- cross-posted to:
- privacy@lemmy.dbzer0.com
- cross-posted to:
- privacy@lemmy.dbzer0.com
Don’t ask me for a phone number and I’ll use it.
The irony of you posting this on lemmy, which won’t allow posting from a VPN or masked email addresses is not lost on me.
The amount of hoops I had to jump through to make this comment and maintain some semblance of privacy is infuriating but at least it’s not reddit I guess?
But do go on about your security standards…
Edit: BTW, you can set signal to hide your number completely. Combined with FOSS-based encryption keys on-device makes signal the only choice for trying to maintain freedom of expression globally.
Nothing will protect anyone from messaging with a snitch who knows how to screenshot though. Food for thought… get to know your neighbors now.
If you’re reading this comment, I posted it from proton vpn
It doesn’t matter if you hide the number; at some point they deanonymized you when you signed up.
Want to be a dick about “hoops”? Get a number that isn’t traceable. It can be done, but it’s tough. I doubt its possible in the countries that really need anonymity of association.
You’re using the wrong lemmy server then, no problem with mine
When did WhatsApp start allowing signups without a phone number?
No clue. Never even tried to use it since it’s a Meta product. I was referring to Signal’s phone # requirement being a non-starter.
So what do you use now?
Matrix
I use Element.
I use both and have been happy with both, but note that Element / Matrix have recently announced the intent to add paid service tiers.
Compare with Zangi Private Messenger. Yes, every country who has jurisdiction has access. Just ask yourself, which gov do I trust more with my private chats?
Anyone know why the Signal app isn’t available on F-Droid? Isn’t it supposed to be open source?
You can install and update it through Obtainium directly from GitHub.
I think it’s by request. the fdroid team build every single app in their repos which means that they are not always fully up to date, so signal argues that whenever they need to push a security release people on froid would take forever to update.
I think I’ve had this issue with simplex. I’ve had to wait over 2 weeks for an update. That’s why I’m using obtanium for it instead
Molly is in f-droid, though it’s technically third party. Looks identical though.
I was looking at Molly.im and it has its own f-droid repo. There are two options: with and without Google servicios.
I got tired of asking my family to download yet another app. Went iPhone at this point.
How many apps did you ask them to download?
Personally, I only asked for this one, and everyone who is of importance to me chose to do it.
I will use the opportunity to remind that Signal is operated by a non-profit in the jurisdiction called “the US”. This could have implications.
A somewhat more anarchist option might be TOX. There is no single client, TOX is a protocol, you can choose from half a dozen clients. I personally use qTox.
Upside: no phone number required. No questions asked.
Downside: no servers to store and forward messages. You can talk if both parties are online.
deleted by creator
You can use Signal with a different client. Signal being operated within the US has no effect. As of now the jurisdictions that I know of to be worried about are:
Sweden, where a law is proposed to add an encryption backdoor
The EU, where leadership is pushing for an encryption backdoor
France arrested the founder of Telegram for using end to end encryption in Telegram
Australia in 2018 passed a law that enabled the government to require communications platforms add a backdoor for government decryption. The Director of the Australian Security Intelligence Organisation (ASIO) said that “privacy is important but not absolute”. Which has the same vibes as “this is not about human rights, this is about human life.”
WhatsApp was previously suspended in Brazil for refusing to hand over decrypted messages.
China and Russia are very obvious problems. Here’s an easy one of many examples
The White House both in Trump’s first term and in Biden’s presidency were pro-encryption. Signal and Tor were US government funded projects. That’s not to say the US is great on encryption, and there have been laws in the past that did/were proposed to limit it. But, as of now, it seems that the US is (edit: one of) the most hospitable jurisdictions for encrypted messaging non-profits.
BTW, I’m not saying using Tox is bad, or that Signal is good, I’m just talking about the US jurisdiction part.
You can use Signal with a different client.
Can you advise, which one would be a good one? Because I actually use Signal too, it’s just misbehaving a lot recently.
I have had endless difficulties with Signal forcing upgrades on me and requiring to sign in on the phone, under threat of deactivating my account (I use it on a PC).
