I agree that I applaud the move from SMS text to Signal. I am NOT saying the average person should be concerned with CIA spying. What I’m saying is that one should promote decentralized internet infrastructures that empower the individual over corrupt institutions, even though this threat model likely does not apply to you. XMPP is just as easy to use use as Signal.
If you use Signal messenger, you have to trust the Signal foundation, which uses Amazon’s AWS for the cloud. So you’re trusting CIA military contractors. I am NOT saying that Signal is a CIA tool. What I’m saying is that you are trusting and obeying a centralized authority, as opposed to being able to run code on your own server. And this contributes to the centralization of the internet and a loss of freedom.
I certainly agree there is cause for caution, as one should always exercise where trust is placed in such matters. But there are leaps of bad logic in that writeup, and the dog pile of FUD swirling around Signal feels nearly orchestrated.
I am NOT saying the average person should be concerned with CIA spying. What I’m saying is that one should promote decentralized internet infrastructures that empower the individual over corrupt institutions, even though this threat model likely does not apply to you. XMPP is just as easy to use use as Signal.
If you use Signal messenger, you have to trust the Signal foundation, which uses Amazon’s AWS for the cloud. So you’re trusting CIA military contractors. I am NOT saying that Signal is a CIA tool. What I’m saying is that you are trusting and obeying a centralized authority, as opposed to being able to run code on your own server. And this contributes to the centralization of the internet and a loss of freedom.
Yeah, calling Signal’s founder’s politics confused and idiotic because he referred to China and Russia as authoritarian regimes doesn’t really make me trust this person and his biases.
It requires a phone number to log in. That already kills any hope for anonymity. I use it to message family and close friends, of which the fact that I’m messaging them is not surprising.
I think the commenter you’re replying to is supporting the point made further up. People aren’t using Signal for anonymity, because that’s not it’s advertised purpose. As we all (except the author of this article) know, its purpose is privacy.
Lol, privacy is definetely not what you’re getting with Signal. They know your entire connection graph, who you talk to, when and how much. They collect all of the phone numbers.
EDIT: It seems like people here don’t understand what privacy is. If I know when exactly you take a big shit on the toilet and where you do it, every single time, but I don’t know what it looks like when you are doing it, would that be a privacy concern for you?
The post office knows who I am, my address, and who sends mail to me. They even know who I send mail to, if I write my return sender details on the envelope. I am not anonymous.
But, if the person we use ciphers to encrypt our letters, and only the two of us can decrypt and read them, our communications can indeed be considered private.
There’s a fundamental difference.
Edit: to answer your crude (but funny) example, I have no expectation of anonymity when I walk into my toilet at home or the toilets at work. The very fact that I, as a man, walk into a stall rather than stand at the urinal, gives any of my colleagues washing their hands at the basin the reasonable confidence of knowing I am taking a shit.
The size of the shit, the faces I make, and the nature of the resulting product, however, are not know to anyone else except me. That’s the difference.
Okay, I get where you’re coming from. Signal is private enough for you, while I would feel more private if there is also no metadata about me.
For the toilet example, it’s more like that a foreign, unrelated person (like the Signal Foundation and by extension the government with a national security letter) knows about your shit-taking, not just family at home or colleagues who happen to be there. This would be a concern for me.
Yeah, I get it, but there’s just no way at all to ensure 100% total anonymity like you’re talking about, while also using a 3rd party carriage service of some sort (eg. mobile network; internet, etc).
We should go back to carrier pigeons with encrypted notes. That way, the sender and recipient “metadata” is only known to themselves (and the pigeons).
That’s why I’m using SimpleX Chat, there is no network-wide identity so no data can be collected. It’s a very clever architecture, actually exactly the carrier pidgeon scenario you describe, but in digital form. https://simplex.chat/#how-simplex-works
I’ve found my solution.
@Melpomene@SummerBreeze Yes, and to talk to you I also would have to sign up with that particular provider since it is not interoperable with any other IM providers. This takes away the freedom to choose a provider, from anyone who wants to talk to you (in a secure way). That’s why I made internet standard (XMPP) compliance is a hard requirement for any IM provider I use.
Btw I don’t agree with the points in this video. But I think it’s best if people delete apps like Signal for above reasons.
@Melpomene@SummerBreeze There is an XMPP app which provides this sign up experience too: https://quicksy.im . The other apps aren’t really as complicated as you make them to be. Download app, choose a chat address, use partners address to chat. Also you can recommend your friends the app you are using yourself instead of just throwing them a list.
It pulled in a lot of people this way, people aren’t as stupid as you think. XMPP is exactly as difficult to use as email.
