alt Hacker NewsAlso signals spam folder isn't open source on server side. They literally have code that reads your messages and checks if spam or not and you cant see what it does or how it's written.
Couple this with signal being the preferred messaging app for 5 eyes countries as advised by their 3 letter agencies and well if you think those agencies are going to be advising a comms form they can't track, trace or read you obviously don't understand what they do.
While it seems to be true that it’s not open-source, they claim (in strong terms) that they use techniques other than reading the message to make that assessment:
https://signal.org/blog/keeping-spam-off-signal/
They point out that the protocol’s end-to-end cryptographic guarantees are still open and in place, and verifiable as ever. As far as I can tell, they claim that they combine voluntary user spam reports and metadata signals of some sort:
> When a user clicks “Report Spam and Block”, their device sends only the phone number that initiated the conversation and a one-time anonymous message ID to the server. When accounts are repeatedly reported as spam or network traffic appears to be automated, we can issue “proof of humanity” checks to suspicious senders so they can’t send more messages until they’ve completed a challenge. For example, if you exceed a configured server-side threshold for making requests to Signal, you may need to complete a CAPTCHA within the Signal application before making more requests. This approach slows down spammers while allowing regular messages to continue to flow.
Does that seem unreasonable? Am I missing places where people have identified flaws in the protocol?