i’ve just seen a comment in a post, in this very community, saying people trust signal because of missinformation (from what i could undertand).
if this is true, then i have a few questions:
-what menssaging app should i use for secure communications? i need an app that balances simplicity and security.
-how to explain it to my friends who use signal because i recomended?
-what this means for other apps in general?
You must log in or register to comment.
It’s fine as long as you don’t do something silly like invite a journalist to your top secret government group chat.
Or use a third party client that doesn’t have as much scrutiny on the source code and will Leak your message s
man imagine trusting in an israeli signal fork lmao
Given what you’ve said, Signal is still what you want and is good for it.
There are two main issues people have with Signal:
First is that it requires a phone number to sign up. That makes some people who want it to be truly anonymous unhappy. It’s not meant to be anonymous, though. It’s meant to be private. Those aren’t the same thing.
Second is that it runs on AWS. This isn’t a problem in the sense that it’s possible for it to still retain privacy while running on AWS. Some people don’t like it because they view the dependence on the infrastructure of an American company to be a risk to availability. They also believe that it would exacerbate a security flaw if one were found.
Personally, I know these risks and still find it to be the best balance between privacy, security, and ease of use.
PRODUCT PITCH: Hey everyone, I have a great idea for a secure / private messaging service.
It’s hosted in the US, subject to its pervasive spying laws including national security letters.
Also I need all your phone numbers.
Also no you can’t host this yourself, I run the only server.
Everyone who uses signal and supports it, is falling for this pitch.
not to shit on you specifically but I see this over and over, folks asking how to be “secure”. secure against what?
if you’re into this, you need to set up a “threat model” i.e. what are your threat vectors and then you build your defenses against that model. a defense against blanket surveillance doesn’t handle targeted threats. a successful defense against your government doesn’t preclude other nation-state actors getting at you.
like, if your threat vector is e.g. your SO “inspecting” your phone, you set up a passcode and you’re safe against that threat. but, if there’s a toddler going around smashing stuff, your defense isn’t valid. defense against that vector is placing your phone high up. but that defense isn’t effective against SO.
I am sure any messenger recommended here can be successfully red-teamed, be it design flaws, operator error, the famous wrench comic, or whathaveyou. but that doesn’t mean it’s ineffective in your specific case.
There is none. Theres like 0.1% of people who complain about it who have a valid point.
And those points are always meaningless in light of the alternative’s drawbacks.
Being tied to US infrastructure isn’t a valid concern?
What then is the difference between it and Whatsapp? Both claim to use the Signal secure protocol but you can never confirm that since their codebases are closed source and proprietary.
Even the alternatives like Briar acknowledge on their FAQ that Signal has pros
i agree with everything you said about signal, but i’m uncomfortable with a lot of the alternatives. a cryptographer i follow has written about a couple of these: xmpp, matrix three or four times (linked in the introduction to the post), others
Look at Delta chat.
I saw a good response to the XMPP thing he wrote about I’ll get back to you Rizzler. The “encryption isn’t enabled by default” thing just isn’t true for the clients people actually use, for one.
I checkedout the SimpleX website and the webdesign looks like “crypto rugpull”
There is no problem
Signal is the best “easy” alternative. And DIY leaves many holes for rookie errors.
Do explain what makes it better than SimpleX Chat?
Would love to use SimpleX too, but the plan fell apart while trying to use it with family. Surprisingly many people fail to grasp the concept of anything other than a phone number, social media profile, or email address. It fell apart among my more tech-savvy friends because we missed calls and had delayed notifications despite SimpleX eating through the battery like no other messaging app.
No doubt, SimpleX is the concept of a messaging app done right and could be better than any other. It’s just the implementation that needs work. But I’d be happy to hear if there’s any optimizations I could try and revisit it.
My contact coulds find me by phone number. I changes my status on WhatsApp and half of the regular contacts decided to use Signal. If I want to use SimpleX I would have to invite them all and just hope they’ll adopt.
I don’t need my phone number to be private. I want my communication to be private.
You deciding to invite your contacts to Signal isn’t really Signal being better though.
Better at connecting with the people in my life, the people that I want to stay in touch with on a regular basis.
Signal does have your phone number, which is a problem.
On the other hand, the only information linked to that phone number is, “the person with this phone number uses signal”. AFAIK your phone number is not linked to your contacts, your message content, etc.
So in practice, the fact that Signal has your phone number is probably only a problem insofar as you don’t want anybody to know that you use Signal.
But to be fair, why have that issue if you don’t have to. Signal is actually good, still, but there are even better alternatives.
Well, it’s 100% linked to your contacts in one way or another because when you install it Signal will happily alert you to which ones of your contacts are already using Signal. I can’t see how they could manage that without slurping up your contact information.
AFAIK the client slurps up your contacts, but the E2E encryption ensures that the Signal server cannot actually see those.
This is long, but answers your questions: Why Not Signal?
-how to explain it to my friends who use signal because i recomended?
Okay it doesn’t answer that one. But also, whether they should use Signal or not depends on their threat models. Many people don’t see the US police state as a threat.
Best answer/link and cause…
I am under the impression that Signal encrypts metadata so that is useless to sell. The only thing they can turn over to law enforcement after a lawful warrant is the phone number an account was opened with (and maybe the date that happened) and the date of the last time the account was used. That is all.
Did you ask the commenter what the issue was? Seems like the logical place to start.
You’d think so, but sometimes they just angrily rant with no clear point or references.
But that would mean that you shouldnt accept their claim, regardless of how conceivable the claim might appear to be. Otherwise, we loose our minds to common sense.
Using phone numbers is the only real criticism imo any service that uses phone numbers is fundamentally compromised.
They offer encrypted messaging, not anonimity. They offer a way to keep your conversations private. It’s not an opsec tool, it’s not a tool to be used by the military. It’s a platform for regular people that don’t want to get spyed on or don’t want their conversations to be used agains them when legislation changes.
"Nullum crimen sine lege, nulla poena sine lege’’
Still phone numbers are just really really bad. Like the worst thing you could possibly choose when it comes to verification.
Why?
I’m put off by the centralized server. I’d want to self host without having to build a special client, something like nextcloud. That the company chose to prevent that gives me a bad impression. So I haven’t been using it so far.
I’ve played with GNU Jami a little but it was flaky when I tried it last year. Maybe it’s better now.
Signal is great, but it is centralized. Session messenger is a great example of decentralizes e2ee messaging.
I used Session for a couple of years, but switched back to Signal because it did a poor job with media sharing.
It’s been a while since I switched back, so maybe it’s fixed now?
Signal is closest to WhatsApp but in a open source format.
Is there anything else as close?
