Signal – an ethical replacement for WhatsApp
Technology
193
Beiträge
120
Kommentatoren
0
Aufrufe
-
This post did not contain any content.
SimpleX as well!
-
The encryption being crap really does not depend on the threat model. Sure, in some threat models you may not need e2ee at all but in that case, what's wrong with WhatsApp?
The issue with XMPP is that security really was an afterthought. Not only is e2ee an optional extension, but there are actually 2 incompatible extensions, each with multiple versions. Then you have some clients not implementing either, some clients implementing the older, less secure one. Some implement the newer one but older version of the spec with known issues. And of course, the few clients that implement it well become incompatible with other clients that don't if you enable e2ee, so it is disabled by default.
That is all before you start looking into security audits or metadata harvesting.
Your reasoning would hold up if 80% of xmpp wasn't running on Conversations or forks of it, that all support OMEMO and OpenPGP.
Your criticisms are too broad with few serious negatives. What makes extensions powerful is that they can easily change the rules without breaking the underlying system. If your client sucks, get another?
You have choices, but if your problem is metadata, whoooo boy.
Encryption on metadata · Issue #9133 · matrix-org/synapse
Timestamps, emoji reactions, message sender, read receipts, and possibly files are not encrypted in encrypted DMs and rooms. Please have encryption cover all of these things and not just the message itself.
GitHub (github.com)
-
My wishlist is an app which is not linked to a phone number, is multi platform and has a web app. It should be none US and open source. That isn’t too many requirements and yet nothing seems to full fit the bill? Anyway good luck trying to get school parent’s groups to use something other than WhatsApp.
Matrix fits the bill.
Unless you don't like the federated nature.
-
I wish I could do this, but trying to convince people to ditch an app they've never had problems with and where they all have their family, friends, work groups and school groups already mashed together, how do you convince them? Its not even about me convincing my friends or family, its about everyone else doing the same and when everyone has so many contacts in WhatsApp, that number starts to snowball real quick. Its just not feasible to try and explain this to someone who literally doesn't care. I mean even though I myself know what Meta is and how Zuck is complete asshole, I still can't switch off of WhatsApp because nobody I know is on Signal and I'd just be alone there. What's the point? WhatsApp is pretty much the first app anyone installs on their phone (regardless of platform), they're not gonna switch now.
WhatsApp is pretty much the first app anyone installs on their phone
Is this really the case?
Maybe it's a regional thing. I'm in the northeast US, and nearly everyone I know uses Facebook Messenger as their main form of communication, even people who don't touch Facebook at all. I hate Messenger for the same reasons that people hate WhatsApp, but I still have to use it because my entire social circle does. If I want to message someone outside Messenger without giving my phone number out, I use my Google Voice number.
I've only ever used WhatsApp to talk to work contacts overseas, and I've only ever used Signal to talk to paranoid drug dealers, which is a use case that's mostly been replaced by Telegram now.
-
Just ditch WhatsApp. Don't give in to social pressure to install malware on your phone
The problem is there's no one on signal that I want to talk to. So "just ditch the app" isn't actually helpful.
-
My wishlist is an app which is not linked to a phone number, is multi platform and has a web app. It should be none US and open source. That isn’t too many requirements and yet nothing seems to full fit the bill? Anyway good luck trying to get school parent’s groups to use something other than WhatsApp.
XMPP/Jabber via a web client like movim.eu sounds like it ought to work!
You can also look into Snikket as a host for small groups like friends or family, but can continue to use the Movim web client even if you're hosting with Snikket rather than Movim itself.
-
My wishlist is an app which is not linked to a phone number, is multi platform and has a web app. It should be none US and open source. That isn’t too many requirements and yet nothing seems to full fit the bill? Anyway good luck trying to get school parent’s groups to use something other than WhatsApp.
-
SimpleX as well!
IMO the best on-boarding I have seen in a chat app. Just scan each other's QR codes or click a link. No account management because ID is unique to each conversation.
Signal and WhatsApp need a phone number, Matrix/Element is needlessly messy, XMPP/Conversations is sensible IIRC (ID + password)
-
Your reasoning would hold up if 80% of xmpp wasn't running on Conversations or forks of it, that all support OMEMO and OpenPGP.
Your criticisms are too broad with few serious negatives. What makes extensions powerful is that they can easily change the rules without breaking the underlying system. If your client sucks, get another?
You have choices, but if your problem is metadata, whoooo boy.
Encryption on metadata · Issue #9133 · matrix-org/synapse
Timestamps, emoji reactions, message sender, read receipts, and possibly files are not encrypted in encrypted DMs and rooms. Please have encryption cover all of these things and not just the message itself.
GitHub (github.com)
So much cope you didn't even notice no one mentioned matrix. We are comparing XMPP with Signal.
Your reasoning would hold up if 80% of xmpp wasn't running on Conversations or forks of it
Also, you really think saying only 20% of your chats are insecure is somehow making it better?
