this post was submitted on 05 Jul 2023
-21 points (37.0% liked)

Technology

59188 readers
2126 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Signal is a centralized app, run by a company. If they are offered enough money or legal threat they will sell out or close.

I am sure people will make an argument that its FOSS and people will just fork it if it goes bad, but a new fork will have 0 users and Signal will still have all of your old contacts. Why not make a switch now? Before it is even more popular and you have more reasons to stay? Why fork it if there are already decentralized apps that use same encryption, like XMPP apps?

Sure you can find flaws in every app, including XMPP implementations, but if we will have to write code for a new Signal fork, why not just fix whatever is that bugs you in XMPP clients?

If you want to use Matrix, that is fine as well, we can always bridge the two open protocols. But you cant bridge Signal if their company doesn't allow it.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -4 points 1 year ago* (last edited 1 year ago) (1 children)

Every non-profit organization I know of was run as a company. Non-profit is for organization, not for people, you can still pay yourself a nice salary and trips around the world, expensive dinners and so on. A lot of non-profits I know of extract every cent from the donors, which are often big companies like Google, by making an invoice for a clearly overpriced service at company owned by their friends, that send them the money back.

Being a nonprofit tex-exempt charity corporation in United States is no defense of their character, their interests, nor their capability to provide a quality service or withstand a legal pressure.

I will be perfectly clear then, you cant trust them and you cant depend on them. Reddit was a good open service once, now its dying, we need to move to Lemmy. Same will go for Signal. They still work with police, still give data such as phone numbers, when you created your account and we have no proof that they are not storing your IP, when you are sending and getting messages (so they can do a timing attack to figure out who you are talking to, if they don't give that info directly).

I don't need proof that they have done something wrong to prove a point that no single entity should be trusted when we have the technology for over 20 years now that makes that unnecessary.

[–] [email protected] 6 points 1 year ago (1 children)

How do I trust a random XMPP server more or as much as I trust Signal to protect my data? You’re telling me if the government comes knocking for metadata on some user on a small server that the owner isn’t going to just give it away? What about anyone else on other connected servers?

You’re asking me to trust someone who hasn’t shown that they’re actively working towards privacy goals vs a centralized solution from a company that’s shown they care about privacy?

Either way, you have to trust someone to take care of your data and I do not trust a small server owner more than an entity that’s proven they do not give information to governments. Gotta pick one of two evils, I guess.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

I never claimed that you should pick a random server. You can pick servers run by groups that have just as good record of privacy or even better or are run by the person you know or yourself.

When you have a decentralized service you can choose who you trust, you are not stuck with one corporation. Picking a completely random server is the worst possible example you could have chosen.

[–] [email protected] 1 points 1 year ago (1 children)

Maybe I’m misunderstanding XMPP but does it not federate? Does it not mean that on top of trusting my home server I have to trust the choice other people made with theirs?

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Why would you need to trust their choice? The only data that is sent from your server to theirs is your username (called JID in xmpp terms) and E2E encrypted message. The worst thing their server can do to yours is to send you a message, if your server decides to pass it on.

[–] Devils69Advocate 1 points 1 year ago (1 children)

Wouldn't you have to trust that they're not logging your IP and/or storing your messages?

[–] [email protected] 1 points 1 year ago

XMPP clients support end to end encryption, so the servers only get encrypted messages. Also unlike Signal, XMPP clients support use of Tor to hide your IP.