this post was submitted on 05 Jul 2023
-21 points (37.0% liked)

Technology

59174 readers
2905 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Signal is a centralized app, run by a company. If they are offered enough money or legal threat they will sell out or close.

I am sure people will make an argument that its FOSS and people will just fork it if it goes bad, but a new fork will have 0 users and Signal will still have all of your old contacts. Why not make a switch now? Before it is even more popular and you have more reasons to stay? Why fork it if there are already decentralized apps that use same encryption, like XMPP apps?

Sure you can find flaws in every app, including XMPP implementations, but if we will have to write code for a new Signal fork, why not just fix whatever is that bugs you in XMPP clients?

If you want to use Matrix, that is fine as well, we can always bridge the two open protocols. But you cant bridge Signal if their company doesn't allow it.

top 50 comments
sorted by: hot top controversial new old
[–] fubo 70 points 1 year ago* (last edited 1 year ago) (8 children)

Signal is operated by a nonprofit tax-exempt charity corporation in the United States.

Could you please be more clear about exactly what you are saying here?

Edited: The original poster has provided no evidence for their defamatory statements.

[–] [email protected] 6 points 1 year ago (3 children)

Signal has a single point of failure. If we really want a service that can't be taken away, then we need a free, open source alternative that is impossible for a single entity to control

[–] Mountaineer 20 points 1 year ago (2 children)

That single point of failure is to facilitate ease of use, with minimal reduction in security.
The messages are e2e encrypted and the server is designed in such a way that attempting to listen in would bring it down.
The signal org doesn't even have your address book.

If your concern is "I don't like signal", you're not going to make much traction.

[–] [email protected] 4 points 1 year ago (2 children)

Briar is an app that is just as easy to use, plus you dont need a phone number, so it is easier. Yet it has no point of failure and it was simpler to write. It is P2P, uses tor, you dont get better privacy and security than that.

You dont know what their server is running, you cant prove that. They can release the code, but you have to trust them that they are running that exact code.

Ease of use is an excuse, they have a centralized model. That is a big flaw. There is more to security then E2E, xmpp clients have E2E as well, they use the same algorithm.

[–] AbidanYre 4 points 1 year ago (1 children)

SimpleX also seems pretty promising and is more cross platform than briar. I'm self-hosting a server for my immediate family.

[–] [email protected] 1 points 1 year ago (1 children)

I think XMPP is more well-known than SimpleX, I simply mentioned Briar for the sake of possible ease of use argument over some XMPP clients.

load more comments (1 replies)
[–] Mountaineer 3 points 1 year ago (5 children)

I'm not goin to shit on Briar, I hope they build out their dream.

It's fundamentally not as easy to use.
My Grandma already has a phone with a full addressbook.
If she's told to install Signal, it'll just work as a drop in replacement for iMessage.

Briar meanwhile suggests sharing your contact info using another such as signal: https://briarproject.org/quick-start/#:~:text=When%20you%20choose%20%E2%80%9CAdd%20contact%20at%20a%20distance%E2%80%9D%2C%20Briar,choose%20a%20nickname%20for%20them.

Briar is chasing different goals.

load more comments (5 replies)
[–] [email protected] 3 points 1 year ago

I'm not OP, I'm just explaining.

[–] fubo 9 points 1 year ago (1 children)

Okay. Which one are you building?

[–] [email protected] 2 points 1 year ago

I'm not, I'm just explaining OP's post.

[–] [email protected] 4 points 1 year ago (1 children)

We have that in XMPP and Matrix. The problem is then to talk to people on it they all have to join the server on which you host your build. What if that server goes down? If you pay for hosting you're putting it into the hands of another corporation. If you self-host at home, what if your electricity goes out? Your internet gets cut off? Is everyone you convinced to ditch signal going to be happy and willing to sacrifice their convenience and ability to talk to people they want (or need) to talk to over ideology?

[–] [email protected] 2 points 1 year ago

If we get hit by a big enough solar flare, everyone will be communicating by pigeon again. You make valid points. I haven't actually used XMPP before and only just started with Matrix. I think OP is right that we should keep an eye on alternatives for when/if the time comes.

load more comments (7 replies)
[–] Devils69Advocate 19 points 1 year ago (9 children)

Signal doesn't store your contacts or messages; it's end to end encryption. What are you suggesting they'll "sell out" if offered enough money?

load more comments (9 replies)
[–] [email protected] 8 points 1 year ago (7 children)

Signal was the first app of its kind that I actually found "real" people using it. Most other protocols its coworkers wanting to try out a new app or service. But signal i found a big chunk of my address book already had accounts. Sadly i doubt I'll ever find an app like this with so much non-techie acceptance.

load more comments (7 replies)
[–] [email protected] 5 points 1 year ago

You and everyone else in the fediverse needs to stop with this fanaticism that anything centralized is automatically a bad thing.

