Granted, the part
The globally recommended app by privacy and security experts, Signal, is now being downloaded massively and tops the Danish Google Play Store
is a little ironic, but you gotta push this winning tide and then work from that.
I am from Denmark. I have spent the last 10 years fighting to get schools and government institutions to switch away from American software.
What a waste of time, when all it takes is the threat of an imperialist take-over of Greenland to actually get my fellow countrymen to finally listen and act.
Signal is still centralized US software.
It is the least evil for the ignorant technology end user.
Concerning the usability, yes. Otherwise Matrix would be the best option, it can be hosted locally.
Ignorant feels harsh, technically accurate but harsh. Yes technology permiates our lives but its such a broad term that no one can be fluent in all its aspects and most of us have to have in depth knowledge of at least one part of it to do our day jobs. We can’t expect everyone to have the time to learn about the inner workings of communications infastructure.
Problem is if they change to Signal now they are less likely to change again to something “better”.
There’s no better. When that hopeful better comes we will all think about it.
pretty big fan of http://delta.chat/ secure and decentralised
They are supreme denialists and try to gaslight people into believing that Foward Security is a thing you don’t need. I may have it installed and the ui is cute enough, but I can’t even consider it hitting close to the level of security Signal employs. It’s basically a toy experiment.
bummer, i had not realised that forward security was not there :/
sounds like its a while off.
Is that not just chat over email? I thought it used to be, and some of the language on the site is still kind of suggestive of it, but it does sound kinda different. Maybe I’m confusing it with something else. If it’s still just fancy email, I’m not sure I like that idea since email has so many privacy issues baked in deep.
i dont know much sorry, think you would want to start with https://chatmail.at/
Telegram is still better, while not being ideal, of course. But at least its servers aren’t located in the USA.
The ideal options are decentralized/p2p, but for now they have very few users (not many less than Signal, to be fair).
Telegram is worse. There’s only pedos and russians on it, not to mention the french government having full access to the servers.
The software with encryption disabled by default, no security audits, and rampant spam is better?
E2E encryption it’s not the only feature that matters. By the way, I am not promoting Telegram, I only mean that relying on US-centric infrastructure is bad because you can be disconnected away at any moment.
telegram is the absolute wirst when it comes to constant spam from scams and bullshit group chats… it’s an utter cesspool.
Elaborate please.
True. I was more referring to the fact that nobody has wanted to move away from Meta, Google and Microsoft solutions because of convenience (until now).
But at least the US government can’t listen in on your conversations, and if they don’t know your phone number, can’t block your specific communications either.
That you know of.
This is from 2020 after the news discovered that yeah actually, the US gov could read your encrypted messages. https://www.forbes.com/sites/daveywinder/2020/02/12/cia-secretly-bought-global-encryption-provider-built-backdoors-spied-on-100-foreign-governments/
Edit: how fascinating! I’ve been downvoted. Really makes you wonder who is pushing for this adoption of this.
You were downvoted because what you posted is completely irrelevant to Signal. The only way to read the messages is to install spyware on your phone.
Well yeah, but if you take into account theoretical vulnerabilities, then nothing is safe, including your self-hosted decentralised server (let alone your conversation partner’s).
It’s the fediverse, signal is sacred and will not be questioned nor criticiced, anyone else who wishes to have a non-US instant messenger gets downvoted to hell.
Wish I was joking but just look at the other guy who dared to like Telegram.
It’s basically signal or matrix in here.I personally don’t use it, it’s much more suspicious that other messengers get so much flak and signal is defended so fiercely… And it’s also USA based.
It’s the fediverse, signal is sacred and will not be questioned nor criticiced
you can question signal just as much as you want, but you’d better come with actual arguments rather than just conspiracy, because signal has counters to pretty much every claim that non-experts try to make
signal was built and is run by one of the worlds foremost security researchers and privacy activists
it uses standard encryption that is used in huge numbers of things. if there were a problem with any part of that, the world would have a much bigger problem than individual communications. the US government does not behave in a way that suggests these algorithms are compromised
it has been repeatedly audited by 3rd parties
the fact that it’s US-based is barely worth mentioning… why is that a problem? are you sure it’s not solely a knee-jerk reaction?
