• kbal@fedia.io
    link
    fedilink
    arrow-up
    108
    ·
    4 个月前

    I wish Signal was developed more openly, more like the linux kernel for a “critical infrastructure” example. I wish it had more features, so it could take the place of something like Slack. I wish it supported interoperability like fedi.

    But it’s good for what it is and I sure am glad it’s around. People who disrespect it don’t know what they’re talking about.

      • BassTurd@lemmy.world
        link
        fedilink
        English
        arrow-up
        44
        arrow-down
        2
        ·
        4 个月前

        I think yours is the first comment I’ve read that has Proton hesitancy. I’m curious what your reservations are.

        • ElectroLisa@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          12
          arrow-down
          2
          ·
          4 个月前

          Not OP, I’ve heard criticism of their recent Duo subscription and their bitcoin wallet.

          I use Proton services and my biggest gripe is their mediocre Linux VPN app. No binaries to download/Flatpak, advertised port-forwarding isn’t fully implemented and requires playing around in a terminal, and UI feels less polished than it’s Windows counterpart.

          There’s a community made Flatpak of ProtonVPN though, in case it helps anyone

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            4
            ·
            4 个月前

            Honestly, I just use wg-quick to connect to VPNs, and I tested out ProtonVPN and it worked fine with it. I even set up my router to connect to ProtonVPN, so I could have a wifi network that’s always connected to their VPN.

            But I’d really rather not have the same company host my VPN, email, and other stuff, I’d prefer to separate them a bit so no one company has a lot of my data. And something like a VPN really doesn’t benefit from bundling anyway, unless it’s bundled with a browser or something a la Mozilla VPN.

        • Zetta@mander.xyz
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          2
          ·
          4 个月前

          I actually don’t know what people’s hesitancy is, but I’ve seen numerous people say proton is not good, we’ll see if anybody chimes in with a reason.

          • forgotaboutlaye@lemmy.world
            link
            fedilink
            English
            arrow-up
            12
            ·
            4 个月前

            I’ve seen doubt of it’s push to pack products into it’s offering ala Google - however I don’t see that as enough to call it not good.

            It’s also very easy (and suspicious imo) for anyone to call a service not good without any reason to back it up.

            • ElegantBiscuit@lemm.ee
              link
              fedilink
              English
              arrow-up
              4
              ·
              4 个月前

              I see that as offering services that people clearly use and value, and that the bills have to be paid somehow. So as long as proton can deliver the privacy and security features it promises, I personally don’t see anything wrong with providing an alternative when the only other options are built on monetizing your data.

          • Bakersfield@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            4 个月前

            The email service says it was unable to appeal a Swiss court’s demand to log the IP address of a French climate advocate.

            This weekend, news broke that the anonymous email service ProtonMail turned over a French climate activist’s IP address and browser fingerprint to Swiss authorities. The move seemed to contradict the company’s own privacy-focused policies, which as recently as last week stated, “By default, we do not keep any IP logs which can be linked to your anonymous email account.”

            Edit: formatting

          • vulgarcynic@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            4 个月前

            I often figure it’s google bias and / or people trying to impose their threat models on other people.

            Been using proton for quite a while with a few custom domains and am impressed with the service to price of their offerings.

            We can one off use cases with any vendor, but at the end of the day, they offer a more secure out of the box experience than just about any other platform out there. If someone is doing illicit shit and gets popped, it’s not on the service provider to provide air cover for them. Improve your opsec or self host.

            • dubyakay@lemmy.ca
              link
              fedilink
              English
              arrow-up
              11
              ·
              4 个月前

              You set up the forwarding in google, not proton. You mark the forwarded emails in your proton mailbox. You forward the emails to your proton account until you changed all the sources that you care about from your google to your proton mailbox. Then you turn off forwarding.

              Google never gets any more data from you except your protonmail address.

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              6
              ·
              edit-2
              4 个月前

              It’s really nice for the transition period. I personally forward my email to Tuta, which lets me slowly convert my services to my new address. I have my most important ones switched over now, but I had to switch dozens over (I would do 3-5 at a time, which was a pain).

              I’ll probably leave my gmail forwarding to my Tuta account, just because there’s no way I’m going to go though every single service I have ever used and switch it over, and inevitably some contact will continue using my old email.

