Signal is not the place for top secret communications, but it might be the right choice for you – a cybersecurity expert on what to look for in a secure messaging app
-
xmpp is like if deltachat was good
What I dislike about XMPP is that the client ecosystem is definitely weaker than DeltaChat. DeltaChat "just works", and it works incredibly similar and efficient across devices.
But yes, I wouldn't mind if the world used XMPP instead, honestly.
-
This post did not contain any content.
No, it is not.
-
This post did not contain any content.
Consider Briar.
Uses Tor. Works directly over Bluetooth/WiFi if the internet is censored or shut down. Decentralized, no accounts. No phone number required.
The app is super barebones right now - feels like SMS - but it works.
-
I don’t think that’s the case, I just think it is old people not know how to use technology.
Additionally, all these people in power are using signal, how is that not a loud endorsement that everyone should be on it.
Sadly, my contact list remains mostly on WhatsApp and Facebook messenger only.
Anyone who uses Facebook messenger as their only messenging app will need to text or call me. Fuck that. I do, however, use WhatsApp and discord for work and uni group chats. If or when that's no longer the case, people who only use those will need to text me, too.
-
This post did not contain any content.
-
What kind of private communication can we talk about if you must have a valid phone number to use Signal?! Lol
Signal recently implemented "usernames" instead of phone numbers
-
Consider Briar.
Uses Tor. Works directly over Bluetooth/WiFi if the internet is censored or shut down. Decentralized, no accounts. No phone number required.
The app is super barebones right now - feels like SMS - but it works.
How does the Bluetooth work? If you're close enough to be I'm bluetooth range with someone aren't you close enough to just speak to them?
-
How does the Bluetooth work? If you're close enough to be I'm bluetooth range with someone aren't you close enough to just speak to them?
One use case could be mass protests, where you have a lot of people congregated in a small area. An increasingly popular strategy among governments these days is to just shut down the entire internet in an agitated region. Bluetooth could keep information flowing as people move in and out of range.
-
Signal recently implemented "usernames" instead of phone numbers
Pretty sure they still store the phone number you sign up with, though - the usernames are just for sharing your contact with other people.
Most peoples' phone numbers are easily linked to their identity. Which means the government knows who's using Signal.
Usernames are definitely an improvement, but there are fundamental limitations in Signal's design.
-
error: problem between keyboard and chair
but nowadays maybe it works better with screen
PEBCAK
Problem Exists Between Chair And Keyboard!Knew of an IT help desk employee who used this as a resolution in a ticket. Yeah, he got fired as soon as the customer looked up what it meant.
-
I personally use carrier pigeons with caesar cipher. I know I can't out tech google, so I will go medieval.
You can do better than Caesar cipher
-
at least not when using a public instance - they could fork the project to keep decryptable records on gov servers where the official gov instance would run
All the people in the chat were high enough that the government for free provided them with secure rooms in their homes so everything would be done through government hardware and encryption programs.
They were probably out golfing at the time
-
Anyone who uses Facebook messenger as their only messenging app will need to text or call me. Fuck that. I do, however, use WhatsApp and discord for work and uni group chats. If or when that's no longer the case, people who only use those will need to text me, too.
The big problem is that the telecoms still charge by the minute to call a landline so most businesses have a Facebook page and use messenger as their primary form of contact.
I’m literally going to a vet now and they had messenger, WhatsApp or telegram as their contact method
-
One use case could be mass protests, where you have a lot of people congregated in a small area. An increasingly popular strategy among governments these days is to just shut down the entire internet in an agitated region. Bluetooth could keep information flowing as people move in and out of range.
Ah yeah that's a pretty good use case
-
Signal recently implemented "usernames" instead of phone numbers
Much better.
-
There's nothing to know; facebook is facebook, and nobody trusts facebook for data security. Whatsapp is not, nor will it ever be, true end to end encryption, when facebook owns the locks and keys.
Also WhatsApp logs a bunch of metadata (who you contact, how often, profile pic, etc)
-
Pretty sure they still store the phone number you sign up with, though - the usernames are just for sharing your contact with other people.
Most peoples' phone numbers are easily linked to their identity. Which means the government knows who's using Signal.
Usernames are definitely an improvement, but there are fundamental limitations in Signal's design.
Then I'd delete my old phone number account and start fresh.. not exactly the best option but all things considered you might have too
-
Signal is the place for top secret communications, but not for government business (at least not when using a public instance - they could fork the project to keep decryptable records on gov servers where the official gov instance would run).
The protections for classified information are not just about information security. They are about physical and operational security as well. That's why s SCIF has a "two locks" policy, and requires things like 4" steel doors.
-
It also just gets blocked by autocratic firewalls. Deltachat is clutch because it can theoretically run on top of any email host so it's way more difficult to block.
-
Signal recently implemented "usernames" instead of phone numbers
But still, to use it, you need a phone number, which in many countries can only be purchased with a passport. That's the main rule. If privacy is really needed, personal identification should be excluded so that it's basically impossible to determine who owns the account.
