Why? Because the Dutch national broadcasters keep plugging it as an alternative to Whatsapp.
Aside… Two apps keep getting mentioned as alternatives, Signal and Element/Matrix, but in MHRO both are not viable as replacements.
Signal: still a US app, CIA funded, provides their encryption backbone to Whatsapp, recommended by governments & FBI. Matrix/Element: Developed in Israel, with ties to IDF, preferred by NATO (NI2CE)
IDGAF who funds it or who develops it.
- E2E encrypted
- security review by independent party I trust which says there are no holes or bugs
- open source
Those three things are all that matters.
Other than people you don’t like living in the world here with us, do you have any proof of anything actually nefarious done by signal or matrix?
Signal: still a US app, CIA funded
Honestly, this gives me more confidence in it. The CIA is very interested in keeping its people safe, so if they’re using it, its in their interest to ensure it’s secure. If they do put in a backdoor, I happen to be a US citizen so I’m unlikely to be a target since the CIA is all about surveillance on outsiders (FBI is domestic). FBI and Signal rarely agree, but they agree that Signal is great, so I think that’s a pretty strong endorsement.
Add to that Edward Snowden recommends it, and he’s certainly an enemy of both the CIA and the FBI at this point.
If nobody used CIA funded security tools, we wouldn’t have security tools
I happen to be a US citizen so I’m unlikely to be a target since the CIA is all about surveillance on outsiders (FBI is domestic)
All of that’s off the table now with Trump in power. It’s more than likely the CIA will be deployed against domestic targets.
I think that’s unlikely, but even assuming it is, if spooks use a security/privacy tool, it’s probably pretty good.
Just FYI:
If you want to say “both are not”, you can instead use “neither”.
Signal is funded by the CIA now ? And I thought Element is in the UK?
Signal does seem to have some ties to the CIA
There seems to be a completely different Israeli company called matrix. I can’t find any link between the two.
It’s old and convoluted, something like a precursor to element got funding from Israel or something
Maybe OP means that the Matrix protocol is created by an Israeli company.
I guess this means we’re not switching to RCS then?
Nope.
If I can implement my own RCS client, then I’ll consider it.
RCS is not an open standard
A lot of VPN servers in Netherlands may have something to do with it…
My dad just said in the WhatsApp group, why not move to signal. I tried moving friends and family before, but now that there has been anti meta media reports in some news sources. But especially reports on signal in almost every major newspaper and news source.
It seems not only a push because of privacy, but even more a anti big tech(especially us tech) and buy/use eu stuff push.
I don’t mind the push I’m just curious if people stay on signal. Previous time there was a push to signal (during whatsapp technical difficulties and privacy push) people quickly want back to whatsapp.
Now my volunteer work, 1 friend and a family chat already moved to signal. The only thing I did was some explaining that you can just send images and so on. (That it’s not something scary)
What are the major differences between what you can do on Whatsapp vs Signal?
Whatsapp let’s you donate your contact list and social network to meta for them to resell.
Source?
It requires access to your contacts to work on Android. That is, you cannot type in a phone number. That’s an intentional choice.
Oh, that’s yucky. Thanks for the information, we haven’t used it since it got bought by Facebook.
Thank you!
Where you unable to find this without a provided link?
Yes.
The only real differences we can think of is:
Whatsapp unlike Signal doesn’t have usernames meaning a phone number must be used to contact others on it, and that Whatsapp’s report feature shares the unencrypted message and surrounding messages with Meta to give context for the report.
it is just a messaging app, legit the exact same. group chats, image and video, previews to links i send, it even has a way higher level of customisability that i haven’t found elsewhere.
I would have rather seen Element but hey, it’s a step in the right direction.
Why? Matrix sucks as an instant messenger app, it’s better as a Slack/Discord alternative.
It only sucks because you keep using Element. Its the worst client out there, if you account for “doneness”
What’s better? I’ve only used Element
Cinny
Try fluffychat is more user friendly and with better ui than elements. I used the “every image can be a sticker” feature to move people to matrix.
And what would be the best? Element is certainly the most popular.
Only because I’m not aware of other decentralised Signal alternatives. That’s on me.
