240
How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes (www.wired.com)
submitted 4 weeks ago by jeffw@lemmy.world to c/technology@lemmy.world
46 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] pineapplelover@lemm.ee 16 points 3 weeks ago

Not to mention TeleMessage violated the terms of the GPL. Signal is under gpl and I can't find TeleMessage's code anywhere.

Edit: it appears it is online somewhere just not in a github repo or anything

https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/

[-] echodot@feddit.uk 7 points 3 weeks ago* (last edited 3 weeks ago)

I'm pretty sure that the licence also requires that you link to the source code. You can't just have it up "somewhere" and just expect people to find it.

[-] Kazumara@discuss.tchncs.de 5 points 3 weeks ago

Yep. Relevant sentence bolded by me below

6d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements.

[-] pineapplelover@lemm.ee 3 points 3 weeks ago

"yeah my code is open source, it's somewhere on this site I'm just not gonna tell you where it is."

[-] Revan343@lemmy.ca 1 points 3 weeks ago

The requirement in the licence is that the source code or a link to it is distributed along with the binaries

[-] Kazumara@discuss.tchncs.de 4 points 3 weeks ago* (last edited 3 weeks ago)

violated the terms of the GPL

Well we don't know that, the terms say that you need to make the source available to people who got the binary. Either ship them together or ship a written offer for obtaining the source with the binary. You do not have to make the source available to the public (but any of your customers later could).

To verify your claim we would have to get the binary from them, and check if source or an offer for it was included.

Edit: The above is true for GPL2, but it seems Signal is under GPL3, in which distribution of offers of source have been curtailed a bit compared to GPL2, if I'm reading Section 6 here right

this post was submitted on 18 May 2025
240 points (99.6% liked)

Technology

71448 readers
1148 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws