pallas

joined 1 year ago
[–] pallas@lemmy.world 1 points 1 year ago* (last edited 1 year ago) (1 children)

I'm aware of few people who use SMS in Europe, and very few people who use it as their primary means of texting; I've even seen people outright ask that they not be sent SMSs. WhatsApp is almost ubiquitous, and it often feels like it's assumed everyone has it, even if they don't use it as their primary texting method.

It does seem very common in the US, however.

[–] pallas@lemmy.world 4 points 1 year ago

I think you're referring to the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, also described in this Verge article.

My understanding is that this doesn't actually require a backdoor be pre-built. It does require that, upon notice, a company or individual provide access to encrypted data (eg, via a backdoor) or assist in obtaining that access in some way, up to introducing a backdoor into their own software or compromising it. There is however a "systemic weakness" limitation, such that no one should be required to introduce a somewhat vaguely defined "systemic weakness" in their software in order to comply with demands. There's also no requirement that a backdoor be added before requests.

I expect that this means Signal would just stop offering software in Australia if they received a request, or make an argument about systemic weakness, though what Australia would likely ask for would be targeted replacement of the app with a signed but malicious version, to avoid that argument. There is also a question of enforceability against foreign companies: Australia is not the US, with the ability to extradite people who have no real connection to them, so Signal could quite possibly just ignore the Australian law.

If I recall correctly, the law also applies to individuals, and could compel them to maliciously act against other organizations; I remember there being the argument that the law meant that security-minded companies and projects should not allow Australians to contribute to their software at all.

[–] pallas@lemmy.world 11 points 1 year ago* (last edited 1 year ago) (2 children)

They tie themselves very closely with Google services, to the point that they refuse to be on FDroid by design

While they do push the Play Store version, they also have an APK, and my understanding is that it does not rely on Google Play Services, though it might be buggier without them. If I recall correctly, the origin of Signal not being on F-Droid was related to the building and signature model that F-Droid used (builds by F-Droid, then signed by F-Droid's keys), as mentioned in, eg, this issue. With that said, it has been pointed out that there are alternatives, like a separate repository, than, eg, the Guardian Project uses, and F-Droid apparently does now have a process for developer-signed apks.

Their general hostility toward outside developers and forks, however, and that the awkward server side code availability seemed to be related to the brazenly problematic cryptocoin advertisement, are extremely disappointing, however.