              As far as Google goes, all it knows is that it’s getting less and less emails, and that what remains is being forwarded to <email>@tuta.com. But that’s not my main email address though, it’s just the one I set the account up with. I actually use <name>@<custom domain>, and I have a bunch of aliases configured for each type of account (e.g. <name>-banking@<custom domain> for my bank accounts, <name>-bills@<custom domain> for utilities and whatnot, etc). But that’s still not my actual, personal email, which is <name>@<different custom domain>, and I only give that one to my family and friends.

              So in short:

              • gmail -> tuta.com email - all Google knows about
              • random online accounts -> custom domain 1
              • family/friends -> custom domain 2

              If I can convince my SO to switch, I’ll give them an account at custom domain 2 and tell them to only use it for personal contacts, and to have everything else go through their old gmail or a Tuta alias. If I ever decide to switch to Proton, I’d have to transition all of those custom domain 1 emails to some proton aliases (unless I pay for the higher tier), which would be a pain, especially since the main reason I use these custom domains is to make it easier to switch services (e.g. just point my DNS records to the new host).

            • 𝕸𝖔𝖘𝖘@infosec.pub
              link
              fedilink
              English
              arrow-up
              2
              ·
              4 个月前

              That’s not everyone’s privacy posture. Some people use Proton to hide, some people use it to secure, some for both. If your goal is to secure, google’s antiprivacy isn’t against that.

              I’m with you, though.

        • linearchaos@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          2
          ·
          4 个月前

          Not OP

          There’s not a lot of negative press about them.

          They complied with Swiss government requests to out the IP of a French activist.

          It looks like they’re really doing the best they can.

        • MigratingtoLemmy@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          edit-2
          4 个月前

          Swiss laws aren’t as tight as a lot of people think.

          I’d like for them to lean more heavily into open source

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            6
            ·
            4 个月前

            It’s probably tight enough for your needs. Unless you live in Switzerland or are breaking Swiss law, they’d need a really good reason to send your data anywhere.

            That said, I use Tuta. They have a similar source model (open client, closed server) and are based in Germany, but since they’re an underdog, they have a bit more value and lower costs. I pay €3 and get 3 custom domains and 15 aliases, whereas w/ Proton I pay $4 and get just 1 custom domain and 10 aliases; I can also add people to my plan for €3, instead of upgrading to a Duo for $15 or family for $24. If Proton matched Tuta’s features, I’d probably pay slightly more for the better UX, but I use those features so I’m very hesitant to give that up. I don’t intend to use their VPN or other products, so I’m very much not interested in their higher tiers.

            I do wish their server code was open source and self-hostable. I’d love to use my own storage, but still use their spam filtering and whatnot.

            • Cryophilia@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              4 个月前

              Unless you live in Switzerland or are breaking Swiss law

              That’s the thing though, governments tend to make everything illegal so they can selectively enforce.

        • Cocodapuf@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          4
          ·
          edit-2
          4 个月前

          Yeah, I don’t trust proton mail.

          First off, email is inherently insecure, trying to secure it is largely a waste of time.

          Secondly, proton has complied with subpoenas in the past, revealing user messages to authorities/governments.

          Finally, it’s just too centralized, with a single point of failure, why would you trust it?

  • sailingbythelee@lemmy.world
    link
    fedilink
    English
    arrow-up
    65
    arrow-down
    2
    ·
    4 个月前

    This is a very rude question, but on this subject of being lean, I looked up your 990 and you pay yourself less than some of your engineers.

    Yes, and our goal is to pay people as close to Silicon Valley’s salaries as possible, so we can recruit very senior people, knowing that we don’t have equity to offer them. We pay engineers very well. [Leans in performatively toward the phone recording the interview.] If anyone’s looking for a job, we pay very, very well.

    So, I googled their tax filing out of curiosity. It’s true that Meredith pays herself much less than her engineers, which is great. What I was rather shocked to see is that they pay their software developers enormous salaries. They’re listing developers making over $400,000 per year, with their VP making over $660,000 per year. Now, I’m all for the value-creators making more money than the CEO. I just had no idea that software developers make that kind of coin. I was thinking of donating to Signal, but I’m kind of weirded out by those astronomical salaries.