it’s free (so you’re not supporting the US economy), the client - and server, though that’s not important because E2EE - is FOSS (so it’s auditable and extendable by anyone: AFAIK they also ensure repeatable builds), the encryption is basically as good as it gets (they even have various protections for quantum computing), their architecture means they can’t even see metadata like senders… so, again, in this case what are you giving up by having it US-based? perhaps a little bit of soft power, perhaps an acknowledgment that in this 1 case the US produced a good product counter to their governments interests
the other guy who dared to like Telegram
because telegram is not for security or privacy conscious people, despite their marketing: they actively muddy the waters and make people less safe
their encryption is custom, written by mathematicians not cryptographers so doesn’t include features like perfect forward secrecy, replay protection, etc
and their default chat mode isn’t even e2ee - only secret chats use their custom encryption, and nobody actually uses them!
there are numerous sources documenting these problems, and plenty more
it’s okay to like telegram: i like it as a chat app, and i use it for the features it provides… but it’s not okay to say in a privacy and security context that they’re even remotely comparable
signal was built and is run by one of the worlds foremost security researchers and privacy activists
Small sidenote, but Moxie is no longer running Signal. (He’s doing Confer now.)
Weren’t it Signal devs who made e2e for WhatsApp? So what’s the point of switching?
Signal punished their spec and WhatsApp re-implemented it, yes but critically only the messaging parts rather than all the other privacy parts
the reasons to switch basically start with WhatsApp is owned by Meta, and given that these things become more important:
- WhatsApp is closed source so it’s difficult to confirm if their implement is “correct”
- they may have the ability to extract your keys from your device somehow
- i’m not sure who is the ultimate key-holder for whatsapp: if it’s like apple, they hold your private keys and thus can decrypt anything they like (different to signal where devices transfer your keys between each other via qr codes etc)
- on that last point, i can confirm that to login with whatsapp on the browser just now my process was: enter phone number, type an 8-digit code from my phone… this could be an temporary key of some kind used to e2ee between the devices to transfer my master key or something, but i’m very suspect on this being anything more than plain text verification that meta could man in the middle
- whatsapp stores your contacts, and message metadata… that’s all i personally need to avoid it: meta doesn’t need to know who and how often i message people to add to their profile on me
meta says whatsapp is secure exactly for this reason: people think “why switch?” when it’s really about the metadata for them… they are experts and building a profile with scraps of metadata
writing a secure application is about more than technically rock-solid encryption and protocol
Removed by mod
Italian in Denmark here.
I thank you so much for this! I am amazed at the dependence of all facets of social life and information on Meta and Google’s properties.
I am cut out of my building’s initiatives because I don’t have a Facebook account. There are no events (such as dance events, protests, etc) published anywhere else than on Facebook’s Events.
When I propose to be contacted on Signal people look at me as if I was an alien.
You are doing God’s work, as a Christian would say.
@Muffi @Novocirab
Same. This applies to EVERY non-US country!!
I can’t believe that the EU, France, UK, Spain, Italy etc. do not have their own comprehensive Fedi servers for their own institutions, govt departments & citizens! ALL still relying on US tech.
Kinda ironic that if the danish representatives in the EU got their way with chat control, danish people wouldn’t even be able to install signal (officially at least), since Signal said they would leave the EU in such a case.
I’m pretty sure this isn’t irony, but rather a reaction from the population that is realizing the shit their government is doing.
That is one fucked up looking flag
Mashup of Greenland and Denmark flags with signal logo added for some reason.
greenland officially adopted it 3 hours ago (10000% real)
What’s she flag equivalent of blasphemy? This is what it would look like.
Mushing two nation flags plus an app logo plus some sort of pattern overlay into a headline image is just so wrong.
Unfortunately Threema the European alternative that’s at least as secure as Signal costs money - and that one time fee is enough to send everyone to Signal.
It’s also not open source.
The Threema client is open-source. Which is about the same as with Signal, who release partial open-source code of their server, but it is impossible to actually use.
But as far as I understand, for e2e programs that doesnt matter as long as the client is open-source, isn’t it?
As much as I praise Threema… it frankly sucks compared to the alternatives. Delayed message delivery, sometimes no notifications, somehow dated looking Ui…
Especially as there are open source alternatives such as matrix
Imagine EU sponsoring a messaging app as part of public infrastructure.
Great Idea. It will probably be called ChatControlsEU and every message is archived and data mined at the Bavarian police departments Palantir instance.
deleted by creator
Threema and Telegram are the same app?
