Signal – an ethical replacement for WhatsApp
Technology
184
Beiträge
117
Kommentatoren
0
Aufrufe
-
Humans are too stupid to switch from convenience to slightly less convenience even if they get privacy for free. Any amount of discomfort is too much and changing an app is basically death.
They see no value in it. They don't see that privacy is proactive measure that can protect you.
On Facebook, especially in my family, accounts get lost and hacked. One fine day, it might be someone with more influence in the family who's attacker might make off with stolen bank information or passwords.
but "that'll never happen", right?
-
Interesting phrasing. How so?
I believe in it,... for now.
I moved my family group to xmpp to have more personal control over our chats. Signal seems benevolent, but I've seen this play out before. Will it stay that way? We treat online forums with the idea that federstion works to stop enshittificstion. I believe XMPP is a good model for federating secure chatrooms for the same reason: People should control the voices of the people, not companies.
-
I agree and it would be much better if people would use Signal instead of WhatsApp, but I think there's still one problem.
Due to how messaging platforms work, every time you switch you lose pretty much everything (messages, media, etc)
This makes switching very hard even for a nerd like me, because if Signal is not "perfect" it means that I will have to switch again at some point and lose everything again.Can I ask why are you so attached to your message history? I recently lost my entire WhatsApp history and it hasn’t made any difference in my life to be honest.
-
Have a look here: https://www.messenger-matrix.de/messenger-matrix-en.html
I like the comparison and prefer simplex as an replacement to Signal in the Future.
Self hosted Matrix Servers are a good idea aswell if you have the money and knowledge.Xmpp is far lighter on resources and not ran by a company with funding issues.
-
This post did not contain any content.
SimpleX as well!
-
The encryption being crap really does not depend on the threat model. Sure, in some threat models you may not need e2ee at all but in that case, what's wrong with WhatsApp?
The issue with XMPP is that security really was an afterthought. Not only is e2ee an optional extension, but there are actually 2 incompatible extensions, each with multiple versions. Then you have some clients not implementing either, some clients implementing the older, less secure one. Some implement the newer one but older version of the spec with known issues. And of course, the few clients that implement it well become incompatible with other clients that don't if you enable e2ee, so it is disabled by default.
That is all before you start looking into security audits or metadata harvesting.
Your reasoning would hold up if 80% of xmpp wasn't running on Conversations or forks of it, that all support OMEMO and OpenPGP.
Your criticisms are too broad with few serious negatives. What makes extensions powerful is that they can easily change the rules without breaking the underlying system. If your client sucks, get another?
You have choices, but if your problem is metadata, whoooo boy.
Encryption on metadata · Issue #9133 · matrix-org/synapse
Timestamps, emoji reactions, message sender, read receipts, and possibly files are not encrypted in encrypted DMs and rooms. Please have encryption cover all of these things and not just the message itself.
GitHub (github.com)
-
My wishlist is an app which is not linked to a phone number, is multi platform and has a web app. It should be none US and open source. That isn’t too many requirements and yet nothing seems to full fit the bill? Anyway good luck trying to get school parent’s groups to use something other than WhatsApp.
Matrix fits the bill.
Unless you don't like the federated nature.
-
I wish I could do this, but trying to convince people to ditch an app they've never had problems with and where they all have their family, friends, work groups and school groups already mashed together, how do you convince them? Its not even about me convincing my friends or family, its about everyone else doing the same and when everyone has so many contacts in WhatsApp, that number starts to snowball real quick. Its just not feasible to try and explain this to someone who literally doesn't care. I mean even though I myself know what Meta is and how Zuck is complete asshole, I still can't switch off of WhatsApp because nobody I know is on Signal and I'd just be alone there. What's the point? WhatsApp is pretty much the first app anyone installs on their phone (regardless of platform), they're not gonna switch now.
WhatsApp is pretty much the first app anyone installs on their phone
Is this really the case?
Maybe it's a regional thing. I'm in the northeast US, and nearly everyone I know uses Facebook Messenger as their main form of communication, even people who don't touch Facebook at all. I hate Messenger for the same reasons that people hate WhatsApp, but I still have to use it because my entire social circle does. If I want to message someone outside Messenger without giving my phone number out, I use my Google Voice number.