    • mosiacmango@lemm.ee
      link
      fedilink
      English
      arrow-up
      41
      arrow-down
      1
      ·
      edit-2
      4 个月前

      That’s inline with Silicon valley salaries. Basic houses cost 2mil there, so it’s not completely outrageous.

      As an example, openai pays all its engineers 300k flat+500k/yr in some stock based asset. Another example is Netflix, who are notoriously a very fickle employer, but salaries start in the 400k range and go up from there.

      • sailingbythelee@lemmy.world
        link
        fedilink
        English
        arrow-up
        24
        arrow-down
        1
        ·
        edit-2
        4 个月前

        Yes, the article makes the point that Signal needs to compete for talent with the rest of Silicon Valley. I get that. And we’ve all heard about the nearly unfathomable amounts of money that tech companies throw around. When you break it down to individual salaries, though, and see that even normal people in normal jobs are making a million dollars a year between salary and stock… well, I think it really exposes the spectacular wealth inequality that we have allowed to fester. I mean, sure, shelter costs may be high in Silicon Valley, but the cost of other goods remain about the same. A $50,000 truck that an average person in Nebraska might have to save for years to afford is barely a rounding error for folks making a million a year. I’m no economist, but it does seem like there are consequences for this kind of ever-growing wealth inequality.

        It is also absurd on its face for a multi-millionaire developer to place a “Donate Now” button in an app and talk about being a non-profit to tug at the heart strings of people who make one-tenth of what the developers are making. It’s feels like Scrooge asking Tiny Tim for a donation.

        Anyway, I don’t blame the developers for this absurd situation, and I do appreciate Signal, and Meredith is clearly a cool person who is fighting the good fight against big tech surveillance. But every once in a while an article like this reminds me how deeply fucked up the world is. It seems we are approaching pre-French Revolution levels of economic disparity, and maybe it helps explain why so many working class people are pissed off.

        • Cryophilia@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          8
          ·
          4 个月前

          I cannot WAIT for the inevitable market correction on SWE salaries. Entitled bastards.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      17
      ·
      4 个月前

      Not all SW devs make that kind of money. I don’t live in Silicon Valley, and I make significantly less than that amount. I could probably get a job there making somewhere north of $300k, but my expenses would go through the roof and I’d be stuck in SV traffic all the time, no thank you. I get paid well, but less than half what Signal is paying.

    • Linktank@lemmy.today
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      1
      ·
      4 个月前

      I mean, how does a free app with no advertising in it make that kind of money?

      • trailee@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        22
        ·
        edit-2
        4 个月前

        A free app with no advertising doesn’t make that kind of money, it gets progressively deeper into debt to a good Silicon Valley rich guy who got it off the ground, Brian Acton.

        His biography on the Signal Foundation website:

        Brian Acton is an entrepreneur and computer programmer who co-founded the messaging app WhatsApp in 2009. After the app was sold to Facebook in 2014, Acton decided to leave the company due to differences surrounding the use of customer data and targeted advertising to focus his efforts on non-profit ventures. In February of 2018, Acton invested $50 million of his own money to start the Signal Foundation alongside Moxie Marlinspike. Signal Foundation is a nonprofit organization dedicated to doing the foundational work around making private communication accessible, secure and ubiquitous.

        Prior to founding WhatsApp and Signal Foundation, Acton worked as a software builder for more than 25 years at companies like Apple, Yahoo, and Adobe.

        The Wikipedia article on the Foundation says the loan balance was up to $105M later in 2018. Meanwhile, Acton is still worth $2.5B according to Wikipedia, so things are probably fine for now, even 6 years later.

        But you’re right that Signal eventually needs revenue to keep even a small team of high caliber software engineers and devsecops folks around. You very much want excellent engineers to continue to be involved with critical encrypted communications software on an ongoing basis, so it will cost money indefinitely. Presumably Acton does not wish to bankroll it indefinitely.

        Again back to the interview:

        I wouldn’t imagine that most nonprofits pay engineers as much as you do.

        Yeah, but most tech is not a nonprofit. Name another nonprofit tech organization shipping critical infrastructure that provides real-time communications across the globe reliably. There isn’t one.

        This is not a hypothesis project. We’re not in a room dreaming of a perfect future. We have to do it now. It has to work. If the servers go down, I need a guy with a pager to get up in the middle of the fucking night and be on that screen, diagnosing whatever the problem is, until that is fixed.

