Signal will finally let you transfer your encrypted chat history to new linked devices

povoq@slrpnk.net

Security researchers always look at a specific thing, usually the encryption only. The message encryption of Signal is great, the problem is all the rest of it that never gets scrutinized that closely.

thedarkquark@lemmy.world

Original announcement: https://signal.org/blog/a-synchronized-start-for-linked-devices/

povoq@slrpnk.net

XMPP basically uses the same end to end encyption method as Signal, but due to it not being mandatory some things are easier but come with the footgun that you can accidentially disable it (but it is enabled by default in most modern xmpp clients).

Otherwise: since XMPP federates more servers can theoretically see some metadata, but since most servers are small and community run there isn't a single big target like with Signal where you can siphon off all the metadata. So you can make arguments for both. XMPP: more meta data but decentralized, Signal: less metadata but all in one place.

laintrain@lemmy.dbzer0.com

Holy shit no way, basic functionality needed at absolutely all times, in my signal? More likely than you think!

Kudos to the Devs! Maybe time to give this app another shot!

jackgreenearth@lemm.ee

Why not use SimpleX then? You mention it but provide no real reason to use Signal over SimpleX

muntedcrocodile@lemm.ee

Hey u still use signal I'm not saying to stop using it I'm simply saying just cos its better than the alternatives doesn't mean we shouldn't demand better.

The signal encryption is provably secure that's what the researchers analyse. The metadata is a separate story.

See: https://lemm.ee/comment/17831982

laintrain@lemmy.dbzer0.com

You have no S.O. or friends you'd want to look back on chats with from 2-5 years ago to reminisce about how you met or something you did?

bisby@lemmy.world

XMPP has been an option for decades, if your contacts aren't using it by now, they arent going to. And with communications tools, both parties have to agree on a tool. Even if one party doesn't care about privacy or security.

Raw brute force security isn't the point most of the time, and ease of use and simplicity of setup are going to be major factors in adoption. Signal is much easier to get started with for most people than XMPP.

asetru@feddit.org

What about threema?

treadful@lemmy.zip

I use disappearing messages no longer than a week for all my Signal chats. Pretty surprised everyone's out here keeping long records over this medium.

treadful@lemmy.zip

No records means an adversary can't pull off an entire lifetime of communication history if a device is compromised. Signal is not the medium in which I'm interested in keeping records.

engineergaming@feddit.nl

Yeah. If the contact would be installing a whole new client to communicate with you anyway, why not make it an XMPP one? I got my mom to use it like this.

I did hear that the implementation of the encryption isn't as good as in Signal (and most clients also use an older version of it), but from my understanding - not in any way critically so.

engineergaming@feddit.nl

I use Simplex and overall happy with it, but since it is so new, would rather not go all-in. It is VC-backed so might eventually enshittify to make a profit.

essteeyou@lemmy.world

I see. I just don't have adversaries, and if they got hold of the memes and inane conversations I have about whose turn it is to pick up the kid from school then good luck to them.

treadful@lemmy.zip

If you don't have adversaries then why not use SMS? Though this just ends up with the tired old "if you have nothing to hide" argument that I'm not really interested in repeating.

Those examples also don't sound like things you'll need to look up months or years down the line, either. So why not just let them fade away?

southsamurai@sh.itjust.works

Ehhh, that's an easy thought.

But what about when your memes point to you being in a group that is now illegal, or oppressed? What if something you said a year ago is now being looked for as a sign of possible opposition?

It's nice to think "I have nothing to hide", and for the most part, most people don't.

But that conversation about who's picking the kids up from school is enough to help pin down where you'll be at a given time, when you'll be apart from your family, it gives an insight into family dynamics, it gives hints as to your personality, and your partner's.

You stack that with exchanges about groceries, errands, etc, and now anyone who can get access to your measures messages can predict a lot more about you

Since fascism in particular is coming back with a vengeance, your can't even predict what you'll be targeted for.

Now, take all of that info, combine it with location data that's even easier for a government to get, and you're fucked.

Don't forget that a woman was arrested because she helped her daughter obtain abortion pills. They got the info via Facebook, but with the messages being gone would have prevented that, or made it much harder.

This is the world we live in now. None of us are safe, none of us can rely on the rule of law. It's rolling the dice as to what can be used against you.

homesweethomemrl@lemmy.world

Yay Signal!

jackgreenearth@lemm.ee

I thought it was open source? Presumably a FOSS project can't go too bad.

takumidesh@lemmy.world

Being able to back up and then encrypt the messages on cold storage for when I may need to go back through an old conversation doesn't negate something like disappearing messages.

It's the best of both worlds, messages go away over time so if you lose your phone / it's compromised, you don't give up the goose, but you also have a nice safe stored version in the off chance you need it.

The danger imo isn't in having the messages at all, it's more about how, when they are just on your phone or whatever, they are generally not locked down.

geometrinen_gepardi@sopuli.xyz

I find the idea of reminiscing over instant messages funny. Different strokes I guess.