Signal is not the place for top secret communications, but it might be the right choice for you – a cybersecurity expert on what to look for in a secure messaging app
-
EVERYONE SHOULD DOWNLOAD SIGNAL for PHONE-NUMBER-based communication, tho. Proper RCS is not here yet (and won't be in a long while), so let's try to mobilize people to Signal.
DeltaChat is cooler for non-phone based communications, IMO, and decentralization makes it way sexier and worth this tradeoff.
Isn't DeltaChat just PGP encrypted email? Could be wrong
-
This post did not contain any content.
I can't imagine any messenger is private if you invite random people into a group chat
️ -
Considering the US government now owns Meta and thus WhatsApp, it’s an interesting case… why did they use signal?
Disappearing messages
-
Considering the US government now owns Meta and thus WhatsApp, it’s an interesting case… why did they use signal?
If there is backdoor for them, then there is a backdoor for everybody who knows where to look.
-
RCS still leaks metadata like a sieve. Encryption, considering the platforms that exist today (Signal and SimpleX), should not be the minimum requirement. Plain-text messaging should not even be possible in modern secure messaging platforms. The platform should be open source and be engineered to mitigate the collection of metadata - like Signal and SimpleX.
Seeing as RCS with encryption based on the MLS standard hasnt been deployed yet, can you show exactly what metadata is leaking?
-
I use signal myself but I also use simple X. I can't use delta chat because I use proton for my email and therefore can't use delta.
Delta Chat is not associated with your email account, as far as I can tell. Am I wrong?
-
I can't imagine any messenger is private if you invite random people into a group chat
️Layer 8 security issue
-
Delta Chat is not associated with your email account, as far as I can tell. Am I wrong?
️ Sign up to secure fast chatmail servers or use classic e-mail servers -
Considering the US government now owns Meta and thus WhatsApp, it’s an interesting case… why did they use signal?
The government does not "own" Meta. Words have meanings.
-
Signal is the place for top secret communications, but not for government business (at least not when using a public instance - they could fork the project to keep decryptable records on gov servers where the official gov instance would run).
at least not when using a public instance - they could fork the project to keep decryptable records on gov servers where the official gov instance would run
All the people in the chat were high enough that the government for free provided them with secure rooms in their homes so everything would be done through government hardware and encryption programs.
-
️ Sign up to secure fast chatmail servers or use classic e-mail servers
You don't have to use a "classic email server", or even link your account to your current email address at all. The default onboarding procedure actually creates a new anonymous account for you on the default chatmail server. Reading through the site, I can't actually even tell why someone would want to use their preexisting email address.
-
You don't have to use a "classic email server", or even link your account to your current email address at all. The default onboarding procedure actually creates a new anonymous account for you on the default chatmail server. Reading through the site, I can't actually even tell why someone would want to use their preexisting email address.
Ah, okay. I think I heard about it at an earlier point where it was only using your current email.
-
The government does not "own" Meta. Words have meanings.
Not for ideologues unfortunately.
-
at least not when using a public instance - they could fork the project to keep decryptable records on gov servers where the official gov instance would run
All the people in the chat were high enough that the government for free provided them with secure rooms in their homes so everything would be done through government hardware and encryption programs.
Yes, ofc, using Signal was intentional to not keep any records/evidence.
-
This post did not contain any content.
Signal is great, that's why I'm suspicious that this recent story is to not only target journalism, but also secure app communication. I wouldn't be surprised if it's used as an excuse to remove signal from the app stores.
Hopefully I'm just being too paranoid.
-
This post did not contain any content.
How's signal compared to Element?
Also, is there a secure way to directly send messages to someone else's phone without the message having to be stored on a central server? As in they're only stored on the recipient device. Even if the server has no way of decrypting messages by default, just having the encrypted messages stored there is a liability because your encryption keys can easily get leaked by malware running on your device, phishing, etc.
-
Signal is great, that's why I'm suspicious that this recent story is to not only target journalism, but also secure app communication. I wouldn't be surprised if it's used as an excuse to remove signal from the app stores.
Hopefully I'm just being too paranoid.
Immediately had that thought as well.
Don't blame the barn for not holding the horses when you leave the fucking door open.
-
This post did not contain any content.
I personally use carrier pigeons with caesar cipher. I know I can't out tech google, so I will go medieval.
-
How's signal compared to Element?
Also, is there a secure way to directly send messages to someone else's phone without the message having to be stored on a central server? As in they're only stored on the recipient device. Even if the server has no way of decrypting messages by default, just having the encrypted messages stored there is a liability because your encryption keys can easily get leaked by malware running on your device, phishing, etc.
element keeps a lot of metadata unencrypted. but it is federated, you can choose the server that has access to it (deny federation for the room or set up federation ACLs if important to keep it there), and because of the former it's harder to just shut down.
https://github.com/matrix-org/matrix-spec/issues/660
signal doesn't, in theory they don't even know the recipient of your messages (but there's a twist in that part as I remember), but it is centralized around US servers. it is easier to shut down.
-
Layer 8 security issue
error: problem between keyboard and chair
but nowadays maybe it works better with screen
