this post was submitted on 13 May 2024
186 points (96.0% liked)

Privacy

31815 readers
448 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 71 points 5 months ago (2 children)

I still stand with Signal App.

  • Telegram has no default E2EE.
  • Threema's encryption was compromised .
  • Threema & Telegram both are for profit companies.
  • Signal is non-profit & all their source code + finances are public. Even their server codes are publically available
[–] [email protected] 8 points 5 months ago (1 children)

Even their server codes are publicly available

Last I checked, their provided server code lags behind their production server, so you rarely get to see the current version. However, that's kinda the point of E2EE, is you don't have to trust the server.

load more comments (1 replies)
[–] [email protected] 3 points 5 months ago

I gladly donate it month to Signal. Love my freedom of speech

[–] [email protected] 48 points 5 months ago (21 children)

I can't believe people are saying Telegram and Threema might be better than Signal. Signal isn't perfect but Telegram and Threema are worse.

[–] [email protected] 11 points 5 months ago* (last edited 5 months ago)

Because we keep saying Signal, Telegram, Threema instead of Anti-Libre Software, Service as a Software Substitute and Centralised.

[–] [email protected] 4 points 5 months ago

It really depends on your use case. Most of my simple chat messages are the same as I would have in any public space. I have no need for encryption, I have need for convenience in that regard. With Telegram I have my chat history on all devices and don't need to use my phone to connect which are two must-haves for me. For my use case, Signal is the worse option. That doesn't make Signal bad, just not suitable for me.

As a privacy-concious person I am very much aware of the non-secure nature of my chats, but since that is not a factor of consideration to me when it comes to casual chats with a few friends and family members. The worst thing Telegram could do is analyse my chats and ... then what?

load more comments (19 replies)
[–] [email protected] 36 points 5 months ago (3 children)

Man, everyone is hopping on the Trash Signal Bandwagon, even though TG is less secure, and nobody (the 99%) uses Threema.

[–] [email protected] 20 points 5 months ago

Don't forget Threem encryption was broken. Threema is not free

[–] [email protected] 7 points 5 months ago* (last edited 5 months ago)

It's called disinformation and psychological warfare. How else attack E2EE, libre software?

[–] [email protected] 3 points 5 months ago (1 children)

I'm wondering if something interesting will fall off the truck this time :D

Context: before that blogpost, cellebrite claimed they can "hack" signal (or they were kinda closer to the truth, and that was media talking abt hacks without reading stuff)

load more comments (1 replies)
[–] [email protected] 19 points 5 months ago* (last edited 5 months ago) (8 children)

Let's be honest, Signal is not perfect either:

  • It requires your phone number
  • It has had some suspicious funding sources
    (UPD: It was funded by CIA)
    (UPD2: Here I will quote www.securemessagingapps.com:

This matters because “money talks”, as the saying goes. If the company or person behind the money is likely to have reason not to protect customers’ privacy, it’s important to know. This could be indicative of the company not doing as they say (Google, Whatsapp, for example) or changing their mind once they’ve onboarded enough customers from whom they can make money.

~~(I'm gonna find sources for the last two statements a bit later to not be unsubstantiated)~~
Done.

Although, we all can agree, that Signal is still better than Telegram, or WhatsApp, or Threema, or whatever.
Still, we probably want to look at the better alternatives, like Simplex or Session.

[–] [email protected] 12 points 5 months ago* (last edited 5 months ago) (1 children)

Session is also sus because you effectively cannot host a node, last I have seen. They claim it is "against a Sybil attack" but all it does is making sure only people wih large disposable funds can have nodes, and the effect might be the exact opposite.

Simplex is more interesting in this regard because while I am concerned with initial centralization (the default servers), they made hosting your own easy. But I personally stick with imperfect yet trusty XMPP.

load more comments (1 replies)
[–] [email protected] 8 points 5 months ago

It has had some suspicious funding sources

Wait until you find out where computers, the Internet, GPS, weather satellites and Tor came from.

[–] [email protected] 6 points 5 months ago* (last edited 5 months ago) (4 children)

suspicious funding

Which lines of its libre software source code are malicious?

requires your phone number

It's centralised

load more comments (4 replies)
[–] [email protected] 6 points 5 months ago (1 children)

Telegram requires a phone number too? I mean yeah there's the option to use that blockchain phone number service, but you can do the same for Signal. 🤷

[–] [email protected] 6 points 5 months ago

Yes, it does. And yes, it is equally bad in both cases.

