- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
You must log in or register to comment.
Humans are too stupid to switch from convenience to slightly less convenience even if they get privacy for free. Any amount of discomfort is too much and changing an app is basically death.
They see no value in it. They don’t see that privacy is proactive measure that can protect you.
On Facebook, especially in my family, accounts get lost and hacked. One fine day, it might be someone with more influence in the family who’s attacker might make off with stolen bank information or passwords.
but “that’ll never happen”, right?
I will use the opportunity to remind that Signal is operated by a non-profit in the jurisdiction called “the US”. This could have implications.
A somewhat more anarchist option might be TOX. There is no single client, TOX is a protocol, you can choose from half a dozen clients. I personally use qTox.
Upside: no phone number required. No questions asked.
Downside: no servers to store and forward messages. You can talk if both parties are online.
You can use Signal with a different client. Signal being operated within the US has no effect. As of now the jurisdictions that I know of to be worried about are:
Sweden, where a law is proposed to add an encryption backdoor
The EU, where leadership is pushing for an encryption backdoor
France arrested the founder of Telegram for using end to end encryption in Telegram
Australia in 2018 passed a law that enabled the government to require communications platforms add a backdoor for government decryption. The Director of the Australian Security Intelligence Organisation (ASIO) said that “privacy is important but not absolute”. Which has the same vibes as “this is not about human rights, this is about human life.”
WhatsApp was previously suspended in Brazil for refusing to hand over decrypted messages.
China and Russia are very obvious problems. Here’s an easy one of many examples
The White House both in Trump’s first term and in Biden’s presidency were pro-encryption. Signal and Tor were US government funded projects. That’s not to say the US is great on encryption, and there have been laws in the past that did/were proposed to limit it. But, as of now, it seems that the US is (edit: one of) the most hospitable jurisdictions for encrypted messaging non-profits.
BTW, I’m not saying using Tox is bad, or that Signal is good, I’m just talking about the US jurisdiction part.
You can use Signal with a different client.
Can you advise, which one would be a good one? Because I actually use Signal too, it’s just misbehaving a lot recently.
I have had endless difficulties with Signal forcing upgrades on me and requiring to sign in on the phone, under threat of deactivating my account (I use it on a PC).
I’ve never used any, but Molly seems well liked
Well yeah we could also use Briar or whatever… but would your grandma?
i’ve only managed to get some of my fam to move over to signal. the other half full on refused
deleted by creator
Not sure if you’re actually sincere or are sarcastically making fun of Tox’s onboarding. That’s a long key.
deleted by creator
They’re probably not joking, TOX IDs are like that. :) Mine is:
CA9A4C1968AA38CC93CB32F31F3682AB897ABA42C90E6F0EA5E1FB541930FD64138B4CC09AD*
(*the number opposite to the first is the number that comes after one, for spam bots)
deleted by creator
TIL I have no family I care to keep in touch with and I have no friends.
Don’t ask me for a phone number and I’ll use it.
When did WhatsApp start allowing signups without a phone number?
No clue. Never even tried to use it since it’s a Meta product. I was referring to Signal’s phone # requirement being a non-starter.
So what do you use now?
I use Element.
I use both and have been happy with both, but note that Element / Matrix have recently announced the intent to add paid service tiers.
Fair enough, servers cost, you can self host it too…
Remeber, If it’s “free”, you are the product.
Matrix
The irony of you posting this on lemmy, which won’t allow posting from a VPN or masked email addresses is not lost on me.
The amount of hoops I had to jump through to make this comment and maintain some semblance of privacy is infuriating but at least it’s not reddit I guess?
But do go on about your security standards…
Edit: BTW, you can set signal to hide your number completely. Combined with FOSS-based encryption keys on-device makes signal the only choice for trying to maintain freedom of expression globally.
Nothing will protect anyone from messaging with a snitch who knows how to screenshot though. Food for thought… get to know your neighbors now.
If you’re reading this comment, I posted it from proton vpn
Thanks, appreciated. I installed Nord on my linux box as well, then set that to openvpn technology and obfuscated servers which worked. I’d prefer to use their quantum-proof encryption but there’s no way to bypass VPN checks if one sets that. I think it’s a mistake on lemmy’s part to even put that hurdle up, but it is what it is. Having one’s real world identity tied to social media is a risk going forward. Data is the enemy.
Data is 100% the enemy and you’re right, lemmy would be moronic to put that roadblock in place
They DID put that roadblock in place. That’s kinda my point. You have to loosen a VPN’s security to post here (as I’ve had to do to reply). It says “no posting from VPN” in the lower left if one uses more advanced/secure encryption. They also don’t allow account creation from masked email platforms like fastmail.
You’re using the wrong lemmy server then, no problem with mine
It doesn’t matter if you hide the number; at some point they deanonymized you when you signed up.
Want to be a dick about “hoops”? Get a number that isn’t traceable. It can be done, but it’s tough. I doubt its possible in the countries that really need anonymity of association.
