Just beware that there are Signal forks where people do have modifications like being able to ignore delete commands. That's the downside of open source, that people can easily modify programs. This is also why Signal keeps a tight control over their servers. I'm happy that Signal has things open source, I think it is the better option, but I want to point this out because we need to recognize that the problem itself is over-constrained and there are not globally optimal solutions. It then becomes easy to justify several solutions and have us fight and go nowhere because we are arguing with different weighting criteria than the person we're arguing with. Those discussions are fruitless because we're speaking different languages despite being able to understand one another.
And just to be clear, Signal says that they try to reduce the trust on them to as little as possible. Not zero trust/trustless. They sell "low trust" instead.
I don't really see modified clients as having any impact on the security aspects. From a security perspective, once you have sent something, it is sent. There is no un-sending. A recipient running a completely unmodified client might have simply been on their phone at the time and seen the message notification come up, or the notification might not have disappeared when the message was deleted (this seems to happen with Telegram IME, notifications for deleted messages sometimes linger), or the recipient might have set up a computer to screenshot every incoming message with an unmodified client.
I don't understand what "low trust" means. It makes sense to talk about removing trust for individual employees in the organization, but when we're using a client distributed as a binary with no way to verify the source code used to compile it, we're forced to place 100% of our trust in Signal as an organization. Is that "low trust"?
> I don't really see modified clients as having any impact on the security aspects.
Your messages are only as secure as the least secure part of the network. In an absurd example, that other client could take your messages and publish all conversations straight to Twitter in the public. Effectively rendering the encryption pointless. While this is an absurd example, there are things people do that aren't drastically different, including unencrypted plain text backups.
> I don't understand what "low trust" means.
Trust isn't a binary option of: I trust this person/thing/group vs I don't trust it. There is a spectrum. The question is not "do you trust x?" but "how much do you trust x?" This is more obvious with people you deal with in your daily life. There are people you trust with some things but not others. I am willing to bet that you don't have two sets of people in your life: those that you're a complete open book with and those you are a closed book with. You share different pages with different people and this is okay. Signal's mission is to read as little of that book as possible while maximizing your security and privacy. That is low trust. I'm actually not even aware of a zero trust system in existence. All the ZKPs I know still require a trust in the setup process, so aren't completely trustless. Either way, you still need to trust that things aren't improperly implemented. Even if you check it yourself, you have to trust that you yourself didn't make a mistake. Trust is not binary, but a spectrum. There is no global optima and we need to be aware of the trade-offs being made.
> Your messages are only as secure as the least secure part of the network. In an absurd example, that other client could take your messages and publish all conversations straight to Twitter in the public.
Wait, are you talking about malware clients now? Because the original example was a client which does what its user wants to. Nothing can save you if the human at the other end wants to do something evil with the messages you send them, you don't need to use a modified client to share screenshots on Twitter.
> [The trust thing]
I suppose I don't see what the difference is though. Signal has complete control of the app, which means they have full access to all my messages if they want. Where does the "low trust" come in? How is it different from, say, Facebook Messenger, where Facebook also has access to all my messages?
> Wait, are you talking about malware clients now?
Not necessarily malware, but borderline malicious. I would consider someone uploading our chats in plain text (even to their backup) a "malicious" actor, even though they are probably naive. The point I'm making here is that modified clients can be harmful to _your_ security and that open sourcing a program makes it easier to modify in a way that does this. There are trade-offs here.
> I suppose I don't see what the difference is though.
I'm sorry, you don't see the difference between a binary outcome and spectrum? There just are very few things in the world that are actually binary. People trying to convince you that they are are typically bad actors.
> Signal has complete control of the app, which means they have full access to all my messages if they want.
Under what mechanism? The upside of an open sourced app is that you can actually verify that they don't have such a mechanism. That's where the low trust comes in. That they show evidence of their claims. They release court documents detailing exactly what they've released to governments[0], in combination with the ACLU. Which now means the ACLU is putting their reputation on the line as well. There's a lot of 3rd party actors that put their reputations on the line here and Signal going out of their way to demonstrate that they have nothing to hide. "Don't trust us, this is all the code here. Check it yourself."
And just to be clear, Signal says that they try to reduce the trust on them to as little as possible. Not zero trust/trustless. They sell "low trust" instead.