this post was submitted on 17 Jun 2023
14 points (66.7% liked)

Privacy

31609 readers
180 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

We as a community must stop recommending Signal. For far too long we have blindly followed this app without a second thought. It has created a cult of followers, when there are much better apps out there for us to use.

https://archive.is/Lhe24 archive for the essay

This essay was posted to r/Privacy and subsequently removed and censored for literally No Reason. This is honestly really scary: https://old.reddit.com/r/privacy/comments/wj5svi/signal_messenger_revealed_to_have_cia_ties_funded/ https://archive.ph/FZr1d

I am seriously hoping we can have a discussion about this on lemmy. @TheAnonymouseJoker , I know you from r/PrivateLife, and thought you'd be the one to go to about this. Thanks for being open in the past and not bowing to the inner circle of reddit cringelords.

I also am preparing an essay of my own about a complicit honeypot-ish web going on between Signal, Skiff, r/Privacy, r/PrivacyGuides, etc. They have a crazy little cabal that is very creepy. Any materials are welcome. Every time i turn over a stone i find two more. More to come.

top 44 comments
sorted by: hot top controversial new old
[–] [email protected] 26 points 1 year ago (2 children)

Governments routinely fund the development of secure and open communication systems because they themselves benefit from having such communication tools which can be trusted. By the logic presented in this "essay", one shouldn't be using the internet at all. What you need to check is whether Signal's technical claims about its encryption is true or not. There is nothing in this article that raises any question on Signal's encryption. We already know how much data Signal has on its users through their responses to various legal subpoenas over the years (spoiler: its pretty much nothing).

Here are some cool links for you to check out:
https://signal.org/bigbrother/
https://www.aclu.org/news/national-security/new-documents-reveal-government-effort-impose-secrecy-encryption

[–] [email protected] 3 points 1 year ago (2 children)

Thanks, was about to post the same. I have no emotional attachment to signal, but I haven't seen a real reason why I shouldn't be using it anymore. At least from a security point of view. It works very reliably for years now and does most of the things i expect from it.

[–] [email protected] 1 points 1 year ago

When Signal is compromised or compelled, you won't know it happened. It may have happened already.

[–] Unlucky_Boot3467 -4 points 1 year ago (2 children)

The dodge-and-cope is real lol

[–] [email protected] 1 points 1 year ago

What? Didnt you just dodge-and-cope? 💀

[–] [email protected] -2 points 1 year ago

Looking from your response to my comment, it certainly looks like it!

[–] [email protected] 12 points 1 year ago (1 children)

How exactly is Signal anti-FOSS? This might have been a problem before (the article is from 2021) but I checked the Github link in the article and the server was updated 18 hours ago with frequent updates this year alone. I also find the source of funding argument to be pretty flimsy. Though I do agree with the conclusion that federated alternatives are better for privacy. For my personal threat model Signal is fine for me.

No hate though, it's an interesting read, I'd like to see more discussions like this.

[–] Unlucky_Boot3467 3 points 1 year ago (1 children)

They are extremely begrudging when it comes to providing a fully FOSS apk. They push really hard for their app to be pulled from Google's servers and refuse to do an F-Droid build or even set up their own instance where they can push whatever they want.

[–] [email protected] 0 points 1 year ago (3 children)

There are legitimate reasons for not wanting to use Fdroid and their builds are apparently reproducible, not sure what you mean about not being fully FOSS either. https://signal.org/blog/reproducible-android/

[–] [email protected] 1 points 1 year ago (2 children)

There are legitimate reasons for not wanting to use Fdroid

Such as?

[–] [email protected] 2 points 1 year ago

Some developers don't like their key signing process.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

The security risk their signing process introduces. My guess would be Signal wants a 0% chance of a malicious client being distributed, hence why they only allow direct apk downloads (which self-updates, essentially making an F Droid build obsolete) and Google Play. I would also guess this is why Signal only packages a deb package (if anyone knows a better way to run Signal desktop on fedora [besides the flatpak] than my current solution of spinning up a Mint Virtual Machine [maybe distrobox?] please let me know!) and literally has no official support for rpm based distributions.

[–] [email protected] 1 points 1 year ago

The client app is FOSS other than the Google blob for notifications. The server SW is partly closed source because they say that is needed to prevent spammers.

[–] Unlucky_Boot3467 1 points 1 year ago

cope. all they need to do is set up an F-Droid. typical that this is still isn't answered, as usual

[–] [email protected] 6 points 1 year ago (1 children)

@Unlucky_Boot3467 This is an interesting read for sure, but I see no concrete evidence in the essay that suggests that Signal is insecure. Signal was never anonymous; users who have Signal accounts (myself included) are well aware that their Signal ID is tied to their phone number. If Signal were not offering the E2EE promised, that would be huge... but nothing in the evidence or the article suggests that that this the case.

