Privacytools.io: Spideroak Semaphor 🆕 Software Suggestion |
Basic Information
Name: Spideroak Semaphor
Category: Team Chat Platforms
URL: https://spideroak.com/semaphor/
Description
Semaphor is an open source team chat/collaboration platform that is provided with zero-knowledge and protected with end-to-end encryption with cross platform support, source code can be found here: https://spideroak.com/release/semaphor/source
Why I am making the suggestion
Since Zoom have acquired Keybase, and the idea of “server admin trust” and metadata issues with Riot, i struggled to find a good alternative to them.
My connection with the software
Just a user of Keybase who is trying to find a good alternative to Keybase after the ownership change
- [*] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.
greydomain
All 4 comments
and metadata issues with Riot
You can eliminate any metadata issues for team platforms if you're self-hosting Matrix. Unless it's a peer-to-peer system most platforms will know who-is-talking-to-whom.
Spideroak was suggested in the past https://github.com/privacytools/privacytools.io/issues/129 have they obtained an official third-party security audit for their cryptography?
We're steering towards making that a requirement for new chat platforms to be listed. We believe audits from cryptographers provide essential insight into efficacy of the implementation for a specific service.
dngray
on 21 May 2020
Worth noting, the compressed file of their source is for v2.1.0 from April 2018 while the current version is at v2.2.0, last updated late 2018.
An aside, I probably wouldn’t call Semaphor open-source but rather their source is open for viewing I suppose. With their current setup of hosting a compressed file, there’s no ability for community collaboration or insight into commit history as I’d expect from an “open-source” project (don’t mean to split hairs here).
nitrohorse
on 21 May 2020
With their current setup of hosting a compressed file, there’s no ability for community collaboration or insight into commit history as I’d expect from an “open-source” project (don’t mean to split hairs here).
You are right to say that, keeping an eye on commits/development is important as it's a lot easier than auditing new versions of a tarball.
dngray
on 21 May 2020
in this case, i don't think semaphore will be right for Privacytools, it seems like they have put in a bare minimum effort so they can slap an "open source" label on their marketing campaign.
blacklight447-ptio
on 27 May 2020
Related issues
ghost
·
61Comments
ghost
·
108Comments
ghost
·
40Comments
dm17
·
87Comments
hyc
·
61Comments
Most helpful comment
in this case, i don't think semaphore will be right for Privacytools, it seems like they have put in a bare minimum effort so they can slap an "open source" label on their marketing campaign.