[–] [email protected] 5 points 1 year ago (1 children)

I get your point that having anything related to privacy or security under the control of one organization is not ideal. However, risk will always exist and trusting Signal, at this point, seems like a good risk to take. Particularly since there are no practical alternatives right now.

Also, not all organizations are bad or will turn bad eventually. We all have to trust a lot of people for all kinds of purposes. Civilization is built on it. They key is making good decisions about who those people will be.

[–] [email protected] 1 points 1 year ago

I disagree, both about alternatives and about trust. I outlined XMPP (and even matrix) as alternatives in my post. If only popularity is an issue with these alternatives than we have to work on that, to make it popular, that is what this post is for. Just like Lemmy had few users once, XMPP and matrix are not as big as Signal. But their design is better and their use should be encouraged. I don't think that trusting a single entity, such as Signal is something we have to do. Trust should be only depended on if there is no way to build a system without or less of it. It is better to fight for it now, since Signal use can eventually grow and make it harder to switch. We can debate over likeliness of this corporation being good forever, even when it's current members are replaced (due to old age if nothing else), but I think it is easier to debate over their capability to be good if they are under pressure of US security agencies. Even if they are willing to risk their freedom (and their lives) for their users, they can't stop the government of shutting them down. The state has killed people for far less over the years.

[–] Yoz 3 points 1 year ago (1 children)

You can use Molly. I think its a fork of signal and used by many. Its on Droidify , not sure which repo.

load more comments (1 replies)
[–] [email protected] 2 points 1 year ago (1 children)

From what I've seen of the people in charge of Signal- they'd probably close before they sell out.

That said, you make a very good point. Having all the registered users in one place, is a vulnerability. A great many of us have non technical friends/partners/siblings/coworkers/etc; and encouraging them to use ANYTHING new is pulling teeth. So Signal is great, but it's still eggs in one basket- if they do something user-unfriendly or sell out or close, we are back to square one in begging/pleading/cajoling people to (please) try this (much better) app.

I've also lost a few people who used Signal over one stupid problem- the iOS version has no backup/restore function. If you lose your phone, or uninstall the app, all your saved chats are gone and there's no way to get them back. Android version at least has a useful backup/restore.

[–] [email protected] 2 points 1 year ago (5 children)

Exactly my point is that if it closes we will have to push for new apps anyway and it is better to do it now, before more users potentially use SIgnal and are left without their app.

load more comments (5 replies)
[–] [email protected] 2 points 1 year ago (2 children)

Doesn’t XMPP collect hella metadata unlike Signal?

[–] [email protected] 4 points 1 year ago (1 children)

There is no one to "collect" this data. You do have to trust the servers that others are on, since its federated, which is the issue with all services.

[–] [email protected] 1 points 1 year ago (2 children)

I think that’s where I’m icky about it. I don’t know that I trust other servers more than I trust Signal. Which, I mean, is not great to say given that in a perfect world I would rather not rely on one organization to keep my “data” private - but hey.

I don’t mind so much on Lemmy or Mastodon because I’m not looking for privacy but if encryption is the main selling point of something, a random XMPP instance doesn’t really inspire confidence at the moment. But hey maybe that’ll change in the future and XMPP will require less metadata to work.

[–] [email protected] 1 points 1 year ago

That is THE ISSUE with email. I can secure my server all i want but when you use Gmail and they hand over the keys to whomever they want i get screwed.

As for XMPP security, you have to do e2e a layer above. Use XMPP or any other protocol and encrypt the messages you send. The catch is that you need to always encrypt everything so that your Happy Birthday to your Grandma is just as unintelligible as your secret bank pin yoh send me to get you bail money. At that point the meta data is useless as we don't really know who gets important messages and who doesn't.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

You can pick servers run by groups that have just as good record of privacy or even better or are run by the person you know or yourself.

When you have a decentralized service you can choose who you trust, you are not stuck with one corporation. Picking a completely random server is the worst possible example you could have chosen.

[–] [email protected] 2 points 1 year ago

XMPP is decentralized, you can run your own server. In open decentralized protocols, such issues are resolved by design. Further more most XMPP servers don't require a phone number, why would they, unlike Signal.

[–] [email protected] 2 points 1 year ago (1 children)

You don't understand how FOSS works. If signal "sells out" we just take a fork of the repo before the sell out and continue building the private app we love. Also signal uses no central server for your content. It's device to device, if they sold out right now all they would have is a list of users, but no conversations.

load more comments (1 replies)
[–] [email protected] 1 points 1 year ago (1 children)

Are you suggesting any alternatives? Most of the ones I have tried are either too technical or too much effort for everyone I know so I have nobody to talk to outside of signal and plain sms

[–] [email protected] 1 points 1 year ago

I suggested XMPP in my original post. It is hard, but still will take just few minutes, for a lifetime of solved privacy and centralization issues. Unlike centralized apps, decentralized networks don't really die, just look at email. XMPP is over 20 years old and will live for 20 more, few minutes spent to set it up is well worth it.

load more comments
view more: next ›