It supports video calling and E2EE is enabled by default.
Maybe you will realize the need for vendor independent standards when Signal one day stops existing or fucks up and it becomes untrustworthy in your eyes. Walled gardens like Signal are can never be a good option. Why did you come to the Fediverse instead of using Reddit?
Sure, but everything is flawed. So we need to find the best solution that is least flawed. Signal is the best alternative to messaging apps that has the features most people want and most importantly people actually use it. It’s at a good intersection of useful and secure. If the article headline was “Evaluating security of Signal” it would be fine. But it’s basically “SIGNAL IS FLAWED! USE SOMETHING ELSE!”. That’s like when someone switches from Chrome to Firefox, which is objectively a better choice, and then they get told “Don’t use Firefox is BAD” and point them to Brave, and when Brave has a flaw they tell people to migrate again. So you get a minority of people using the bleeding edge apps that no sane person would want to spend the time to set up, and the majority just goes back to whatever is the easiest option, which would be Chrome, or in our example probably WhatsApp. It’s important to address concerns, but also to do it in a manner that is careful to not start a panic where one doesn’t need to exist.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacyguides@lemmy.one
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
We prefer posting about open-source software whenever possible.
No soliciting engagement: Don’t ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don’t repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
deleted by creator
Security is not enough.
deleted by creator
I agree that I applaud the move from SMS text to Signal. I am NOT saying the average person should be concerned with CIA spying. What I’m saying is that one should promote decentralized internet infrastructures that empower the individual over corrupt institutions, even though this threat model likely does not apply to you. XMPP is just as easy to use use as Signal.
If you use Signal messenger, you have to trust the Signal foundation, which uses Amazon’s AWS for the cloud. So you’re trusting CIA military contractors. I am NOT saying that Signal is a CIA tool. What I’m saying is that you are trusting and obeying a centralized authority, as opposed to being able to run code on your own server. And this contributes to the centralization of the internet and a loss of freedom.
deleted by creator
But Signal is bad, an op-ed by one of Lemmy’s founders: https://dessalines.github.io/essays/why_not_signal.html#conclusions
I certainly agree there is cause for caution, as one should always exercise where trust is placed in such matters. But there are leaps of bad logic in that writeup, and the dog pile of FUD swirling around Signal feels nearly orchestrated.
That link you provided (which by the way is hosted on microsoft github in violation of his own principles) is very good! And repeats a lot of the same information from the simplified privacy site: https://simplifiedprivacy.com/signal-messenger-guide-to-avoid-privacy-mistakes/
I am NOT saying the average person should be concerned with CIA spying. What I’m saying is that one should promote decentralized internet infrastructures that empower the individual over corrupt institutions, even though this threat model likely does not apply to you. XMPP is just as easy to use use as Signal.
If you use Signal messenger, you have to trust the Signal foundation, which uses Amazon’s AWS for the cloud. So you’re trusting CIA military contractors. I am NOT saying that Signal is a CIA tool. What I’m saying is that you are trusting and obeying a centralized authority, as opposed to being able to run code on your own server. And this contributes to the centralization of the internet and a loss of freedom.
You seem open minded, have you checked out SimpleX Chat yet? There you have no identity at all, so you don’t even have to register an account at some server. This gives much more autonomy and also has some privacy/security benefits. Check out this comparison: https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SIMPLEX.md#comparison-with-other-protocols
Yeah, calling Signal’s founder’s politics confused and idiotic because he referred to China and Russia as authoritarian regimes doesn’t really make me trust this person and his biases.
deleted by creator
I somehow got the feeling he would be :-D
deleted by creator
Could not have said this better.
It requires a phone number to log in. That already kills any hope for anonymity. I use it to message family and close friends, of which the fact that I’m messaging them is not surprising.
Where did signal ever advertise it’s too be used anonymously
I think the commenter you’re replying to is supporting the point made further up. People aren’t using Signal for anonymity, because that’s not it’s advertised purpose. As we all (except the author of this article) know, its purpose is privacy.
Lol, privacy is definetely not what you’re getting with Signal. They know your entire connection graph, who you talk to, when and how much. They collect all of the phone numbers.
EDIT: It seems like people here don’t understand what privacy is. If I know when exactly you take a big shit on the toilet and where you do it, every single time, but I don’t know what it looks like when you are doing it, would that be a privacy concern for you?
Privacy and anonymity are different things.
The post office knows who I am, my address, and who sends mail to me. They even know who I send mail to, if I write my return sender details on the envelope. I am not anonymous.