To be sure, I think Matrix great. But I have to wonder at the agenda behind the article... indirect initial funding from the US government at the outset, even absent malfeasance on Signal's part, is bad, while direct current endorsement of Matrix by the French government is... good? to be clear, I consider neither problematic on their own, but there doesn't appear to be much in the way of logic behind that reasoning.

Overall, I'd like to see us move away from centralized control of communication.. and Matrix might in fact be that eventual solution. But that doesn't mean that Signal isn't safe for those who understand that it is not, generally speaking, anonymous to use.

[–] Unlucky_Boot3467 -2 points 1 year ago (1 children)

To be sure, your messages won't be read from the server, but that's not the point. There's way more going on.

[–] [email protected] 2 points 1 year ago

There's nothing going on that isn't already documented. If it doesn't fit someone's use case, that's fine... but the lack of anonymity doesn't make Signal a bad choice if one understands that it isn't anonymous, but private.

[–] pabloscloud 5 points 1 year ago (3 children)

Ok, so what is better with other apps and why shouldn't one recommend signal over the apps people use (say Whatsapp, telegram)

[–] [email protected] 6 points 1 year ago (4 children)

OP linked a whole essay about the second part of your question.

An alternative would be matrix, which can be used with the elements app on your phone.

[–] [email protected] 7 points 1 year ago (1 children)

Matrix, where it’s ambiguous if you’re sending encrypted or unencrypted messages, disappearing and view once messages aren’t really a thing, and the server logs all metatata. Much better than signal.

[–] [email protected] 1 points 1 year ago

To be fair, all of that stuff can be controlled by the server host. Too bad you have to be the server host to be sure.

[–] [email protected] 1 points 1 year ago (1 children)

Doesn't matrix massively inncrease the number of entities you have to trust with the data and so more places it could be attacked? I. E. Kind of like RAID0 your places for something to go wrong in the message routing and storage.

Matrix seems way more like a Discord alternative where you are doing public group chats vs like xmpp or signal point to point sms sort of chat.

[–] [email protected] -1 points 1 year ago

I have no idea about the technical details tbh, I just use it for one specific thing where people are involved who boycott signal and say it's safer.

[–] pabloscloud 1 points 1 year ago

Sorry, I only clicked the archive link but that's the broken one 😂

[–] pabloscloud 1 points 1 year ago* (last edited 1 year ago)

And also fluffychat has a much better ui in my opinion

[–] [email protected] 2 points 1 year ago

Even if Signal might be better for those people's current threat model, people's habits are hard to change. Good luck getting them onto a better decentralized protocol later. Most people will not take the time to understand the importance of decentralization and think we are just making their lives difficult. I regret getting people onto Signal mainly for this reason.

[–] Unlucky_Boot3467 -2 points 1 year ago (1 children)

It's up to you, but you gotta ask yourself. Do you want to use a messaging app that forces Google, phone numbers, and has ties to the CIA? No thanks! Also, anyone with access to your text messages can take over your Signal account. Including the Feds ofc

[–] pabloscloud 1 points 1 year ago (1 children)

How does it force google? It's about to implement usernames. Didn't know the CIA stuff. Nah, they can't they also need to have access to my unlocked phone in order to transfer messages.

[–] rms1990 1 points 1 year ago (1 children)

Have you read about PRISIM?

[–] pabloscloud 1 points 1 year ago

Not sure, I think I heard it but forgot

[–] [email protected] 3 points 1 year ago (2 children)

Thank you for posting archive links

[–] [email protected] 2 points 1 year ago

Lmao you're getting downvotes for the most innocuous possible comment.

[–] Unlucky_Boot3467 1 points 1 year ago

No problem. I wanna make sure they can't delete anything. Save PDFs of all top tier webpages and essays too!

[–] [email protected] 3 points 1 year ago (2 children)

Signal haters are back. I skimmed it and didn’t see anything remotely convincing or new. I was hoping this lemmy community wouldn’t turn into quite the level of deranged conspiracy posting as the subreddit of the same name, but it looks like that may not be the case.

[–] ghariksforge 1 points 1 year ago

Signal lost my trust when they stopped updating their server side code while actively bashing other apps like Telegram for not sharing server side code.

Also the fact that Signal is not on F-Droid is highly disturbing.

[–] Unlucky_Boot3467 0 points 1 year ago (2 children)

The evidence is all there. It's ironic that the negative association of the word "conspiracy" was actually pushed by the CIA and their cohorts, and is used on other words too, to cause your mind to instantly recoil is disassociate yourself from it.

Just try it. Say "I'm a conspiracy theorist" out loud in front of people, and felt the fear instantly take over as you try to mentally remove yourself from it. That's called brainwashing.

But people like you do their bidding and perpetuate the weaponization of "evil" sounding words.

[–] [email protected] 2 points 1 year ago

What a weird response, three paragraphs and absolutely 0 relevant information.

load more comments
view more: next ›