        So we have to look like a tech company in some ways to be able to do what we do.

        I’m really glad they pay those engineers that much, so that Zuckerberg and his ilk can’t entice them away with oodles of money. One presumes they also believe in the cause, but I think this currently looks like Acton fighting surveillance capitalism with what capitalism got for him earlier in his career.

        Cofounder Moxie Marlinspike is clearly a brilliant hacker and coder who was crucial to Signal’s creation, but I think it makes sense that he hasn’t stuck around to try to solve the long term business problem of keeping it aloft infinitely.

        So what to do about it? The OP interview is with Meredith Whittaker, who’s entire job is figuring that out:

        Since she took on the presidency at the Signal Foundation, she has come to see her central task as working to find a long-term taproot of funding to keep Signal alive for decades to come—with zero compromises or corporate entanglements—so it can serve as a model for an entirely new kind of tech ecosystem.

        I’m a recurring donor because I want Signal to succeed and I want to vote now with my wallet, but fundamentally it’s on Whittaker to figure out how to make the long term work. Here’s what she says:

        I see Signal in 10 years being nearly ubiquitous. I see it being supported by a novel sustainability infrastructure—and I’m being vague about that just because I think we actually need to create the kinds of endowments and support mechanisms that can sustain capital-intensive tech without the surveillance business model. And that’s what I’m actually engaged in thinking through.

    • Higgs boson@dubvee.org
      link
      fedilink
      English
      arrow-up
      8
      ·
      4 个月前

      Yeah, that’s not especially enormous compared to startups in the valley offering huge equity alongside already generous compensation packages.

  • 𝕸𝖔𝖘𝖘@infosec.pub
    link
    fedilink
    English
    arrow-up
    54
    arrow-down
    3
    ·
    4 个月前

    My only gripe with signal, is the use of phone numbers as usernames. Not everyone with whom I want to communicate via signal has a phone number. I understand why they went this route, but wish there was an alternative way.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      33
      ·
      4 个月前

      You can use a username only for finding and adding friends, you only need the phone number to create an account. That’s probably because Signal started as an alternative to Messages (or whatever it was called back then), so you could send SMS if you wanted, or secure messages to friends w/ Signal. The whole point was to be a gentle transition from SMS to private messaging. However, they eventually dropped the SMS feature, but it seems they kept the phone number as username thing.

      It kind of sucks, but I think that’s a reasonable limitation since the vast majority of people using this service will have a phone number. You could probably even sign up for a free trial of something (e.g. Google Fi) to sign up for Signal, set up the username, and then drop the phone number service. I don’t know if there are any problems with this, but I don’t think they do anything with your phone number after everything is set up.

      • EpicGamer@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        ·
        4 个月前

        I think another reason they use a phone number is that it can mitigate issues with people or bots creating hundred of accounts maybe

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          ·
          4 个月前

          But there are plenty of other services that don’t require a phone number that also seem to mitigate that issue, so while it may be a convenient option, it’s hardly the only option.

      • 𝕸𝖔𝖘𝖘@infosec.pub
        link
        fedilink
        English
        arrow-up
        8
        ·
        4 个月前

        Yeah. And I don’t fault them for this route. I just with I could sign up without a phone number. Maybe the username thing is a predecessor to allowing usernam-only registration in the future.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          ·
          4 个月前

          Yeah, hopefully. It would also be awesome to have a web login so I could access messages and whatnot when using someone else’s computer w/o having to install something.

          I don’t know what direction they’re going, but I’m honestly okay with the caveats that currently exist.

          • 𝕸𝖔𝖘𝖘@infosec.pub
            link
            fedilink
            English
            arrow-up
            4
            ·
            4 个月前

            Having web logon would mean they would need to hold the decryption key in some form (or have a weak decryption key, your credentials), so, while convenient, I think it would degrade security and possibly privacy. Unless you mean to receive new messages, the way the desktop app works?

                • sugar_in_your_tea@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  4 个月前

                  Why would they be joking? There’s really not a big difference between how their mobile and desktop apps work and what’s possible in the web. It can fetch the keys from my computer or my phone just like their other apps work, and store the keys and whatnot encrypted in temporary local storage, just like on the phone. WebAssembly could allow them to share the code and retain similar performance.

                  I honestly don’t see an issue here. If they need help, I’d be happy to lend a hand.