Oops, misread, and didn’t even notice when quoting, lol
If only the threat didn’t (also) come from inside the house when it comes to privacy. I don’t want my national police to have full access to my chats at all times any more than I want the USians to have that access, possibly even less. FBI or CIA isn’t going to personally bust down my front door, arrest me and seize all my computing devices because I called a local politician a dick.
Meshtastic. Let’s get some critical mass. Get single points of trust out of the equation.
Yeah, a network based on the principle of flooding ain’t gonna work across that many people.
Or briar, tox…
Tox is not really great for multi-device, is it?
no. But if you mean independent access with various devices, neither signal is since you need always the phone to access the desktop version.
Thats why I personally prefer Matrix.
However, the solution that Signal offers is the easiest for most people. Also it is not true that you always need the phone. The desktop version works fine alone unlike Whatsapp it doesn’t request you to connect the devices all 2 weeks. It does need a first installation on a Mobile or Android device in order to get the PC version running.
The difficulty is when you need to exchange the encryption keys between different clients. This is where it gets complicated with Tox and Jabber/OTR. And to be honest the solution of Matrix is easier but also can get confusing for people who are just used to having a phone as their main device.
It does need a first installation on a Mobile or Android device in order to get the PC version running.
I stand correct.
And to be honest the solution of Matrix is easier
What is the matrix solution for that? Keys will always have to be exchanged between devices
I stand correct.
Yes, but fact is, that this is the easiest way for most users. And also most users don’t care if you can use it stand alone on a PC or not, and if it is linked to a phone number or not.
What is the matrix solution for that? Keys will always have to be exchanged between devices
You can use devices to cross-sign each other or use a passphrase.
You can use devices to cross-sign each other or use a passphrase.
nice
I’ll get a node, but the bandwidth is too low. I’m looking into WiFi meshing now.
Sadly Meshtastic is limited to the number of nodes it’ll go through (think it was 7) so pretty limited. MeshCore goes up to something like 64 so is better but still both have huge limitations right now besides the ‘no nodes around me’ issue.
still, I have some MeshCore nodes and hopefully get 1 fairly high up when I can afford the £100 to buy it but its a lot to waste when no-one around here is interested.
Or simplex!
IIRC, I looked into Meshtastic a while back, and it was known to be unreliable. Is that still the case? It seems like a really cool concept
Like one of the main things Signal is really terrible at given that it is based in the US and hosted on AWS servers 🤦
Besides being hosted in the AWS servers, there’s no way to check if what’s running there is the same as the published code. That’s why i don’t use signal.
When the signal foundation is losing money every year, i can just wonder what will happen when the money runs out. Even the good guys need to eat.
Or what will happen when trump will decide to seize the AWS servers running the signal application server.
You don’t need to care about the server code since the secure bits and encryption that matters is all on the client side and verifiable.
i do care about metadata.
as in phone number, IP and timestamps? If I were worried about that I wouldn’t have a phone in the first place but if private messaging (content is private) I think signal works fine
If you care about it then just use Signal since it’s the one with least amount of metadata fying around. A big central server with many normies using it also ensures that it’s very hard to correlate traffic.
If you care about it then just use Signal
No, because of:
When the signal foundation is losing money every year, i can just wonder what will happen when the money runs out. Even the good guys need to eat.
I have seen this film so many times…
It shouldn’t matter because you can verify that your data is encrypted and thus not accessible to the server, but also, IIUC, they use secure enclaves so that you can verify that their server is running the published source code.
when trump will decide to seize the AWS servers running the signal application server.
How do we know he hasn’t already?
No need to size them. AWS is deeply embedded into the intelligence apparatus of the NSA as one of their prioritized suppliers.
I believe the fact that Signal is hosted on Apple or Google clients is worse than its server host. (I still use and recommend it though)
Convincing people to use an open Android build is much harder than installing another messenger.
Is it about the geopolitics or did SaveSocial’s marketing campaign “digital independence day” last weekend (look for #DIday and #DIDit) also contribute? I’m not sure how visible that was internationally or if it was just a German campaign.
DID stemms from a Talk AG the CCC this year. It is a month old and was held in german. I think this isnt DIDs work here
Welcome to the club!
From one american service to another american service? Good job m’Danes, that’ll show’em.
Less flippantly though, Signal is a better american service, and incremental improvements are good too.