I’ve never used any, but Molly seems well liked
Hell yeah. Tox continues to rock. If anyone wants to chat, HMU, here’s my key:
fdd7005639c618263ab2eedab974f7576c7c0ded6217eed9e9dc0344c622e72aeef7055f8b4d
Not sure if you’re actually sincere or are sarcastically making fun of Tox’s onboarding. That’s a long key.
Thank you for telling me. I am being sincere: https://h0p3.nekoweb.org/#Contact h0p3
TIL I have no family I care to keep in touch with and I have no friends.
How do we know signal isn’t also run by a techbro who just wants our data?
I don’t think that the founders are bad people. If you look at their history of work, they have done enormous amounts of work in the computer security sector. The founder, however, did run a cloud based WPA cracking service.
Meredith Whitaker, who is the president, used to work at Google doing research for “issues related to net neutrality measurement, privacy, security, and the social consequences of artificial intelligence”.
In 2018 she then staged walkouts at Google over concerns of sexual misconduct and citizen surveillance.
The people on Signal’s board seem to be trustworthy people with a pretty airtight background. You have to worry more about the mobile operating system compromising you than do you about Signal.
Does it really matter who made it if you can see the source code? You don’t have to trust them.
That’s kind of a core tenet of libre/open software, innit? Independently verifiable software that you can change at your pleasure.
Can you though? Can I build the apk myself and use their services?
Yes, you can use their exact build environment straight from GitHub. You can also use Molly.im which is another app that i think is a fork? Im still investigating it.
Humans are too stupid to switch from convenience to slightly less convenience even if they get privacy for free. Any amount of discomfort is too much and changing an app is basically death.
They see no value in it. They don’t see that privacy is proactive measure that can protect you.
On Facebook, especially in my family, accounts get lost and hacked. One fine day, it might be someone with more influence in the family who’s attacker might make off with stolen bank information or passwords.
but “that’ll never happen”, right?
I would like nothing more, but so few of my contact group are willing to switch away… despite all of Meta’s bullshit. I resent being made to use it whilst their AI/ads encroach further and further.
I will switch to signal when I can avoid installing stuff on bunch of my devices. Until web version is available, sorry it hard for me to switch and for me to convince other people to switch.
My wishlist is an app which is not linked to a phone number, is multi platform and has a web app. It should be none US and open source. That isn’t too many requirements and yet nothing seems to full fit the bill? Anyway good luck trying to get school parent’s groups to use something other than WhatsApp.
Matrix and Element. Run your own server if you want or use a server that’s not in the US.
Matrix fits the bill.
Unless you don’t like the federated nature.
XMPP/Jabber via a web client like movim.eu sounds like it ought to work!
You can also look into Snikket as a host for small groups like friends or family, but can continue to use the Movim web client even if you’re hosting with Snikket rather than Movim itself.
The exit plan from WhatsApp is quite simple. Start by installing Signal and setting it up – it takes only a couple of minutes. Then, resume any WhatsApp conversations on Signal if that person is already a Signal user. If they are not, then switch to regular text messaging and gently suggest to that person to switch over to Signal.
Sadly for me, this doesn’t really work for some relatives as
- They live abroad and the cost of sending text messages abroad is not insignificant
- Some are so tech un-savvy that even installing a new app by themselves is too much.
All I can do for those relatives is to leave WhatsApp installed but take away basically every permission I can, including running in the background.
They live abroad and the cost of sending text messages abroad is not insignificant
Signal is free just like whats app. For text, calls, and video. So that isn’t a problem.
I too have friends and family in different countries, one of which is crazy about whatsapp. I simply tell them this is how we are going to do things now, and walk them through it. It is not hard. If they can’t do it, well then we don’t need to communicate this way. Whatsapp is not an option. It is that simple.
Signal is not capable of SMS and quite a lot of people still use it.
yes, i know SMS isn’t secure at all. but if the option is “keep in touch with close family” or “don’t keep in touch” they will probably choose the former if they want to keep that.