          • Manalith
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 个月前

            I’d be more interested in allowing more than one Android device at a time like MySudo. They let you link Windows with a phone so I wouldn’t think it would be too hard to implement.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 个月前

          Sure, and I think that would send a message to all of your contacts that a new account is using that number, but I’m honestly not sure. If you have an active account (i.e. on a desktop or something), I think you can just change your number if that happens (i.e. get another temp number).

          It’s certainly more convenient if you use a longer-term number, but I think it’s feasible with a throwaway number. Once your account is set up, Signal doesn’t need your number for anything if you disable publishing that.

          • vulgarcynic@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 个月前

            It does send a “your safety number has been updated with user” message. But not as an automated message. Only when a new signal thread is started.

            Haven’t tried when only logged in to desktop and changing devices / numbers so I can’t speak to that.

    • ikidd@lemmy.world
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      5
      ·
      4 个月前

      It creeps me the fuck out. I do not get why a service that bills itself as secure needs to know something that can be traced back to my credit card and name. I won’t use Telegram or Signal because of this.

      • 𝕸𝖔𝖘𝖘@infosec.pub
        link
        fedilink
        English
        arrow-up
        35
        arrow-down
        1
        ·
        4 个月前

        It’s about your posture. Most people who use signal use it to have privacy from governments. They’re not hiding that they use signal, they’re hiding what they write on signal. In this case, using your phone number isn’t a big deal.

        Some people, have a tighter posture, which could translate to your position. In that case, something like Briar could fit the bill.

        Lastly, security and privacy are not the same thing. Google products are secure, but they are not private. Self hosted sftp, for example, is private, but may not be secure. Signal is definitely secure, at least enough for general and governmental use. So, it seems, is telegram. Signal is more private than telegram in many ways, but it is not the gold standard for privacy (because of its use of phone numbers as usernames), but it is “good enough” for the masses. The balance between good for everyone and zero-knowledge private for everyone is delicate, potentially impossible. Honestly, I don’t know if signal was able to strike that balance perfectly, but they did a much better job than many other services, certainly than those others that are accepted by the masses.

        • ikidd@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          5
          ·
          4 个月前

          But putting a phone number in immediately exposes protesters to association. Sure, Signal can’t give out the contents of messages, but it still has the chain of contact. So if a government gets hold of this record, legally or otherwise, now you have everyone associated to a suspect phone number/person and can start rounding them up.

          It’s the complete antithesis of freedom of association when there’s a record of everyone that you’ve contacted. The contents don’t enter into that problem, and I can’t see why they feel the need to keep this as part of their system. It purposely makes it impossible to use this for something like peaceful protest. So, no, it doesn’t give you privacy from governments, because governments that don’t respect freedom of association will use that information to punish dissidents.

          I can’t imagine any reason to use phone numbers except to purposefully keep this chain of association for governments to use. Even Facebook doesn’t require this sort of personal proof, and it’s suspicious as hell.

          • noodlejetski@lemm.ee
            link
            fedilink
            English
            arrow-up
            20
            arrow-down
            1
            ·
            edit-2
            4 个月前

            Sure, Signal can’t give out the contents of messages, but it still has the chain of contact.

            it doesn’t. they’ve been ordered to hand over data multiple times, and the only thing tied to the phone number they have is 1. time the account has been created and 2. last time the account connected to the server: https://signal.org/bigbrother/

          • 𝕸𝖔𝖘𝖘@infosec.pub
            link
            fedilink
            English
            arrow-up
            6
            arrow-down
            1
            ·
            4 个月前

            You’re mistaken on the basis of your beliefs here. Signal only had two pieces of data around your phone number (joined datestamp, last online datestamp). This means that governments can’t petition signal for any more information, since signal simply doesn’t have it to give (by design).

            Your point on fb is hilarious, because they do require it. They just don’t require you to input it, because (1) they already have it and (2) you freely provide the missing pieces without them even asking. But, like I said earlier, if this goes against your posture, use something like Briar or Matrix or whatever. Choice exists, because everyone is different and has different postures.

              • pressanykeynow@lemmy.world
                link
                fedilink
                English
                arrow-up
                3
                arrow-down
                1
                ·
                4 个月前

                That is my concern with any US based company. With all the information we have how their government agencies used both legal and illegal means to access data how can you ever think those companies can protect your privacy even if they sincerely want to?

