Ouch.
Not speaking for the collective, but personally, as someone who’s been continually asked to move to codeberg or src.ht, I can attest that the freebies from GitHub are too good to ignore.
For FOSS projects that aren’t awash in money, all that (however awful) CI/CD infrastructure to go with code & project (issues) hosting for free is god sent.
It is scary, but I get annoyed at having to code without assistance from LLMs Copilot, the Pro version of which is offered for free to developers of “popular”[1] FOSS projects using GitHub.
Lastly, GitHub Sponsors is undeniably a frictionless way of getting money through the door. For our projects, we draw ~£50/mo (which is like only £1450 short of our monthly needs) which otherwise would be £0. For context, GitHub Sponsor’s ~£50/mo is 50% of all our project’s sponsorship from all other placements combined.
(Also, for some reason, this comment was not moved, and so, copy pasting):
That’s more of an indictment of iOS than of Signal. And yet, you’d see some claim there’s no real difference.
Unsure, but the mechanism exists, regardless.
I mean, you’re quite well-versed (:
… as a non-practioner, I don’t either; but from their technical & political blog posts over the years, it does seem like they do care about state actors.[2][3] That said, Signal has been very clear that they draw the line at “usable security”.[4] For instance, sticking with phone numbers as the sole enrollment mechanism (despite the costs; apparently “registrations” via SMS costs Signal 2x more than what they pay for bandwidth).
The positive I see is, their client apps provide weaker guarantees relative to Signal’s server-side deployments, sure, but at least there exist indicators of compromise (reproducibility / code transparency for Android) and alternative access (for iOS users via Signal Desktop?).
Unsure show they define “popular”. ↩︎
Signal is not made for pristine academic speculation, it is made to be used by real people, all over the world. And many millions do use it, turning to Signal for a safe and pleasant space where intimate, experimental, and private communication can happen outside of the surveillant gaze of dominant tech companies and states who can and do subpoena their data. Signal >> Blog >> A Message from Signal's New President ↩︎
In the midst of world-wide protests against racism and police brutality, a lot of people are becoming more immediately aware and concerned about the security of their data and online communication. We’ve gotten a lot of questions at Signal over the past week, so we wanted to briefly recap how it is that we’ve designed Signal, and how we think about concepts like privacy, security, and trust. What if the worst should happen, and some unauthorized party were to compromise Signal? Signal >> Blog >> Looking back at how Signal works, as the world moves forward ↩︎
From the beginning, the team behind Signal put people and their needs at the core of their commitments. They understood that iron-clad security is fairly pointless if people can’t use, access, or feel comfortable with it. In other words, if my friends won’t use a messaging app, it doesn’t work as a messaging app. It works as a thought experiment, at best. Understanding this, Signal’s developers and designers created an app that honors people’s needs and expectations, while maintaining strict privacy promises. This is something that’s incredibly difficult to do, and that reflects significant vision and humility. Signal >> Blog >> A Message from Signal's New President ↩︎