I would rather SMS than use WhatsApp. But even then if my family is far away, why am texting them at all very often? With the time zone differences I’ll call or email, or nothing. It’s weird how people got along just fine with letters that took weeks and suddenly we now need instant communication for some reason?
we used to be fine with candles and stinky lanterns filled with perfectly good kerosene too. who tf needs electricity? 🤨
on the topic of family connection, I can’t speak to your family experience. only my own. and our family group chat is pretty damn active.
Did you get everyone to settle on the same thing, like Signal? We are spread out over about 8 countries, and with all the different phone numbers and plans, we use various methods, with several of us on Signal. Some on whatsapp, some on messenger. So we are not coordinated enough for a group chat. Which is fine, I dont really need to know everything all the time, we catch up when can, or get into small video chats occasionally. Luckily we do tend to physically see each other somewhat frequently.
no we are all on different platforms. half are on android and half are on apple which is irritating. so sadly the sms is our best tool to hit everyone at the same time with any urgency.
sms is not even an option for us; international texting costs a lot. Some people don’t even use a phone, they rely on internet connected devices only. Trying to coordinate all of this gets complicated fast.
I don’t believe in signal.
Interesting phrasing. How so?
I use it mostly for family chats, I got the extended family to use it rather than Facebook Messenger
What makes you not trust signal as against WhatsApp?
Wish more of my contact list would switch over to Signal. It’s nearly the same. I don’t see why it’s so hard for some people to just start using Signal instead of WhatsApp.
Oh well.
“But why, everyone is on WhatsApp”, and also a lot of businesses. “Privacy? I’ve got nothing to hide, what are they gonna do eith my info?”
My dad won’t switch from Facebook messenger so now we have to talk via unencrypted sms
Because people are beyond stupid. “i dont want to download another app” - while having an app for almost every other store and bullshit game and whatever
I think what they really mean is “I don’t want another account”.
Hell I’ve been getting rid of accounts lately. Feels good.
It’s super cathartic, I agree. Feels extra good when it’s big tech and fascist-owned as well.
No. XMPP would be the best choice.
Tell me you don’t know anything about security without telling me you don’t know anything about security.
Could you explain a bit? I see main issue with Signal (though I’m not an expert, and they’re not strictly related to security): it’s centralized (and the server isn’t even open-source).
The question is also a lot about your threat model right?
The encryption being crap really does not depend on the threat model. Sure, in some threat models you may not need e2ee at all but in that case, what’s wrong with WhatsApp?
The issue with XMPP is that security really was an afterthought. Not only is e2ee an optional extension, but there are actually 2 incompatible extensions, each with multiple versions. Then you have some clients not implementing either, some clients implementing the older, less secure one. Some implement the newer one but older version of the spec with known issues. And of course, the few clients that implement it well become incompatible with other clients that don’t if you enable e2ee, so it is disabled by default.
That is all before you start looking into security audits or metadata harvesting.
Your reasoning would hold up if 80% of xmpp wasn’t running on Conversations or forks of it, that all support OMEMO and OpenPGP.
Your criticisms are too broad with few serious negatives. What makes extensions powerful is that they can easily change the rules without breaking the underlying system. If your client sucks, get another?
You have choices, but if your problem is metadata, whoooo boy.
https://news.ycombinator.com/item?id=32780665
https://github.com/matrix-org/synapse/issues/9133
https://www.reddit.com/r/PrivacyGuides/comments/q7qsty/is_matrix_still_a_metadata_disaster/
So much cope you didn’t even notice no one mentioned matrix. We are comparing XMPP with Signal.
Your reasoning would hold up if 80% of xmpp wasn’t running on Conversations or forks of it
Also, you really think saying only 20% of your chats are insecure is somehow making it better?
That’s their problem. If their messages aren’t encrypted, it isn’t like you won’t be aware of it. Request that they use a modern client and get with the times. None of this is an actual problem without easy solutions.
Then let us know when they are solved. Until then, I have a lot more hope in matrix than XMPP. They at least seems to be making progress in the right direction, although they are not there yet either.
Signal remains the best option for now.
I guess that sucks because I make a living working in cyber security. What do I know, amirite? 🤷