              • 𝕸𝖔𝖘𝖘@infosec.pub
                link
                fedilink
                English
                arrow-up
                1
                ·
                4 个月前

                Them being a us company is a very valid concern, and one I share. If I were a dissident, I likely wouldn’t use signal just because they’re us based.

      • UnderpantsWeevil@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        4 个月前

        The Signal pitch is that you don’t need identity security so long as the encryption is strong enough.

        That is, incidentally, the same pitch Botcoiner make.

    • ???@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      4 个月前

      I’ve been using it for a while and by far the biggest issue is how giant the backup file is and now about 3Gb of data were lost because of a signal version mismatch between an old phone I was using and the new one I switched to.

    • foremanguy@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      4 个月前

      For me, today the best messaging app is SimpleX, it is a bit in early development but it’s already really nice.

  • trailee@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    50
    arrow-down
    6
    ·
    4 个月前

    Signal is the best thing going on in tech these days. I’m very glad it’s being led by Meredith Whittaker.

    Did you know you can get a cool badge on your profile pic if you’re a recurring donor? $5 a month is far less than the value I get from it, but that’s all it takes for a cool badge (and knowing that you’re doing something active against the awful state of big tech today).

    • EK13@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 个月前

      Just to add to this, I also like to use the “donate for a friend” option to gift friends a donation to Signal on their birthdays. It’s also $5 but a one-off thing, they get a neat badge for 60 days and perhaps it raises awareness of the donation option a little bit!

  • fubarx@lemmy.ml
    link
    fedilink
    English
    arrow-up
    14
    ·
    4 个月前

    As long as they stay away from public ‘channels.’

    There lie dragons.

  • solrize@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    3
    ·
    4 个月前

    What is signal anyway? I’ve never paid attention to phone apps much. Why isn’t it on F-droid if it’s FOSS? Is it like irc but with encryption? I guess I should look into it.

    • RecluseRamble@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      21
      ·
      4 个月前

      Why isn’t it on F-droid if it’s FOSS?

      That got me interested and apparently, they fear forks running out of date.

      Concerning F-Droid, we already providing an auto-updating APK directly from our site, and we really don’t want forked versions of the app maintained by other parties connecting to our servers. Not only could the users using the forked version have a subpar experience, but the people they’re talking to (using official clients) could also have a subpar experience (for example, an official client could try to send a new kind of message that the fork, having fallen out of date, doesn’t support). I know you say you’d advocate for a build expiry, but you know how things go. Of course you have our full support if you’d like to fork Signal, name it something else, and use your own servers.

      While that statement got plenty of thumbs down, I hate to admit that F-Droid is indeed out of date quite often. I currently can’t find a source for this but I once read this has something to do with their signing process.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        11
        ·
        edit-2
        4 个月前

        Yes, they manually sign every package.

        But they could easily have their own F-Droid repository, I have repositories for FUTO apps like Grayjay and their keyboard, Bitwarden, and Newpipe, among others. Those are run by the projects themselves, so they’re in charge of how often they update it, as well as how they sign it. So if they have issues with the “official” F-Droid repositories, they can always host their own. I honestly prefer projects that host their own repos precisely because they should, in theory, update faster.

        That said, a self-updating APK is good enough for me. However, I didn’t see an install option easily listed on their website and had to search for “signal android apk” to find the page. It should be listed on the regular install page on their website, next to the link to Google Play. I found three separate pages for getting it for Android, and all three had a link to Google Play and only one had the APK.

      • solrize@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        3
        ·
        4 个月前

        Hmm, ok, thanks. But I’m kind of tired of version churn: who needs to keep changing a chat program? IRC has been around since the 1980s or so and still works fine.

        • noodlejetski@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 个月前

          who needs to keep changing a chat program? IRC has been around since the 1980s or so and still works fine.

          some people like texting their family who doesn’t use IRC, and they’d rather not send messages in plain text for one reason or another.

          • solrize@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            4 个月前

            I get that IRC is old school and encryption is important. My question is why the program has to keep changing. If the task is simple enough, there shouldn’t be incompatible changes required if there are new versions at all.

