• gravity
      link
      fedilink
      arrow-up
      5
      ·
      5 years ago

      This, centralization, requires phone number, and being USA based. But… personally, I don’t see Signal as an alternative to decentralized, foss chatting platforms. I see Signal as a replacement for SMS/MMS. I think everyone should be using it as their default SMS/MMS app instead of just a stock SMS/MMS app. It can send and receive SMS/MMS, so you do not need a separate app for family members or friends who are stubborn and don’t want to use it, but also can talk to other people who you have on Signal encrypted. And then you can use a seperate app for truly private communications, decentralized, foss, e2ee, etc. that Signal fails at being. Now I am not excusing the fact that Signal is USA based or centralized, I think centralization seems to go hand in hand with SMS/MMS so personally I am ok with that tradeoff. It being based in the USA though, that is concerning to me. But I’d much prefer using it, and getting family and friends on it, then using essentially plaintext SMS/MMS for everything. It’s extremely easy to use and activate, and not confusing even for the boomers in the family. Imo, this is what a lot of decentralized alternatives fail at. Also it does require your phone number, but again I see this as a plus in the sense of a SMS/MMS replacement. I would never be giving out Signal to people I want to talk to online, as I’d be giving out my phone number, and even when they implement usernames, there’d be no point imo as just using a decentralized alternative is the way to go at that point. Use Signal, replace your stock SMS/MMS app with it. Try to get family & friends on it. For any online friends, people who you don’t want to give your number to, or need truly serious privacy/anonymity, pick a decentralized, foss, alternative and stick with that.

      • speedmaker_5
        link
        fedilink
        arrow-up
        1
        ·
        5 years ago

        which ‘truly private […], decentralized, foss, e2ee’ communication method do you prefer?

        • gravity
          link
          fedilink
          arrow-up
          1
          ·
          4 years ago

          It would depend on my use case, I would take into consideration XMPP, Jami, Briar, Self-hosted Mumble, Jitsi, Rocketchat, Self-hosted IRC. Not all are exactly decentralized and e2ee, a handful are, but those are just what I’d personally consider. Some have different use cases. Some are easier to use than others, for example I’d probably not invite normie friends to IRC, but would consider the other options. Some may not be the best for group voice chat, Mumble is my preference, although not e2ee, it is encrypted. I wouldn’t completely trust unless it was a self-hosted server or I trusted the hoster. Do some research and choose what works best for you and fits your needs.

        • gravity
          link
          fedilink
          arrow-up
          3
          ·
          5 years ago

          Not sure off hand, I don’t really consider this a major issue but idk it might detect if they uninstall the app. I’ve never had someone uninstall the app. At the very least the message sends unencrypted and you will see it sent unencrypted.

            • dpreacher
              link
              fedilink
              arrow-up
              2
              ·
              5 years ago

              deleting app does not delete account on any online service. reason why people are still messaging me on whatsapp and i am calling people on Duo and we are all waiting endlessly. some services like Telegram, Whatsapp (I probably didn’t cover it) etc. have a default inactive account cleanup schedule…not sure about Signal.

            • gravity
              link
              fedilink
              arrow-up
              2
              ·
              5 years ago

              Not entirely sure as I said, I understand where you’re coming from. I’d still rather people use Signal than not at all, but yeah I see the issue here. Maybe try opening an ticket on their forums and you’d get better responses. https://community.signalusers.org/

        • DessalinesA
          link
          fedilink
          arrow-up
          9
          ·
          5 years ago

          :index pointing up: . My problem with signal isn’t necessarily that its encryption is broken, but that it uses phone number identifiers, which in most countries are 100% linked to your identity (and cost money too). Since signal is US based, we have to assume its DB is compromised, so they might not be able to see message content, but they can certainly see connections between people, and timestamps, building social graphs that way.

          You and I can’t even use signal, unless you wanted to tell me your phone number, so its also useless as general-purpose online communication.

          • cipherpunk
            link
            fedilink
            arrow-up
            7
            arrow-down
            1
            ·
            edit-2
            5 years ago

            Bingo. Not to mention that people without mobile phones (either by choice or by poverty) are excluded from contacting friends through Signal. The absurdly reckless mandate to get a mobile phone and share the ph# with OWS is what inspired this issue:

            https://github.com/privacytoolsIO/privacytools.io/issues/779

            which grew into something quite large. Something like requiring a mobile phone is so fundamentally indicative of an organization with little regard for privacy that you can easily expect to find other issues. Once you take a close look at it, the red flags are like mushrooms (after spotting the first one you start to see there are many clustered in the same area). And there are many mass surveillance vectors with OWS Signal. PrivacyTools and PRISM Break continue to lead ppl astray by sending them to Signal.

          • dpreacher
            link
            fedilink
            arrow-up
            3
            ·
            5 years ago

            absolutely agree with that last line. My friends on Wire still remain on Wire as I can’t/won’t give my phone number to add them on Signal. #sorry

          • jbrown
            link
            fedilink
            arrow-up
            3
            ·
            5 years ago

            You and I can’t even use signal, unless you wanted to tell me your phone number, so its also useless as general-purpose online communication.

            Usernames as secondary identifiers are being rolled out so this is no longer true.

            “Usernames on Signal are optional. If you choose to create a username other Signal users will be able to find you by this username and contact you without knowing your phone number.” -Pointed out from dev commits on signal forum https://community.signalusers.org/t/signal-introducing-usernames/9157/3

            • DessalinesA
              link
              fedilink
              arrow-up
              1
              ·
              5 years ago

              It’d definitely be a good thing if they added this, but they’re kinda late to have this as an afterthought. Matrix / riot being federated, self hostable, and e2ee capable, is pretty much the future of comms.

              • renor
                link
                fedilink
                arrow-up
                3
                ·
                5 years ago

                The metadata that needs to be shared on decentralised services is a lot and Riot/Matrix shares a lot of it. If you seek for anonimity and privacy this is not the best, you will always have to trust your instance admin. I too think that Riot/Matrix is the future but not for Anonimity. Only IM who has achieved not sharing metadata being decentralised is Session with the onion routing used when messaging.

              • jbrown
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                5 years ago

                Matrix / riot being federated, self hostable, and e2ee capable, is pretty much the future of comms.

                I think that’s overly hopeful. Webrtc dependent sollutions can’t be reliably used over TOR and most major VPNs. Being self hostable is definitely a plus, but from the perspective of the communication protocols themselves Matrix is outclassed in both usability and call/message security.

    • renor
      link
      fedilink
      arrow-up
      1
      arrow-down
      4
      ·
      5 years ago

      Server builds are replicable. So it’s not a problem beig hosted on AWS. Don’t spread misinformation. Sealed sender reduces metadata, so Signal along with Session are the two IMs that share the least metadata.

      • cipherpunk
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        5 years ago

        You’re neglecting the elephant in the room. AWS is an Amazon service. Even if you can fully trust the sealed sender mechanism, you certainly cannot stop OWS from paying money to Amazon.

        Amazon is a notorious privacy abuser who has pushed surveillance into homes and neighborhoods by way of Alexa and Ring. Amazon has made an astronomical investment in facial recognition technology that’s used to abuse the privacy of countless people globally.

        When you feed a vendor or service that feeds Amazon (e.g. Open Whisper Systems “Signal”), you are contributing to privacy abuse.