SimpleX is pretty rad.
Indeed, but funded by VC which makes me uneasy about its future.
Huh, I missed that. From the announcement:
Also, funding the work to transition the protocols to non-profit governance model would not have been possible without the donations we received from the users.
Our pledge to our users is that SimpleX protocols are and will remain open, and in public domain, so anybody can build the future implementations of the clients and the servers. We are building SimpleX platform based on the same principles as email and web, but much more private and secure.
If they stay true to that, they’re probably planning on building for-profit apps on top, while keeping the foundation free.
That sounds reasonable to me. Hopefully that happens.
Fair. I’ll still be on watch, since venture capitalists are scum. Hopefully donations will eventually become stable enough for a revenue stream for them.
Not yet, it lacks a lot of the features Signal has and does not even have a proper ipad ui yet, nor proper profile syncing between devices.
If it ever has these it might be useable by the masses, until then it’ll be only the interest of privacy nerds.
Though really the most important thing is its lack of audits and a transparency report like Signal has. How can we be sure that its encryption/other security is up to standards or they don’t hand over anything to cops/courts without these two things? These are what most messengers fail at, especially open source decentralised ones to be fair.
Yeah, it’s a cool toy, but when I was picking a messenger to sell my SO on, Simplex failed my basic requirements:
- works on phone, desktop and laptop (messages arrive everywhere reliably)
Signal passed, so we went with that.
Simplex is still rad though, and I want to try building something on top of the protocol. I’m working on a P2P Reddit/Lemmy, and Simplex could be rad for DMs or something.
Isn’t Element based of Matrix? From what I’ve read, Matrix is a bit mid (not exactly mid, but I can’t think of any other word).
It works as it’s supposed to, though the handling of keys (strictly necessary for self-determined end-to-end encrypted chats) can be hard and annoying for people who have no experience. But once you get the hang of device confirmation you can use it seamlessly across multiple devices.
Fluffy Chat is great too!
Nice! Never heard of that one, I’ll look that up!
It’s got matrix multi-account support and looks really nice.
Let’s hope they’ll be able to continue to use it. It (and all other messengers with proper E2EE) is already on track to be outlawed in Sweden and France, and the new government in Germany will be pro mass-surveillance, too.
I use Telegram, like betamax have I backed the wrong horse?
All kidding aside from the other comments, Telegram is not secure or private. It’s not E2EE by default and getting it enabled is per-chat and convoluted. Frankly, I wouldn’t even trust it with cat pics I send to the bros let alone private messages… not to be fear mongering but do yourself a favor and get off Telegram.
Signal, despite some criticism that it’s “Not private enough etc.”, strikes a balance between usability, privacy and security. It’s also miles better than Telegram on all fronts.
A big issue we have in the privacy community is that it’s easy to have an “all or nothing mindset”. Even small steps in the right direction can be hugely beneficial. So, Signal is great. Use Signal.
I’m sure going all in on a Russian company is just fine. Their Wikipedia entry has nothing at all to indicate any shady behavior.
/s
Oops, I didn’t realise. I’d not fully adopted so will pivot. Ta
Fuck signal. No “privacy” focused messenger should need a phone number to register…at that point u basically handing the agencys meta data on a platter
Errybody hatin’ your logic but your logic is just that: paranoid and for no shortage of good reason and those are my dice.
Session
GPG
Don’t let perfect be the enemy of good. Getting people off of proprietary stuff is the first step. Whatever else is the next step.
Why are you licensing your comment?
But why do you want to license it at all? It’s normally not licensed. When AI vendors break the law they don’t care about licenses. Fuck, look at meta.
Hmm, did you read the links I posted?
Sure, what meta did is fucked up, but they are being sued. Just because someone ignores the law, does that mean that we should just stop doing something?
privacy != anonymity
nitpicking
No, that is an important distinction. People have different threat models. For most people, privacy without anonymity may suffice (i.e. I don’t mind that you know it’s me, I just don’t want you to see what I’m sending). For others (i.e. journalists, whistleblowers, more privacy-centric individuals), anonymity may be equally important.
