Signal is not the place for top secret communications, but it might be the right choice for you – a cybersecurity expert on what to look for in a secure messaging app
-
If you want to get really technical, each Signal account actually has a 'secret' account number that the phone number is linked to. The phone number requirement is actually a means to reduce spam and scam accounts.
So they could have replaced it with, like, email verification or something, but they instead stuck to the design that lets governments identify all users?
<Insert rampant and unfounded speculation about FBI compromise here>
-
No, but it's easy enough to be both. There's a pile of IM packages out there that manage it.
Metadata is valuable info, look at what a pen order nets law enforcement and why it's the first step in an investigation. The idea that a messaging app that's supposed to be used for political action but the chain of association is visible and verified is absolutely suspect.
You say "easy enough" but there are some serious tradeoffs when removing phone numbers from the equation. My mom can use Signal without my help but she wouldn't be able to use SimpleX.
Signal is a fantastic middle ground messaging app that is secure enough for me to use and easy enough for my mom to use.
I also have SimpleX but I have exactly 1 contact there...
-
SimpleX is what I use. I tried Signal in the past, but there was a noticeable delay in receiving messages and it caused problems when using it to communicate with family.
I have no problems with SimpleX so far. It works well and looks modern. A feature I like is that you can create a different user identity for each contact/ chat thread.
-
This post did not contain any content.
All I'll say is Threema. You pay once for a licence, so there's less bullshit people on it and they are based in Switzerland with it's privacy laws.
-
So use no messenger? Any decentralized options?
Alternatives to Signal that prioritize decentralized communication.
- Briar Project (https://briarproject.org/
A compelling choice for censorship resistance. Briar employs peer-to-peer messaging, connecting via Bluetooth, Wi-Fi, or Tor, and incorporates privacy features by design. It’s a robust solution for those concerned about surveillance. - Delta Chat (https://delta.chat/ A decentralized and secure messenger application. It's often praised for its ease of use and integration with existing email accounts.
- XMPP (https://en.wikipedia.org/wiki/XMPP Less of an application and more of a foundational protocol. XMPP is an open standard for instant messaging, allowing for decentralized implementations – though setting up and maintaining such a system requires a degree of technical expertise.
- Briar Project (https://briarproject.org/
-
All I'll say is Threema. You pay once for a licence, so there's less bullshit people on it and they are based in Switzerland with it's privacy laws.
Proprietary?
-
I personally use carrier pigeons with caesar cipher. I know I can't out tech google, so I will go medieval.
-
Maybe, but I normally only leave battery optimization on for apps that shouldn't be running in the background at all. This was several years ago, though. If Signal isn't like that anymore, that's a good thing.
-
Fair point, it always feels dirty to send invite-link through WhatsApp, the dominant messenger in EU.
How would one go to solve the invite problem? How does Signal handle this?
Phone number and trust-on-first-use for most people, with out-of-band fingerprint verification for the paranoid. It really depends on the threat model and the security practices/awareness of your colleagues, but a link shared on some social media or lower-security chat network is more vulnerable to a man-in-the-middle attack than a phone number for your average Joe. There are a lot of ways a person could get a manipulated invite link.
-
Proprietary?
Not sure, but probably. But looking at their history I think they have a good track record and it's used by the government as well in certain cases.
-
System shared this topic on
