want a FOSS variant, check out Signal-FOSS or Molly, they also offer a FOSS variant. You can either download it from their custom F-Droid repo, pull the APK from GitHub using Obtainium or get it from Accrescent.

[–] powermaker450@discuss.tchncs.de 2 points 1 day ago (1 children)

I think the main difference is that the Play Store version can use FCM (Google Play Services) for notifications, while the APK Signal distributes only receives notifications over a background WebSocket connection.

[–] KnightontheSun@lemmy.world 1 points 1 day ago (1 children)

That is interesting. Thanks to you and the others.

Does the use of the google play services allow google to sort of…listen in or be privy to your app usage in any way?

[–] powermaker450@discuss.tchncs.de 4 points 1 day ago (1 children)

Google cannot see any message content of Signal notifications through FCM. It's more like a "heads up" to the Signal app, telling it "hey, there are new messsges. wake up and check what they are.". The Signal app then checks for messages and does all the decrypting and whatnot itself.

While it's possible that the timing of FCM telling the app to check for notifications could be used to correlate activity, that's an edge case that if you are concerned about can be easily avoided by just using the background WebSocket or a fork of Signal like Molly that allows you to use a third-party UnifiedPush provider to check for messages in the background, instead of FCM.

[–] KnightontheSun@lemmy.world 2 points 1 day ago

Yes, the activity was what I thought of. Thank you for helping to educate me!