I don’t know if I’m opening a can of worms here, and I’m still trying to backtrack a lot of history where I was tuning everything out. I keep seeing random swipes at Signal (or the representatives (?)), and I was wondering whether they are founded or just lies.Is it another situation like Lemmy where we just “take the technology and move on”? Thanks!
You must log in or register to comment.
Different people don’t like it for different reasons. Some people don’t like it because they think it has CIA financial backing (nope), and some people don’t like it because it requires your phone number, therefore it is not private (the privacy it provides is more than sufficient for anyone not actively being persecuted by a Five Eyes state), and some people don’t like it because it feels corporate (it’s a 501c3 nonprofit, and how corporate it feels is subjective).
And some people don’t like it because it used to handle SMS on Android, and they removed that feature for security reasons.
That was a pretty wild decision
Handling SMS and handling secure/encrypted messages could’ve made people think they communicate securely while relying on text messages instead.
Not handling SMS fixes this source of confusion and I applaud their decision.The problem is that most people don’t want multiple text apps, they just want one. I had gotten a number of people using signal, and it was secure when we talked, but when signal dropped SMS, almost every one of them stopped using it, so then none of their conversations were secure.
Yeah, the never-ending weighting between convenience and security.
But are you going to tell me that those people don’t have Whatsapp, Threema, Telegram or any other IM installed and just use plain SMS instead?Yep, just the default messaging app on their phone.
Americans do a lot of SMS.
I think the number of people who care deeply about privacy and cannot tell the difference between an sms or signal message is minimal. There were plenty of ways signal could have highlighted DANGER UNSECURE CHANNEL if they had wanted to, or made it an off-by-default option, rather than drop SMS entirely. For myself and many other people it meant that family members dropped Signal rather than have an extra messaging app, and so I’m still stuck with WhatsApp on my phone…
I think having an unlocked symbol for standard SMS would’ve helped that…
And you seriously think most people would look at and act on such an icon instead of just ignoring it?
Or just accept that not everyone will be having a secure conversation every time at first, but more will be secured as more and more people like me convince our family members to use it and eventually we transition everyone away from SMS?
No, of course not, why would we build a critical mass of users like that?
Since they removed SMS support almost my entire family and my friends uninstalled signal, except a few who keep it to talk to me, and my half dozen friends privacy-conscious enough to care. Dozens of people, down to eight if you don’t count me, in my circles alone. Objectively, removing SMS support harmed Signal’s popularity and made everyone less secure. The argument for why they did it was at best myopic and also, in my opinion, utter bullshit.
There were ways to make it clear that it was insecure that didn’t alienate an arguable majority of their casual userbase.
It was very unpopular with my girlfriend, who I had just gotten into using Signal a few months prior.
deleted by creator
there’s oversec on f-droid that can almost automate this
This got me thinking that it should also be possible to automate on iOS with Shortcuts….
deleted by creator
Some people don’t like that they attached a crypto wallet to the app. I couldn’t care less and use the messenger daily!
Accurate. And if you are being targeted by 5 eyes, your phone is probably fucked, one app vs another probably won’t make a difference
If you ARE targeted by 5 eyes, you’d probably want to not be using your phone for communications, but Signal sorta requires you to, even if there’s a desktop client.
However, I don’t presume to know what would be the best option. SimpleX maybe, as the servers don’t keep messages? Otherwise, I use Matrix because it’s a lot more common and very easy to set up your own homeserver. However, again, if I had to hide something from a 5 eyes threat actor, they’d just find some vulnerability in my server config or, hell, maybe they can somehow sneakily get root access through the VPS provider itself, as I’m not hosting on my own hardware.
Honestly, meeting in person might be the most private solution if you’ve got that kind of a threat model.
Signal doesn’t keep messages on their servers either. The only data they have on you is your phone number and the unix time you made your account in.
How do you know that?
It’s what happens in the publicized source code, yes, but how do you know that’s what’s running in their servers? How do you know that all requests aren’t saved?
Luckily Signal has e2ee and client side code is easy to verify, so they’d only have access to encrypted messages anyway, but if you’re talking state level actors of the highest caliber, they might be able to crack Signal’s encryption eventually.
Look, I’ll agree that Signal is probably secure enough. It’s definitely secure enough for me, I only run Matrix as a hobby because I like decentralization, my Matrix server is probably less secure than Signal. But I’m just saying we can never know for sure what code is running in THEIR servers, therefore we can never trust is 100%.
https://signal.org/bigbrother/ Its all they claim to have at least.
And I hope for sure that they’re never quietly forced to change that.
But again, if there were 3 letter agencies and gag orders involved with Signal, they probably wouldn’t give regular law enforcement or courts any of the data they have.
Really, my only problem is that with a centralized service, there’s no way to ever know for sure. There’s luckily no evidence of anything nefarious happening at least.
Yeah, on an ideal world, the matrix spec would be fixed and everyone would be on that.
The code is open source, people look at the code, I’ve dug through their code a fair bit. It wouldnt be quiet, and it would take major code rewrites, it would be pretty obvious
If you’re being targeted by 5 eyes and you and your group don’t know enough about tech to set up your own local communication servers or going serverless / not using internet, you’re already caught or known about
I don’t think I’ve ever seen people say it has CIA financial backing. It did however until only a couple of years ago have strong ties to the State Department’s Open Tech Fund (from the same financial envelope that brings you RFA/RFE/VOA).