-
This post did not contain any content.
I will use the opportunity to remind that Signal is operated by a non-profit in the jurisdiction called "the US". This could have implications.
A somewhat more anarchist option might be TOX. There is no single client, TOX is a protocol, you can choose from half a dozen clients. I personally use qTox.
Upside: no phone number required. No questions asked.
Downside: no servers to store and forward messages. You can talk if both parties are online.
-
After Trump was elected and inaugurated, Signal has finally been gaining some steam here in the Netherlands.
It's still an American company, so it's not ideal. But it's still significantly better better than letting a tech giant like Facebook have control over the most commonly used chat app.
WhatsApp needs to go and Signal is the most likely way in which we can achieve that. We can worry about the American elephant in the room later.
America is not a monolith. Signal's developers are very much aware of the risks of operating there and probably already have several escape plans given recent developments. I also think five-eyes probably has access but getting it might be computationally expensive.
-
SimpleX as well!
Just got the app. Really like the idea!
-
Unfortunately the source code is not open
Wrong.
Open Source – Transparency Matters – Threema
The Threema apps are open source. Find out how to download and compile the source code, and learn more about reproducible builds.
Threema (threema.com)
FYI, while Threema front-end clients (apps) are open-source (and offer reproducible builds, which is surprisingly uncommon in open-source land), the server component, though supposedly audited, remains closed-source.
EDIT: for comparison, the Signal server code is mostly open source, but things like the spam filter are closed.
-
This post did not contain any content.
TIL I have no family I care to keep in touch with and I have no friends.
-
I will use the opportunity to remind that Signal is operated by a non-profit in the jurisdiction called "the US". This could have implications.
A somewhat more anarchist option might be TOX. There is no single client, TOX is a protocol, you can choose from half a dozen clients. I personally use qTox.
Upside: no phone number required. No questions asked.
Downside: no servers to store and forward messages. You can talk if both parties are online.
Well yeah we could also use Briar or whatever... but would your grandma?
-
This post did not contain any content.
How do we know signal isn’t also run by a techbro who just wants our data?
-
I will use the opportunity to remind that Signal is operated by a non-profit in the jurisdiction called "the US". This could have implications.
A somewhat more anarchist option might be TOX. There is no single client, TOX is a protocol, you can choose from half a dozen clients. I personally use qTox.
Upside: no phone number required. No questions asked.
Downside: no servers to store and forward messages. You can talk if both parties are online.
Hell yeah. Tox continues to rock. If anyone wants to chat, HMU, here's my key:
fdd7005639c618263ab2eedab974f7576c7c0ded6217eed9e9dc0344c622e72aeef7055f8b4d
-
SimpleX as well!
The founder of SimpleX is out of his mind. Check yourself: https://xcancel.com/epoberezkin
-
How about Delta Chat? At least as secure as Signal, open source, and decentralized.
Not saying that it's necessarily a bad option, but my biggest issue with delta chat is that it does not offer forward secrecy (if a user's private key is compromised, past messages can be revealed); Signal does. Delta no question beats signal in decentralization, though email is less decentralized than it seems--how many people do you know who still use gmail? Delta also inherently leaks metadata on whom you're communicating with to the email host (that's just imap/smtp). Signal can mitigate this somewhat with Sealed Sender (which gives one-way anonymity), though it can be broken with statistical analysis, and signal metadata is more identifying due to requiring a phone number.
-
Spam isn't a binary issue, where it either exists or doesn't. It could very well be the case that, without requiring a phone number, there'd be far more spam (since it'd be far easier to automatically create new accounts).
Again, do you have a better suggestion for spam & abuse prevention?
And still, aside from that - it doesn't really make sense to expect Signal to offer SMS integration just because it requires a phone number for spam prevention, when offering this integration would be detrimental towards the mission of Signal (offering secure messages).
it does make sense, actually. as they had that function when the app was first around. why do you think they have you sign up with a phone number in the first place?
also, it's not on me to solve every technical hurdle you make up. if you want to learn more about Spam Prevention methods, I can point you to some resources if you're truly interested.
I'm sorry that not everyone thinks Signal is a god app worthy of worship. its a message app, and its not the only one. it does stuff some people don't like. including me.
-
An Alabama City Recommends Changing Its Laws to Accommodate One of the Country’s Largest Proposed Data Centers
Technology
1
-
-
-
The Current System of Online Advertising has Been Ruled Illegal by The Belgian Court of Appeal. Advertising itself is Still Allowed, but not in a Way That Secretly Tracks Everyone’s Behavior.
Technology
1
-
-
Tech Workers, Shareholders, and Civil Society All Call For Big Tech Accountability in Israel’s Genocide against Palestinians
Technology
1
-
-
Mom sues porn sites (Including Chaturbate, Jerkmate, Superporn and Hentaicity) for noncompliance with Kansas age assurance law; Teen can no longer enjoy life after mom caught him visiting Chaturbate
Technology
1