Deanonymized isn’t a risk with end-to-end FOSS-governed encryption (as compared to Meta’s mysterious backend that manages keypairs for whatsapp and messenger). Sealed Sender can even obfuscate the metadata of the recipient for further snooping hurdles. Nothing is perfect, and any participant can silently ex-filtrate conversation data with another camera.
Duck duck Go VPN connection here
When they dropped sms support I was no longer able to convince people to migrate to signal.
Before I could make the argument that you need one sms app anyway so that app might just as well be Signal instead of the one that comes preloaded with your phone. That way people would gradually get more and more secure messaging as time went on. When sms support was dropped, Signal could not replace an existing app and adding another messing app is much less appealing than replacing one.
How do we know signal isn’t also run by a techbro who just wants our data?
I don’t think that the founders are bad people. If you look at their history of work, they have done enormous amounts of work in the computer security sector. The founder, however, did run a cloud based WPA cracking service.
Meredith Whitaker, who is the president, used to work at Google doing research for “issues related to net neutrality measurement, privacy, security, and the social consequences of artificial intelligence”.
In 2018 she then staged walkouts at Google over concerns of sexual misconduct and citizen surveillance.
The people on Signal’s board seem to be trustworthy people with a pretty airtight background. You have to worry more about the mobile operating system compromising you than do you about Signal.
Does it really matter who made it if you can see the source code? You don’t have to trust them.
That’s kind of a core tenet of libre/open software, innit? Independently verifiable software that you can change at your pleasure.
Can you though? Can I build the apk myself and use their services?
Yes, you can use their exact build environment straight from GitHub. You can also use Molly.im which is another app that i think is a fork? Im still investigating it.
My wishlist is an app which is not linked to a phone number, is multi platform and has a web app. It should be none US and open source. That isn’t too many requirements and yet nothing seems to full fit the bill? Anyway good luck trying to get school parent’s groups to use something other than WhatsApp.
Matrix fits the bill.
Unless you don’t like the federated nature.
XMPP/Jabber via a web client like movim.eu sounds like it ought to work!
You can also look into Snikket as a host for small groups like friends or family, but can continue to use the Movim web client even if you’re hosting with Snikket rather than Movim itself.
Matrix and Element. Run your own server if you want or use a server that’s not in the US.
I would like nothing more, but so few of my contact group are willing to switch away… despite all of Meta’s bullshit. I resent being made to use it whilst their AI/ads encroach further and further.
Anyone know why the Signal app isn’t available on F-Droid? Isn’t it supposed to be open source?
I think it’s by request. the fdroid team build every single app in their repos which means that they are not always fully up to date, so signal argues that whenever they need to push a security release people on froid would take forever to update.
I think I’ve had this issue with simplex. I’ve had to wait over 2 weeks for an update. That’s why I’m using obtanium for it instead
Molly is in f-droid, though it’s technically third party. Looks identical though.
I was looking at Molly.im and it has its own f-droid repo. There are two options: with and without Google servicios.
You can install and update it through Obtainium directly from GitHub.
I will switch to signal when I can avoid installing stuff on bunch of my devices. Until web version is available, sorry it hard for me to switch and for me to convince other people to switch.
I don’t believe in signal.
I use it mostly for family chats, I got the extended family to use it rather than Facebook Messenger
What makes you not trust signal as against WhatsApp?
Interesting phrasing. How so?
I believe in it,… for now.
I moved my family group to xmpp to have more personal control over our chats. Signal seems benevolent, but I’ve seen this play out before. Will it stay that way? We treat online forums with the idea that federstion works to stop enshittificstion. I believe XMPP is a good model for federating secure chatrooms for the same reason: People should control the voices of the people, not companies.
I am so excited to see people embracing xmpp! I’ve been using it since 2010 and I was really bummed when my company got swallowed up by a huge conglomerate and we were forced to use their shitty proprietary one.
Compare with Zangi Private Messenger. Yes, every country who has jurisdiction has access. Just ask yourself, which gov do I trust more with my private chats?
I got tired of asking my family to download yet another app. Went iPhone at this point.
How many apps did you ask them to download?
Personally, I only asked for this one, and everyone who is of importance to me chose to do it.
I went from Telegram to WhatsApp. That was enough to annoy my people.
You know and I was the biggest smack talker of apple and I got the 16 pro just to get encryption when talking to my mom and husband. I can see why people like these things.
But it does feel very basic coming from a long time Samsung user.
SimpleX as well!
The founder of SimpleX is out of his mind. Check yourself: https://xcancel.com/epoberezkin
It doesn’t look good indeed…
Sadly, that’s what we have to work with. The app is pretty good though
TIL the founder is a transphobic and conservative piece of shit
Made a post to raise awareness
Avoid the lemmy.ml community because it’s moderated by that fucker
IMO the best on-boarding I have seen in a chat app. Just scan each other’s QR codes or click a link. No account management because ID is unique to each conversation.
Signal and WhatsApp need a phone number, Matrix/Element is needlessly messy, XMPP/Conversations is sensible IIRC (ID + password)
Just got the app. Really like the idea!
Removed by mod
