The problem here is not the fork itself tho, and it rarely is. The very obvious and openly communicated issue is the complete undermining of E2EE and sending everything to a single entity. Of course, very niche forks may have too few eyes on them to detect malicious changes, but that just isn’t at all the current situation with the Signal fork.
What do FF forks have anything to do with that?
Risk of forks of a FOSS project that turn out to have added a vulnerability I think is the point.
The problem here is not the fork itself tho, and it rarely is. The very obvious and openly communicated issue is the complete undermining of E2EE and sending everything to a single entity. Of course, very niche forks may have too few eyes on them to detect malicious changes, but that just isn’t at all the current situation with the Signal fork.
I’d argue security through obscurity was gone by 2000, for anything that can be pinged.
Was the Signal fork FOSS?