Spideroak Semaphor 🆕 Software Suggestion | #1928

New Issue

2020-05-20T21:53:48Z

greydomain commented

2020-05-20 21:53:48 +00:00

(Migrated from github.com)

Basic Information

Name: Spideroak Semaphor
Category: Team Chat Platforms
URL: https://spideroak.com/semaphor/

Description

Semaphor is an open source team chat/collaboration platform that is provided with zero-knowledge and protected with end-to-end encryption with cross platform support, source code can be found here: https://spideroak.com/release/semaphor/source

Why I am making the suggestion

Since Zoom have acquired Keybase, and the idea of “server admin trust” and metadata issues with Riot, i struggled to find a good alternative to them.

My connection with the software

Just a user of Keybase who is trying to find a good alternative to Keybase after the ownership change

[*] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

## Basic Information **Name:** Spideroak Semaphor **Category:** Team Chat Platforms **URL:** https://spideroak.com/semaphor/ ## Description Semaphor is an open source team chat/collaboration platform that is provided with zero-knowledge and protected with end-to-end encryption with cross platform support, source code can be found here: https://spideroak.com/release/semaphor/source ## Why I am making the suggestion  Since Zoom have acquired Keybase, and the idea of “server admin trust” and metadata issues with Riot, i struggled to find a good alternative to them. ## My connection with the software  Just a user of Keybase who is trying to find a good alternative to Keybase after the ownership change - [*] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

dngray commented

2020-05-21 03:08:05 +00:00

(Migrated from github.com)

and metadata issues with Riot

You can eliminate any metadata issues for team platforms if you're self-hosting Matrix. Unless it's a peer-to-peer system most platforms will know who-is-talking-to-whom.

Spideroak was suggested in the past https://github.com/privacytools/privacytools.io/issues/129 have they obtained an official third-party security audit for their cryptography?

We're steering towards making that a requirement for new chat platforms to be listed. We believe audits from cryptographers provide essential insight into efficacy of the implementation for a specific service.

> and metadata issues with Riot You can eliminate any metadata issues for team platforms if you're self-hosting Matrix. Unless it's a peer-to-peer system most platforms will know who-is-talking-to-whom. Spideroak was suggested in the past https://github.com/privacytools/privacytools.io/issues/129 have they obtained an official third-party security audit [for their cryptography](https://spideroak.com/semaphor/whitepaper/)? We're steering towards making that a requirement for new chat platforms to be listed. We believe audits from cryptographers provide essential insight into efficacy of the implementation for a specific service.

nitrohorse commented

2020-05-21 08:01:19 +00:00

(Migrated from github.com)

Worth noting, the compressed file of their source is for v2.1.0 from April 2018 while the current version is at v2.2.0, last updated late 2018.

An aside, I probably wouldn’t call Semaphor open-source but rather their source is open for viewing I suppose. With their current setup of hosting a compressed file, there’s no ability for community collaboration or insight into commit history as I’d expect from an “open-source” project (don’t mean to split hairs here).

Worth noting, the compressed file of their source is for v2.1.0 from April 2018 while the current version is at v2.2.0, last updated late 2018. An aside, I probably wouldn’t call Semaphor open-source but rather their source is open for viewing I suppose. With their current setup of hosting a compressed file, there’s no ability for community collaboration or insight into commit history as I’d expect from an “open-source” project (don’t mean to split hairs here).

👍 1

dngray commented

2020-05-21 08:19:11 +00:00

(Migrated from github.com)

With their current setup of hosting a compressed file, there’s no ability for community collaboration or insight into commit history as I’d expect from an “open-source” project (don’t mean to split hairs here).

You are right to say that, keeping an eye on commits/development is important as it's a lot easier than auditing new versions of a tarball.

> With their current setup of hosting a compressed file, there’s no ability for community collaboration or insight into commit history as I’d expect from an “open-source” project (don’t mean to split hairs here). You are right to say that, keeping an eye on commits/development is important as it's a lot easier than auditing new versions of a tarball.

👍 1

blacklight447 commented

2020-05-27 12:47:32 +00:00

(Migrated from github.com)

in this case, i don't think semaphore will be right for Privacytools, it seems like they have put in a bare minimum effort so they can slap an "open source" label on their marketing campaign.

👍 2

This repo is archived. You cannot comment on issues.