Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
I still stand with Signal App.
Man, everyone is hopping on the Trash Signal Bandwagon, even though TG is less secure, and nobody (the 99%) uses Threema.
how has no one discussed matrix here
I don't get it at all. There are plenty of platforms like matrix, xmpp, simplex that don't require phone numbers tied to your identity. Signal has somehow managed to convince people that it's a private platform, despite it being a US hosted service that requires phone numbers.
It's a Google hosted service, which is arguably worse because they may as well be a nation-state unto themselves.
And the largest homeserver, matrix.org, is MITM'd by Crimeflare.
Fuck matrix.org, just selfhost.
Doable, but a huge pain in the ass because of conflicts in the protocol. I spent about a year trying to suss them out and come up with a fix but never figured it out.
Wasn't Amazon involved here as well? It is another "nation-state".
I do not think so, no. However, Amazon is certainly big enough to be un-humorously compared to nation-states as well.
Say the US government, in a worst-case scenario in which it constantly monitors all traffic that goes through Signal’s data centers, can ‘only' see phone numbers, IP addresses and timestamps, right? Or am I forgetting something here?
Metadata and social graphs are more important than message content, esp since not many people have the time to read through individual messages to build meaning.
Signal stores phone numbers (meaning your identity, and home address), and message timestamps: who texted who and when, and who's in chats with who else. More than enough to build social graphs and connections, and also figure out where people are through their IP addresses.
Do you happen to know what metadata matrix stores? I assume matrix.org specifically stores email and username, right
Yes, but I don't think user metadata outside of your apub url, name, icon, display name, leaves your homeserver. Email or passwords don't leave iirc.
Signal can't see who is texting who. They can't see which groups you are part of. Those information are end to end encrypted, same as your chats itself, your profile picture, your stories, etc.
Signal doesn't store message timestamps either.
What Signal itself knows of you is your phone number, the timestamp of your registration, the timestamp of your last connection to the server. That's it.
Yes metadata is critical but Signal handles metadata very well. Indeed, even though I'm a fan of Matrix, better than Matrix. Matrix is a metadata nightmare due to it's centralized structure and the way the protocol works.
Signal can't see who is texting who. They can't see which groups you are part of. Those information are end to end encrypted, same as your chats itself, your profile picture, your stories, etc.
This is completely false. They can absolutely see who is texting who, in fact they need it to be able to route messages. They have message timestamps, and phone numbers stored in their database.
Question, why do you "trust" signal? You can't see what code their centralized server is running, unlike matrix which you can self-host and build from source. You don't have to "trust" matrix, you can verify it for yourself.
Unable to decrypt message
Unable to decrypt message
Unable to decrypt message
Unable to decrypt message
Unable to decrypt message
Unable to decrypt message
...
That must mean it's working! :D
I can't believe people are saying Telegram and Threema might be better than Signal. Signal isn't perfect but Telegram and Threema are worse.
Signal is much worse than Telegram (in terms of privacy)
Please give several reasons why
Please stop spreading FUD.
The encryption used by Signal would not be used if it could be easily broken. It's fully open source and is regularly audited. People would not recommend it if it were so broken like you say; this is just fearmongering.
lol, lmao even
I'm not forcing you to believe anything. Also this is a free platform where I can say what I think. I won't hold myself back from expressing my view only because the majority has a different opinikn (looking at the downvotes). I personally just wouldn't trust it. And it also doesn't have any difference to Whatsapp and co. (encryprion algos are the same) which completely removes the purpose of it even existing (ik open source is still an argument. But they don't have reproducable builds so even that falls apart) so there really isn't any reason for me to switch to it or promote it to anybody at all.
It really depends on your use case. Most of my simple chat messages are the same as I would have in any public space. I have no need for encryption, I have need for convenience in that regard. With Telegram I have my chat history on all devices and don't need to use my phone to connect which are two must-haves for me. For my use case, Signal is the worse option. That doesn't make Signal bad, just not suitable for me.
As a privacy-concious person I am very much aware of the non-secure nature of my chats, but since that is not a factor of consideration to me when it comes to casual chats with a few friends and family members. The worst thing Telegram could do is analyse my chats and ... then what?
Signal is not applicable when you need a public space for people to just have a discussion, like in discord. Signal clients are clunky and rely on cross sync from what I see, while telegram clients are well made and convenient to use. Even Whatsapp went away from electron so I'd choose it over signal any day.
Signal clients are clunky
Obviously you have never used Element for matrix. Signal is like a Ferrari in comparison.
Yeah I've never used matrix really.
Have you tried Signal recently? On Android it's very well polished.
In fact I believe it's a shame that not more people use such a beautiful app, regardless of privacy and security implications.
I have no use for it for now and as long as it's still electron on desktop I don't want to have it running.
Matrix would work for that and would avoid proprietary software and sketchy companies
Does it sync automatically between desktop and mobile? Can I share an image into it on mobile and have it a few seconds later on laptop?
Let's be honest, Signal is not perfect either:
This matters because “money talks”, as the saying goes. If the company or person behind the money is likely to have reason not to protect customers’ privacy, it’s important to know. This could be indicative of the company not doing as they say (Google, Whatsapp, for example) or changing their mind once they’ve onboarded enough customers from whom they can make money.
~~(I'm gonna find sources for the last two statements a bit later to not be unsubstantiated)~~
Done.
Although, we all can agree, that Signal is still better than Telegram, or WhatsApp, or Threema, or whatever.
Still, we probably want to look at the better alternatives, like Simplex or Session.
suspicious funding
Which lines of its libre software source code are malicious?
requires your phone number
It's centralised
Which lines of its libre software source code are malicious?
It's not about code, but about funding.
It's centralised
Yes, and it's the downside, no matter how you look at it.
So, which malicious lines of libre software source code have been funded? This is how we stop FUD. Don't let them derail us.
Don't get me wrong. As far as we know, no malicious code have been funded. The very fact that the Signal was sponsored by the CIA is suspicious (maybe I used some incorrect words, sorry if so). Of course, it's totally up to you whether you think that fact is sus or not.
It's not. Our devices run software, not funding.
Signal is currently the best middleground between security, simplicity and widespread adoption.