Signal is not the place for top secret communications, but it might be the right choice for you – a cybersecurity expert on what to look for in a secure messaging app
-
This post did not contain any content.
I personally use carrier pigeons with caesar cipher. I know I can't out tech google, so I will go medieval.
-
How's signal compared to Element?
Also, is there a secure way to directly send messages to someone else's phone without the message having to be stored on a central server? As in they're only stored on the recipient device. Even if the server has no way of decrypting messages by default, just having the encrypted messages stored there is a liability because your encryption keys can easily get leaked by malware running on your device, phishing, etc.
element keeps a lot of metadata unencrypted. but it is federated, you can choose the server that has access to it (deny federation for the room or set up federation ACLs if important to keep it there), and because of the former it's harder to just shut down.
https://github.com/matrix-org/matrix-spec/issues/660
signal doesn't, in theory they don't even know the recipient of your messages (but there's a twist in that part as I remember), but it is centralized around US servers. it is easier to shut down.
-
Layer 8 security issue
error: problem between keyboard and chair
but nowadays maybe it works better with screen
-
Signal is the place for top secret communications, but not for government business (at least not when using a public instance - they could fork the project to keep decryptable records on gov servers where the official gov instance would run).
Out of curiosity, what’s a better app for that use?
-
This post did not contain any content.
Here are two reasons you might not want to use Signal: Your contacts, your settings, your entire Signal experience is tied to a Signal account managed by Signal. Metadata—who you’re talking to, when, and how often—can still be collected and analyzed. Question everything.
-
Out of curiosity, what’s a better app for that use?
Anything that logs all the communication.
Govs have their own apps, email servers, various other web-based tools to exchange data, etc. Usually also gov hardware (ie can't use/access such gov apps on non-gov phones).
It's not "what's better" it's what is mandated/required/the law.
Much like when you get a regular average job you have to use whatever is permitted - company email is the usual, can't just deal with company data over your private email account where the company has no oversight. -
EVERYONE SHOULD DOWNLOAD SIGNAL for PHONE-NUMBER-based communication, tho. Proper RCS is not here yet (and won't be in a long while), so let's try to mobilize people to Signal.
DeltaChat is cooler for non-phone based communications, IMO, and decentralization makes it way sexier and worth this tradeoff.
xmpp is like if deltachat was good
-
Signal is great, that's why I'm suspicious that this recent story is to not only target journalism, but also secure app communication. I wouldn't be surprised if it's used as an excuse to remove signal from the app stores.
Hopefully I'm just being too paranoid.
insanely paranoid if you think this will get it removed from app stores good grief
-
insanely paranoid if you think this will get it removed from app stores good grief
Talk to Tiktok
-
Here are two reasons you might not want to use Signal: Your contacts, your settings, your entire Signal experience is tied to a Signal account managed by Signal. Metadata—who you’re talking to, when, and how often—can still be collected and analyzed. Question everything.
-
Signal is great, that's why I'm suspicious that this recent story is to not only target journalism, but also secure app communication. I wouldn't be surprised if it's used as an excuse to remove signal from the app stores.
Hopefully I'm just being too paranoid.
I don’t think that’s the case, I just think it is old people not know how to use technology.
Additionally, all these people in power are using signal, how is that not a loud endorsement that everyone should be on it.
Sadly, my contact list remains mostly on WhatsApp and Facebook messenger only.
-
Here are two reasons you might not want to use Signal: Your contacts, your settings, your entire Signal experience is tied to a Signal account managed by Signal. Metadata—who you’re talking to, when, and how often—can still be collected and analyzed. Question everything.
The issue of centralization can be a problem, but in regards to metadata, sealed sender does a lot to prevent Signal's servers from knowing who messages who, which makes Signal a lot more private than described here.
-
Here are two reasons you might not want to use Signal: Your contacts, your settings, your entire Signal experience is tied to a Signal account managed by Signal. Metadata—who you’re talking to, when, and how often—can still be collected and analyzed. Question everything.
"The only metadata that Signal would have access to, is the phone number used to register, the date of initial registration, and the date of last use."
https://www.reddit.com/r/signal/comments/exd92f/what_kind_of_usermessage_metadata_is_observed_and/
-
This post did not contain any content.
Regarding the trick of an adversary gaining access by emailing or SMS'ing a QR code for adding another device...
Why does the new device not demand the PIN before being added?
-
SimpleX is decentralized, requires no phone number, based on Signal code. Screws up invitations via FB/Messenger though.
-
The government does not "own" Meta. Words have meanings.
Lots and lots of meanings.
-
xmpp is like if deltachat was good
What I dislike about XMPP is that the client ecosystem is definitely weaker than DeltaChat. DeltaChat "just works", and it works incredibly similar and efficient across devices.
But yes, I wouldn't mind if the world used XMPP instead, honestly.
-
This post did not contain any content.
No, it is not.
-
This post did not contain any content.
Consider Briar.
Uses Tor. Works directly over Bluetooth/WiFi if the internet is censored or shut down. Decentralized, no accounts. No phone number required.
The app is super barebones right now - feels like SMS - but it works.
-
I don’t think that’s the case, I just think it is old people not know how to use technology.
Additionally, all these people in power are using signal, how is that not a loud endorsement that everyone should be on it.
Sadly, my contact list remains mostly on WhatsApp and Facebook messenger only.
Anyone who uses Facebook messenger as their only messenging app will need to text or call me. Fuck that. I do, however, use WhatsApp and discord for work and uni group chats. If or when that's no longer the case, people who only use those will need to text me, too.