Exactly. And requiring a phone number enables convenience features like:
- account recovery
- find contacts
- be found by other people
Once you have an account, you can disable the phone number and use Hawks usernames instead (can be changed at will) of disable discovery entirely.
It’s a pretty reasonable limitation IMO.
“Account recovery”, yeah but by whom?
“Find contacts”, dont you know who u wana talk with?
“be found by other people” ???
yeah but by whom?
Whoever controls the number. This is fine for 90% of people who hold on to their number, especially since no data is leaked unless you are sent messages after changing your number. But that’s the same for SMS, so it’s not a downgrade from that.
dont you know who u wana talk with?
Yes, but most aren’t on signal yet. When they do join, it’s nice for them to know you’re on it too so your communication can default to that.
You can disable discovery (I do).
You know that your phone number is never saved anywhere? Signal only uses a cryptographic hash of your phone number.
I know it’s not the best, but it is great when you want someone to shift from other popular proprietary app like WhatsApp.
Replacing one phone number based system with another may not be a wise choise.
Wrong again. Please research before you start shouting.
WhatsApp uses the Signal protocol. The difference is, it being owned by Meta, it also logs all the metadata it can alongside your real phone number.
Signal messenger uses the Signal protocol. Contrary to WhatsApp, it does not store any metadata. Your phone number is used by the Signal protocol merely as a cryptographic hash. That means, it’s impossible to know who is communicating with whom.
It is not replacing “one system” with “another system”. It essence, signal is WhatsApp, but with all the added spying features stripped, none added.
Wise, maybe not. Pragmatic, yes.
Pragmatism got us here. Maybe its time for people to start giving fucks, or like just dont communicate with me.
I suspect most people will take the latter option. Enjoy your “victory”.
Jmp.chat is worth being aware of
Also you’re a wackadoo
Yeah lets use the phone number of a middle man to sign up…sure u wont forget to relock the number every week so they dont get the power for account take over since they manage your number.
So no disagreement on the wackadoo part.
Tbh I hope you’re doing something cool with this paranoia. Like I want to see news articles about you secretly fighting evil, not sitting at home playing pirated video games.
at that point u basically handing the agencys meta data on a platter
Can you explain what you mean? I’m not sure I understand how that would work.
Well in many nation you can only get a phone number by showing ID, hence the number itself isnt anonymized. So if there is a legal request to signal they hand over the number and u already de anonymized. If you dont use your own number you have to relock signal every week (manual) so the number cant be used for account takeover…why is that lock even on a timer? That just sounds like a trap.
But lets assume u used your own number, and it gets found out. With that number it would be easy af for a state actor to send u a zero day SMS to take over your phone…there are so many reasons why a phone number is just bad to use as a identifier in a privacy focused app. The technical hurdles to allow account creation without phone number or like just to have number as optional, are very low. The official reason for the numbers is spam protection…but there are a lot of privacy messengers out there that dont use numbers and dont have a spam problem.
would be easy af for a state actor to send u a zero day SMS to take over your phone.
Two problema with this logic
- do you think a state actor needs to leak the phone number from signal to find out your number?
- 0-click SMS exploits are possibile, but extremely rare and extremely expensive. Someone with such an exploit won’t burn it for random Joe.
Edit: In any case, if your security depends on malicious actors not discovering your phone number, a generally public piece of information, your have no security to begin with.
there are a lot of privacy messengers out there that dont use numbers and dont have a spam problem.
Because they have not users either. You are talking about niches in a niche segment of a niche market.
Using a phone number that is used only for account creation is a non-issue overblown by a lot of people. Your phone number is likely in the contact list of tens or hundreds of people, already comfortably associated with your name and conveniently shared with many applications that your contacts use. The association between phone number and identity is something that telco companies can already (and do) provide to authorities. The only bit of metadata that is added is that “person X uses signal” which in itself is an irrelevant piece of data.
In any case, if your security depends on malicious actors not discovering your phone number, a generally public piece of information, your have no security to begin with.
I am taking the time to remove my info from the various aggregators, and it is scary the kind of detailed info that exists out there just as public information.
As you say, if you are worried about a phone number being tied to your identity, it’s already public information.