But, if the person we use ciphers to encrypt our letters, and only the two of us can decrypt and read them, our communications can indeed be considered private.
There’s a fundamental difference.
Edit: to answer your crude (but funny) example, I have no expectation of anonymity when I walk into my toilet at home or the toilets at work. The very fact that I, as a man, walk into a stall rather than stand at the urinal, gives any of my colleagues washing their hands at the basin the reasonable confidence of knowing I am taking a shit.
The size of the shit, the faces I make, and the nature of the resulting product, however, are not know to anyone else except me. That’s the difference.
Okay, I get where you’re coming from. Signal is private enough for you, while I would feel more private if there is also no metadata about me.
For the toilet example, it’s more like that a foreign, unrelated person (like the Signal Foundation and by extension the government with a national security letter) knows about your shit-taking, not just family at home or colleagues who happen to be there. This would be a concern for me.
Yeah, I get it, but there’s just no way at all to ensure 100% total anonymity like you’re talking about, while also using a 3rd party carriage service of some sort (eg. mobile network; internet, etc).
We should go back to carrier pigeons with encrypted notes. That way, the sender and recipient “metadata” is only known to themselves (and the pigeons).
That’s why I’m using SimpleX Chat, there is no network-wide identity so no data can be collected. It’s a very clever architecture, actually exactly the carrier pidgeon scenario you describe, but in digital form. https://simplex.chat/#how-simplex-works I’ve found my solution.
deleted by creator
I don’t like the idea of providers at all. I use SimpleX Chat, there are no identities or registration with a server. Thanks to clever design. Check out this comparison: https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SIMPLEX.md#comparison-with-other-protocols
They don’t implement the same encryption as signal OMEMO uses the double ratchet system that signal uses that’s it
deleted by creator
You can also self host or use other’s self hosted signal instances as well.
deleted by creator
@Melpomene @SummerBreeze Yes, and to talk to you I also would have to sign up with that particular provider since it is not interoperable with any other IM providers. This takes away the freedom to choose a provider, from anyone who wants to talk to you (in a secure way). That’s why I made internet standard (XMPP) compliance is a hard requirement for any IM provider I use.
Btw I don’t agree with the points in this video. But I think it’s best if people delete apps like Signal for above reasons.
deleted by creator
@Melpomene @SummerBreeze There is an XMPP app which provides this sign up experience too: https://quicksy.im . The other apps aren’t really as complicated as you make them to be. Download app, choose a chat address, use partners address to chat. Also you can recommend your friends the app you are using yourself instead of just throwing them a list.
It pulled in a lot of people this way, people aren’t as stupid as you think. XMPP is exactly as difficult to use as email.
deleted by creator
@Melpomene @SummerBreeze
It supports video calling and E2EE is enabled by default.
Maybe you will realize the need for vendor independent standards when Signal one day stops existing or fucks up and it becomes untrustworthy in your eyes. Walled gardens like Signal are can never be a good option. Why did you come to the Fediverse instead of using Reddit?
deleted by creator
Signal uses computers. You know who else uses computers?? CIA!
Would you agree that Signal does sealed sender to protect metadata? If there were flaws in this system, then should we not discuss it?
Sure, but everything is flawed. So we need to find the best solution that is least flawed. Signal is the best alternative to messaging apps that has the features most people want and most importantly people actually use it. It’s at a good intersection of useful and secure. If the article headline was “Evaluating security of Signal” it would be fine. But it’s basically “SIGNAL IS FLAWED! USE SOMETHING ELSE!”. That’s like when someone switches from Chrome to Firefox, which is objectively a better choice, and then they get told “Don’t use Firefox is BAD” and point them to Brave, and when Brave has a flaw they tell people to migrate again. So you get a minority of people using the bleeding edge apps that no sane person would want to spend the time to set up, and the majority just goes back to whatever is the easiest option, which would be Chrome, or in our example probably WhatsApp. It’s important to address concerns, but also to do it in a manner that is careful to not start a panic where one doesn’t need to exist.
I heard those computers use electricity, damn
deleted by creator
And even FSB
Friedrick Stein Braun, who is a _C_ERN agent who wants to get the microwave Time Machine. Checkmate, Stalin!
correction: he wants the Phone Microwave (Name Subject to Change)
Everybody knows you use a toaster, not a microwave, for Time Travel.
FaSeBook
It was there in front of us the whole time!
You’re telling me governments use computers? That’s insane, I don’t believe it. Next you’ll be telling me they’re on the internet too.
Don’t worry. Most branches still prefer the Fax to the Computer.
There is no Internet.