            • RecluseRamble@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              5
              ·
              4 个月前

              With new possibilities due to new tech user demands rise, too. People asked for features like group or video chats or coupled devices (not trivial with E2EE) and since good companies listen, they developed those and still do.

              Also, I don’t think there’s a single IRC client still in use that hasn’t been updated since the 80s. I wouldn’t be surprised if your favorite client got an update in the last couple of months - and that despite it being a trivial protocol.

    • dubyakay@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 个月前

      It’s more like WhatsApp or messenger (pick your poison on which one I am referring). Fairly lightweight. No useless features. And I think there’s an F-Droid version, running as Molly.

      • solrize@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 个月前

        Interesting, it looks like molly.im has its own f-droid repo, but there is nothing about Molly in the regular f-droid repo. Thanks though. I guess I should look into this a bit more. I’m way out of date with phone stuff.

        • vii@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 个月前

          Molly allows you to use alternative push servers (instead of Google’s), amongst other things.

          • solrize@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 个月前

            Oh interesting, yeah I saw some reference to Signal relying on some kind of Google service. I figure I would want to self-host anything I was serious about. It also looks like these things do video chat, so they’re much more elaborate (perhaps unnecessarily) than IRC, which is text-only. I’ve never used Whatsapp and am not even sure what it is, except that for a while I confused it with Instagram.

            I’ve installed GNU Jami and that seems like enough for video chat? I just haven’t had occasion to actually use it. I’m not a video guy and frankly am usually happy with email. PGP from the 1980s still works fine, if anyone cares.

            • vii@lemmy.ml
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              4 个月前

              The aim of Signal Foundation is to displace the likes of WhatsApp and Messenger thus it has to support all modern and expected features.
              Interestingly enough WhatsApp uses Signal’s protocol for encryption, it’s part of the planned messaging interop forced on Meta by EU.

  • graphene@lemm.ee
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    6
    ·
    4 个月前

    Wasn’t there some controversy about Signal’s creation being supported by the US government to provide private communications for anti-us-enemy organisation or something? I’m sure I remember it correctly…

  • Twinklebreeze @lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    21
    ·
    4 个月前

    I love the idea of signal, and want to use it and invite friends to it. But then I remember I don’t really want to message anyone, and don’t really have friends because I have no interest in messaging people.

  • Summzashi@lemmy.one
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    64
    ·
    4 个月前

    Nobody is going to use Signal when it lacks so many features. Feels like MSN messenger compared to it’s peers.

    • ABCDE@lemmy.world
      link
      fedilink
      English
      arrow-up
      37
      arrow-down
      1
      ·
      4 个月前

      I was clowned a few years back on this hot take. I am very regarded though. Can anyone pitch on this tinfoil?

      ?

      • underwire212@lemm.ee
        link
        fedilink
        English
        arrow-up
        26
        ·
        4 个月前

        Yeah idk I’ve read it like 4 times and still struggle to find a coherent thought here.

      • deranger@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        20
        arrow-down
        6
        ·
        edit-2
        4 个月前

        Poster was made fun of in the past for saying Signal gave metadata to the feds. He has a learning disability (regarded = deliberately misspelled R slur). They’re looking for someone else to corroborate the metadata claim.

        That’s my interpretation at least.

        • CosmicTurtle0@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          16
          ·
          4 个月前

          They did a blog post about how the feds had made a second attempt to get metadata from them and they could only provide two fields of information: the date the account was created and the last time it connected to the service.

          It’s in the public record as well if I’m not mistaken.

        • Lost_My_Mind@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          6
          ·
          4 个月前

          “Retarded” is not a slur. It’s a medical term. “Idiot” is a slur that roughly means the same thing, though not nearly as far.

          • noodlejetski@lemm.ee
            link
            fedilink
            English
            arrow-up
            9
            arrow-down
            2
            ·
            edit-2
            4 个月前

            “Idiot” is a slur that roughly means the same thing

            “idiot”, “moron”, “cretin” and “imbecile” were all medical terms once and described different levels of intellectual disability, but they fell out of use and are now considered offensive. language changes, and context is important.

      • jollyrogue@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        4 个月前

        Signal uses Google Cloud Platform for their servers, for one.

        Then I think it’s something to do with metadata.

    • Im_old@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      19
      ·
      4 个月前

      (almost) anything is possible with a CIA black fund budget. I’ve moved to Simplex chat and not looked back.