[–] [email protected] 5 points 5 months ago (1 children)
  • It requires your phone number

Not anymore, right? Or does it still need your number for signing up?

[–] [email protected] 11 points 5 months ago

Just to sign up

load more comments (3 replies)
[–] [email protected] 18 points 5 months ago* (last edited 5 months ago) (4 children)
  • Discord/WhatsApp
    • Anti-Libre Software (fails to include AGPL license file: bans us from removing malicious source code) 🚩🚩🚩
  • Telegram/Threema
    • Libre Software ✅
    • Service as a Software Substitute (app needs service and we are missing server software for it: broken app) 🚩🚩
  • Signal
    • Libre Software ✅
    • Self-Hosting (still needs service from us) ☑️
    • Centralised 🚩

~~Needs phone number~~ Centralised
~~Suspicious funding~~ Which lines of its libre software source code are malicious?

load more comments (4 replies)
[–] [email protected] 17 points 5 months ago

Signal is currently the best middleground between security, simplicity and widespread adoption.

[–] [email protected] 9 points 5 months ago (2 children)

how has no one discussed matrix here

[–] [email protected] 33 points 5 months ago (1 children)

Unable to decrypt message

Unable to decrypt message

Unable to decrypt message

Unable to decrypt message

Unable to decrypt message

Unable to decrypt message

...

[–] [email protected] 14 points 5 months ago* (last edited 5 months ago)

That must mean it's working! :D

[–] [email protected] 15 points 5 months ago (13 children)

I don't get it at all. There are plenty of platforms like matrix, xmpp, simplex that don't require phone numbers tied to your identity. Signal has somehow managed to convince people that it's a private platform, despite it being a US hosted service that requires phone numbers.

[–] [email protected] 8 points 5 months ago (7 children)

It's a Google hosted service, which is arguably worse because they may as well be a nation-state unto themselves.

[–] [email protected] 6 points 5 months ago (1 children)

Wasn't Amazon involved here as well? It is another "nation-state".

[–] [email protected] 3 points 5 months ago (1 children)

I do not think so, no. However, Amazon is certainly big enough to be un-humorously compared to nation-states as well.

[–] [email protected] 4 points 5 months ago

I remembered it as being AWS. Checked their blog, and the article about their spending mentions renting space in AWS and Azure too, indeed.

load more comments (6 replies)
[–] [email protected] 3 points 5 months ago* (last edited 5 months ago) (1 children)

Who have they convinced that it is private? I think it has more to do with the overall purpose of the platform. Signal is not made for large group chatting with strangers like Matrix.

load more comments (1 replies)
load more comments (11 replies)
[–] [email protected] 6 points 5 months ago (2 children)

both suck when it comes to real hardcore privacy! Signal is surely a bit more private/secure/whatever, unless maybe you count in the US jurisdiction.

if you want hardcore privacy and security, use SimpleX. it's cutting edge.

[–] [email protected] 3 points 5 months ago

Also Tox, Briar, Session etc.

load more comments (1 replies)
[–] [email protected] 5 points 5 months ago (2 children)

Nicely written article and a good read! However I had not heard of Threema before. It looks like a promising messaging app itself, anyone use it?

[–] [email protected] 9 points 5 months ago (1 children)

It's relatively popular in DACH countries.

I use it sometimes. It has its fair share of issues, and the back end is not open-source, but it is OK for the most part. Main benefit is that you don't need a mobile number to sign up.

But if you are looking for an alternative IM to use with friends and family, I would rather suggest XMPP, specifically Snikket.

load more comments (1 replies)
[–] [email protected] 5 points 5 months ago

I am using it to communicate with 3 people (our common ground as I don't have an iPhone and don't use Whatsapp).

A few years ago it felt a bit ruff and awkward to use, but many updates later it is as fluent as any chat app.

The security feels ok. Of course it would be a lot better, if they would open source their code.

[–] [email protected] 5 points 5 months ago* (last edited 5 months ago) (4 children)
load more comments (4 replies)
[–] [email protected] 4 points 5 months ago* (last edited 5 months ago)

I use Signal as my main daily messenger the two major problems in my opinion are:

  1. Centralized server (AWS)
  2. Requires a phone number to register
load more comments
view more: next ›