Signal’s server is open-source

Prove it, give me ssh access to their centralized server so I can verify that they’re running the code they’ve published. Otherwise this is a “just trust me” claim.

Also, I don’t think Signal can get your name without a government to look it up.

There are 10 websites that publicly publish phone number and identity info, right now. Not even a government, but a random stranger can convert your phone number to your real identity.

what information is provided to an entity about whom.

“Content” and “Context”

Why is only message text considered “information / content / context” here. Signal has your real name and address via phone numbers, and has every other real person you talked to, and when. Why is “message text” considered context, but social networking graphs aren’t?

All these definitions are highly subjective, and the above one clearly considers social networking graphs to not be “content”. Basically they’ve re-defined privacy in a way that excludes highly sensitive information like everyone you talk to, and when.

thanks to end to end encryption. You can evaluate the protocol yourself with your own eyes, except clearly you cannot read, but modulo that.

This means nothing when you have no idea what code the server is running, they even went a whole year without publishing their server code updates, until they got a lot of backlash over it. Real security doesn’t require a “just trust us” claim.

Also, metadata is content. Even if they don’t have the message text, Signal still has the real identities of everyone you talked to, and when. With that you can build social network graphs, which are far easier to harvest and more useful anyway than trying to read through message content and determine meaning.

Signal is not open source, its a centralized US service, and you have no idea what their server is running. They even went a full year without publishing server code updates at one point, until it caused enough of a backlash that they started doing it again. But publishing that is no guarantee of anything, because you have no access to their server.

mathematically impossible for Signal to gain access to your sensitive information (except for your phone number, obviously).

A phone number in most countries, including the US, means your real name and address.

No one should be recommending signal over matrix and simplex. It’s probably more secure than whatsapp, but both have social network graphs of everyone you talked to, and when.

mean you know what’s going on in my house

Signal knows the real identities of everyone you talk to, and when. Is that not “knowing what’s going on in your house?”

So its a “private” and “secure” US corporation that knows everyone I talk to and when? I’ve heard this one before.

I don’t consider it “private”, if you were to know the real identities of everyone I was talking to, and when I talked to them. I’m not telling any US corporation like signal that especially.

This thread shows the success of Signal’s PR campaigns, and how a shiny app can get people to overlook all the privacy concerns. They’re just as successful as Apple at getting people to think that a US-based corporation hosted on Amazon’s servers and subject to national security letters, whose privacy model is “just trust us with your phone number”, is in any way secure.

He does not know what I do, other than observe that I ride a John Deer around in the fields and corn comes up shortly there after. Riding a John Deer in a field is observable by all public passers by.

So because he knows only a limited amount, that’s the distinction between private and anonymous?

Signal is not your neighbor. Signal’s DB stores phone numbers and knows who you are, and who you talked to, and when. Are the people you talk to considered “public”, to a US-based corporation?

It was originally funded by amdocs, a US and Israeli company, but they have their own funding for many years now.

Regardless, considering its entirely open source, buildable from source, self-hostable (and auditable), which is more than you can say for signal, where the back end is centralized, and hosted in a five-eyes country.

Matrix requires no “just trust us” clause unlike signal, because you can run the software yourself, and verify that its not making calls to US or Israeli servers.

How is someone having your real identity, and address, “private” ? This distinction is pointless.

When this US service has your phone number (meaning your real name and address), then what is the point of making this distinction? Is them having my address private?

No one should have this info, regardless of how you every person differently defines “privacy” vs “anonymity”

stores hashed phone numbers and first access / last access times and nothing else.

Even if this weren’t false (otherwise they wouldn’t be able to connect to your existing contacts), that’s a “just trust us” claim. You give them your phone number, you should assume they have it and not “trust them” to hash it like its a password.

And the client does store these things, but also lets users delete messages and contacts. Your message deletions can propagate as well.

Not that its that important, but its yet another just trust us claim.

Not only that, but self-hosting should be an option. It isn’t with signal, which is based and hosted in the US, on amazon servers, and subject to national security letters .

Everyone you talk to and when you talked to them, with their real identities via phone numbers. Because signal is hosted in the US and subject to national security letters, you should assume the worst.

It’s called matrix.

Making time restrictions separate from other filters is completed for lemmy 1.0, but not released yet.

Yep, torrented content on hard drives, using media servers like jellyfin, audiobookshelf, calibre, and navidrome. Accessible on any device, anywhere in the world.

As a developer of 4 FOSS android apps (both on f-droid and the play store): Does anyone know if there’s an existing campaign by other devs to oppose this, and boycott the play store until they cave? I’d be happy to participate.