Privacy

31874 readers

537 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Dessalines - Why not Signal? (dessalines.github.io)

submitted 3 years ago by dessalines@lemmy.ml to c/privacy@lemmy.ml

120 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] poVoq@lemmy.ml 11 points 3 years ago* (last edited 3 years ago) (1 children)

I don't think you can have messaging without some level of trust, but I agree that the Signal Foundation isn't very trustworthy.

As for the communication protocol... there are some 3rd party clients that connect to the Signal servers (Axelotl, signald etc.) which have not been banned from connecting for quite some time now. Not sure why, but at least that shows that the protocol in general works as intended. Together with reproducible builds for the official client this at least makes it likely that the unmodified official client works as advertised (although there could still be some caveats in the shared libraries).

But who knows what the server does and supply chain attacks that substitute the official client for a modified one are still easily possible when Signal controls all distribution channels (they will tell you this is to prevent supply chain attacks, but only those of most 3rd parties, not those originating from within Signal & Google/Apple).

[–] yogthos@lemmy.ml 5 points 3 years ago

I mean trust specifically in the context of the technology. Things need to be independently verifiable. And thanks for correction regarding the clients, I was under the impression that you could only use the official app with their server. If you can use an open source client that addresses my concern regarding verification.

At the very least we can know that the protocol works as advertised. Since it's E2E, I think it's probably reasonable to assume that at least the messages themselves are secure.