I've only ever used WhatsApp to talk to work contacts overseas, and I've only ever used Signal to talk to paranoid drug dealers, which is a use case that's mostly been replaced by Telegram now.
-
Just ditch WhatsApp. Don't give in to social pressure to install malware on your phone
The problem is there's no one on signal that I want to talk to. So "just ditch the app" isn't actually helpful.
-
My wishlist is an app which is not linked to a phone number, is multi platform and has a web app. It should be none US and open source. That isn’t too many requirements and yet nothing seems to full fit the bill? Anyway good luck trying to get school parent’s groups to use something other than WhatsApp.
XMPP/Jabber via a web client like movim.eu sounds like it ought to work!
You can also look into Snikket as a host for small groups like friends or family, but can continue to use the Movim web client even if you're hosting with Snikket rather than Movim itself.
-
My wishlist is an app which is not linked to a phone number, is multi platform and has a web app. It should be none US and open source. That isn’t too many requirements and yet nothing seems to full fit the bill? Anyway good luck trying to get school parent’s groups to use something other than WhatsApp.
-
SimpleX as well!
IMO the best on-boarding I have seen in a chat app. Just scan each other's QR codes or click a link. No account management because ID is unique to each conversation.
Signal and WhatsApp need a phone number, Matrix/Element is needlessly messy, XMPP/Conversations is sensible IIRC (ID + password)
-
Your reasoning would hold up if 80% of xmpp wasn't running on Conversations or forks of it, that all support OMEMO and OpenPGP.
Your criticisms are too broad with few serious negatives. What makes extensions powerful is that they can easily change the rules without breaking the underlying system. If your client sucks, get another?
You have choices, but if your problem is metadata, whoooo boy.
Encryption on metadata · Issue #9133 · matrix-org/synapse
Timestamps, emoji reactions, message sender, read receipts, and possibly files are not encrypted in encrypted DMs and rooms. Please have encryption cover all of these things and not just the message itself.
GitHub (github.com)
So much cope you didn't even notice no one mentioned matrix. We are comparing XMPP with Signal.
Your reasoning would hold up if 80% of xmpp wasn't running on Conversations or forks of it
Also, you really think saying only 20% of your chats are insecure is somehow making it better?
-
This post did not contain any content.
I will use the opportunity to remind that Signal is operated by a non-profit in the jurisdiction called "the US". This could have implications.
A somewhat more anarchist option might be TOX. There is no single client, TOX is a protocol, you can choose from half a dozen clients. I personally use qTox.
Upside: no phone number required. No questions asked.
Downside: no servers to store and forward messages. You can talk if both parties are online.
-
After Trump was elected and inaugurated, Signal has finally been gaining some steam here in the Netherlands.
It's still an American company, so it's not ideal. But it's still significantly better better than letting a tech giant like Facebook have control over the most commonly used chat app.
WhatsApp needs to go and Signal is the most likely way in which we can achieve that. We can worry about the American elephant in the room later.
America is not a monolith. Signal's developers are very much aware of the risks of operating there and probably already have several escape plans given recent developments. I also think five-eyes probably has access but getting it might be computationally expensive.
-
SimpleX as well!
Just got the app. Really like the idea!
-
Unfortunately the source code is not open
Wrong.
Open Source – Transparency Matters – Threema
The Threema apps are open source. Find out how to download and compile the source code, and learn more about reproducible builds.
Threema (threema.com)
FYI, while Threema front-end clients (apps) are open-source (and offer reproducible builds, which is surprisingly uncommon in open-source land), the server component, though supposedly audited, remains closed-source.
EDIT: for comparison, the Signal server code is mostly open source, but things like the spam filter are closed.
-
This post did not contain any content.
TIL I have no family I care to keep in touch with and I have no friends.
-
I will use the opportunity to remind that Signal is operated by a non-profit in the jurisdiction called "the US". This could have implications.
A somewhat more anarchist option might be TOX. There is no single client, TOX is a protocol, you can choose from half a dozen clients. I personally use qTox.
Upside: no phone number required. No questions asked.
Downside: no servers to store and forward messages. You can talk if both parties are online.
Well yeah we could also use Briar or whatever... but would your grandma?
-
This post did not contain any content.
How do we know signal isn’t also run by a techbro who just wants our data?
