Privacy

31938 readers

922 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Dessalines - Why not Signal? (dessalines.github.io)

submitted 3 years ago by dessalines@lemmy.ml to c/privacy@lemmy.ml

120 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] dreeg_ocedam@lemmy.ml 1 points 3 years ago (2 children)

Another issue is that you suggest using Matrix or XMPP, which take security much less seriously. XMPP is not encrypted by default, and Matrix has some serious issues regarding its trust model.

[–] poVoq@lemmy.ml 7 points 3 years ago* (last edited 3 years ago)

XMPP is not encrypted by default

This is not really true, the most popular clients are enabling e2ee by default and it is literally a single click on a padlock sign on the others that support OMEMO e2ee.

[–] n0n@kallutatud.info 0 points 3 years ago (1 children)

That linked article talks about how crypto in browser is easily subverted. You don't have to use matrix with a browser client and most people I know use standalone clients.

[–] dreeg_ocedam@lemmy.ml 1 points 3 years ago (1 children)

You don’t have to use matrix with a browser client

But the presence of a browser client seriously undermines the security of the whole platform. People don't know that they should not use the browser client. If it were a third party client it wouldn't undermine the seriousness of Matrix, but the browser client is an official one, which shows that Matrix takes security much less seriously than Signal.

[–] n0n@kallutatud.info 0 points 3 years ago (1 children)

True, the element.io site offers the browser client first, which I find wrong. On the other hand some of Signal's choices were justified by "helping adoption" so I guess that falls under the same category.

Currently I can't find a way to see which client another user is using in the Element mobile app. Not sure if that is even possible. So I guess for really sensitive matters you have to make sure your collaborators know how to stay safe. And of course if your use-case really required a web-client you could just self-host it.

[–] dreeg_ocedam@lemmy.ml 1 points 3 years ago

So I guess for really sensitive matters you have to make sure your collaborators know how to stay safe

This is a really bad idea. The software you use should be usable safely without any knowledge of security if you want it to be really effective outside of security conscious people. And even security conscious people make mistakes.

And of course if your use-case really required a web-client you could just self-host it

That's not an option for 99.99% of the population.