this post was submitted on 21 Sep 2021

22 points (64.5% liked)

Asklemmy

42527 readers

1103 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
[email protected]: a community for finding communities

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago

MODERATORS

[email protected]

How to share confidential information? (lemmy.ml)

submitted 2 years ago by [email protected] to c/[email protected]

33 comments fedilink hide all child comments

I'm using Signal, but after I found out that it's not as privacy-friendly as it claims, I'm uneasy about sharing my address there. I trust the person who asked for my address, but not the service. What's a safe way to share? I was thinking of something like a self-destructing pastebin, but surely you have better ideas.

top 29 comments

sorted by: hot top controversial new old

[–] [email protected] 37 points 2 years ago (1 children)

Which of Signals privacy claims are false?

[+] [email protected] -21 points 2 years ago (3 children)

Pretty much everything about it is unverifiable, because its a centralized service and you ultimately don't know what the server is running. Contrast that with self-hostable apps which must pass verifiability checks, because people can host their own instance.

[–] [email protected] 32 points 2 years ago (1 children)

Clients are open source. Independent clients exists and they work. So the server must kind of do what signal claims, otherwise those devs would notice.

[–] shrugal 28 points 11 months ago* (last edited 11 months ago)

This is suspicion on the level of "you can't be sure reality didn't just pop into existence 10 seconds ago". You can never be 100% sure of what others are doing on their hardware, or of anything really, especially if other people are involved. Your chat partners could leak all your chats and metadata for all you know!

What we do know is that Signal is operated by a non-profit foundation, their client and protocol are open source and considered the gold standard for privacy by pretty much every expert on the subject, they had multiple independent audits and a very good track record, they were subpoenaed and couldn't comply because they didn't have the requested data. That's about as good as you can get.

[–] [email protected] 24 points 11 months ago (1 children)

Matrix and even Signal you reject for some reason work fine with no one being able to see the content of your message except the one you sent it to.

[–] JDubbleu 52 points 11 months ago* (last edited 11 months ago)

I've never heard anyone other than OP have any privacy concerns over Signal. Their encryption method is rock-solid, and they win the award for best response to a government subpoena

[–] ultranaut 15 points 11 months ago (1 children)

https://bitwarden.com/products/send/

[–] grabyourmotherskeys 6 points 11 months ago (1 children)

I have been using bw for years and never occurred to me to click on send. I thought it was for sharing passwords or something.

[–] Trapping5341 6 points 11 months ago

I mean it can be. You can put anything you want there and send it on it's way

[–] [email protected] 15 points 11 months ago

Signal is trustworthy

[–] [email protected] 7 points 11 months ago* (last edited 11 months ago)

I guess you can use wormhole to transport the data to your peer, and if you're extra paranoid encrypt it asymmetrically with something like age.

Then again you can just encrypt it with age and send it over Signal. There should be no risk involved in sharing public keys even if you don't trust their servers.

[–] EuroNutellaMan 5 points 11 months ago (1 children)

Unrelated but how did a ~1 year old post get in my hot frontpage

[–] [email protected] 9 points 11 months ago (1 children)

A Lemmy bug that surfaces old posts on "Hot" coupled with a bunch of recent comments actually making it hot.

[–] [email protected] 5 points 11 months ago* (last edited 11 months ago)

That makes me think it's simply not using the post's timestamp like it is supposed to, so it is working like Active or New Comments.

[–] [email protected] 5 points 2 years ago

Use briar.

[–] shrugal 3 points 11 months ago

Here is a good resource for these kinds of questions: https://www.privacyguides.org/en/tools/

[–] [email protected] 3 points 11 months ago

https://1ty.me would be described as a "self-destruting pastebin." I'd generally be careful about what you can put in there (e.g. put partial information in it with no context) but it seems to do the job.

But the real answer is probably PGP/GPG.

[–] [email protected] 3 points 11 months ago

When I need extreme security and privacy, I use qTox

[–] [email protected] 2 points 11 months ago

XMPP / Jabber with OMEMO encryption. Lots of free servers and clients.

[–] latca 2 points 11 months ago

You can both get PGP, exchange public keys and send encrypted text with whatever service you want.

[–] LazaroFilm 1 points 11 months ago

The cloud is just someone else’s computer. If you want real privacy self host it. Raspberry Pi are cheap again.

load more comments