I understand why, but I get annoyed that I can’t integrate it into ferdium with my other things like discord, e-mail and calendar.
Signal is an open-source privacy-focused end-to-end encrypted texting platform (so competing with SMS, WhatsApp, iMessage, Telegram, and similar). It’s developed by a donation-funded non-profit organization.
Signal is quite good compared to the competition, but it faces a lot of scrutiny because they make big promises about privacy and security so the people who care will really get into the details on that. Also IIRC there was a period when one of their competitors was trying to slander them more or less.
In general there’s nothing wrong with Signal and it’s quite a good option. If you really care about the privacy details you can always host your own instance (but that would require you to convince your friends to use your instance … it’s not federated).
The deal is that they run their program in a very transparent and wherever possible verifiable way.
More details here: https://lemmy.world/comment/14775870Hey signal is better than most of the mainstream bs. I use it myself and I’m confident that the messages themselves are secure. However, it had issues.
Since we cannot verify the software they run on the server is the software that is open source then we must assume it is not.
We know for a majority of cases a phone number = a real identity. Signal implements sealed sender but since signal is a centralised point they can correlate the sealed sender extraordinarily easily. We must therefore assume signal knows when and who is communicating (We can verify they don’t know what is being said) this therefore means signal could theoretically have a full social graph of real identities for every singe user.
This is of course after we remember signal received funding from BBG which is an organisation funded by the us government purely for the purpose of promoting american propaganda.
Also I believe they used to have federation but all evidence of this seems to have been wiped from the internet.
Signal can either adapt and prove themselves with more than a “trust me bro” or they can die. Just cos they are better than the alternatives does not mean we should not demand better.
If they encrypt meta data like they say they do (https://signal.org/blog/signal-is-expensive/), it should be very hard to use meta data the way you explained.
Whether they do can be looked up here (https://github.com/signalapp) by those who know what to look for.
As Signal uses reproducible builds (https://signal.org/blog/reproducible-android/), itcan be verified that the builds are made from the public source code.
They make offering a secure and trustable app a lot better (by being verifyable) than other messengers.The point is we cannot trust they run the software they claim to run. Identifying a sender despite sealed sender is trivial if u have a centralised server.
Say I am the signal server and all the clients run the known/provable secure clients that are used. I as the signal server an subject to wiretap and gag orders so I can be obligated to run software that is not the published server software and into tell anyone. As a server I by definition have everyone’s IP address. A message with signal protocol has a sealed sender and a known identity recipient. As the signal server I can see when u send a message and from what IP and to which identity and what ip that identity is. I can then simply associate IPs and identities.
I trust the app I cannot trust the server. A reproducible build does not prove anything about the server it only proves the client.
Sure. If you want full control, you need to run your own server.
Matrix crosses my mind.
But using that is a different animal than installing an app from a store.
As far as security when communicating conveniently on mobile phone goes, Signal does a pretty good job. But you’re right that it’s important to realize what’s possible and what’s not possible.I use signal for communicating with normies who just wanna download an app. Just cos signal is better than most doesn’t mean we shouldn’t demand better. Why can’t we have both? With self hosted federated signal servers and no phone number requirement we can have our cake and eat it.
If we have a federated messager that some people self host, would that actually be more secure? i dont know much about how federation works, but i imagine that an intelligence agency could make an instance that would federate to the others, listen to the metadata of the exchanges in the network and rebuild a social graph like a centralized server could. Is this a non-issue?
Its actually less of an issue with federation. The way most federation works is that messages are only exchanged with servers that have a relevant party, ie if I’m on instance a and ur on instance b then our messages are only exchanged between instance a and b instance c would have no idea about any of it.
Its even better than that because with sealed sender the recipient server will know that u have received a message and from what instance but not which user on the instance.
instances are severs - you now have two servers you need to trust.
The average person has no own server.
oh, i see! that would be cool
Since we cannot verify the software they run on the server is the software that is open source then we must assume it is not.
But that’s like, the case for pretty much every messenger out there, outside of self-hosting, which will not be done by 99.99% of the general population.
This is a good comparison of messengers here:
https://eylenburg.github.io/im_comparison.htm
Btw, an imprtant aspect of privacy is how metadata are handled/leaked. Signal trues to minimize metadata leak to near zero (there are some other messengers that do that, like simplex)
This comparison makes some questionnable choices. It puts the presence of a web client as green, when actually this breaks the thread model of end-to-end encryption.
The thing is I have yet to see any reasonable alternatives.
Threema is the closest but it’s not free-of-charge, so a non-starter for most of my friends.
The others are controlled by Russia (telegram) or Meta. What else even is viable?
Session, an Australian fork of Signal with onion routing and no phone number requirement, seems promising.
Session disables forward secrecy for no reason.
Personally, I assume it’s a honeypot.
This also disables notification text which is a good choice IMHO as those can be provided by Apple/Google to law enforcement
Didn’t know it was a Signal fork, interesting
It’s mostly minor shit, it’s better than the alternatives unless you self-host (which has a boatload of other issues).
How does simplex compare?
- it wants a phone number
- it’s not GETTING a phone number
- it no longer exists as an option
