33
image

I don’t really like Apple, but once in a while they do the right thing. This comes from the App store’s new labels on apps.

Signal just has “Contact info” under the “Data NOT linked to you” category. This is just the phone number + contact discovery.

UPDATE

There’s another post adding telegram here. This is what it looks like:

Pictogram: WhatsApp vs FB Messenger vs Instagram vs Signal vs Snapchat vs WeChat vs Telegram

Dessalines
admin
link
16
edit-2
9M

Signal has mandatory phone numbers linked to you, which is probably the worst thing for privacy. In most countries phone numbers are tied to your identity, and you can easily find someone’s name and current address with a phone number.

Lets assume that signal is correctly e2ee encrypting message data, but their database can’t encrypt the sender and recipient phone numbers. Its hosted in the US in a centralized place, so we can assume the US government has sender and recipient phone numbers, and message timestamps, and from that can easily build a social graph of connections between people.

You and I can’t even use signal, because you’d have to tell me your phone number, which would give me your full name.

@cruon
link
14
edit-2
8M

(Update: usernames are coming in 2021) As far as I’m concerned from lurking on their community forum over the last year, they’re actively working on it because many privacy advocates share the same feeling, inluding Snowden himself and their plan is to require it for signup (which is reasonable to prevent spam) but leave it as an option when it comes to contact discovery, but who knows, they may not require it all.

I shared your opinion when I first started using Signal, but as months have passed and I’ve been suggesting more people to use Signal and Element, everyone has chosen Signal as their way of communicating with me. When they install Signal, the first thing they point out is the ease of use, the resemblance to WhatsApp, being able to have group calls within the app in both mobile and desktop; in contrast, when they register a Matrix account, they are confused as to how to find me because of the fact that I’m using my personal Matrix homeserver, as well as pointing out how slow the message sending is in the main isntance and how unpolished the UI looks. Also, the fact that I have to use the Jitsi integration for a simple video call and therefore rely on selfhosting another service (Jitsi’s main instance video quality is very poor) is inconvenient IMO.

I’m not trying to argue whether one service is better than the other for anyone’s case, because at the end of the day I know Matrix is far superior if everyone was technically apt. However, that’s not the case with the majority of people, and relying on a phone as an option, which seems to be what Signal is aiming for with all their recent changes on groups and the introduction of PINs, is the best way to go, as people need simple privacy, and Signal is amazing at providing this.

Btw, if anyone’s fond of CLI clients (I believe you are, Dess), here are some for both services:

Dreeg Ocedam
creator
link
89M

Thanks for this. It’s a great explanation of why I recommend Signal more often than Matrix.

@Soaku
link
28M

Honestly Element looks and works so badly it always scares me off. It’s so slow, the formatting is fucked up and the app is very unintuitive.

@gorugorugo
link
1
edit-2
8M

Excellent post, thank you.

I’ve been suggesting more people to use Signal and Element, everyone has chosen Signal as their way of communicating with me.

Same here. I want Matrix to succeed more but the ease of setup for Signal is really the big deal breaker I imagine, plus not having to host or maintain a Matrix instance if you’re truly concerned about data management.

@Nevar
link
7
edit-2
4M

deleted by creator

@pavot
link
2
edit-2
4M

deleted by creator

Dreeg Ocedam
creator
link
69M

sender and recipient phone numbers

Only the recipient actually thanks to sealed sender. So if you’re using a VPN, they can’t build your social graph. There are services that also allow you to create a one time phone number, which you can then secure with a removed so that you Signal identifier doesn’t get taken over by someone else. They are working on making it possible to use usernames instead of phone numbers.

And if you’re using Matrix or something like that, you are still trusting the admins of both instances (sender and receiver) with your metadata (and matrix leaks more metadata than Signal). If you’re running your own small instance, they can easily build your social graph just by monitoring the connection to that instance.

Signal also has a much more straightforward UX, making it usable for non tech-savvy people, which is often overlooked by free software advocates.

They have a ton of very good arguments here. You can also find Matrix’s response.

@cruon
link
49M

Here’s a video of Moxie’s view on decentralization, highly suggest it, great points discussed.

@free_appalachia
link
58M

This is why I favor Matrix, I don’t have to give anybody any info and it would be hard for the government to build a social graph of my contacts if we use VPN’s or Tor to connect.

@xenobottle
link
4
edit-2
8M

afaik matrix stores your data, messages (often unencrypted) on the server you signed up on. signal doesn’t store anything

  • source: i managed a matrix server
Travis Skaalgard
link
49M

That’s my biggest issue with Signal, to be honest. In the US, if you know my phone number, there’s a lot you could do to me.

@xenobottle
link
18M

that’s not actually the case, i read in the signal blog (if i find it i’ll link it) that no metadata travels unencrypted and no metadata is stored on the servers. even in groups, there is no database storing the list of members, as the exchange of keys happens only between devices with zero-knowledge. if all the members of the group reset their phones the group is non-existing anymore as it never was anywhere in the first place.

Dessalines
admin
link
2
edit-2
8M

The signal back end isn’t open source, so the source for that is “trust me bro”. XMPP and matrix back end is fully open source and self-hostable.

no metadata is stored on the servers

They have to store phone numbers, its their primary identifier and routing system.

Its also a single server / cluster all hosted in the US so by definition isn’t secure.

@pavot
link
1
edit-2
4M

deleted by creator

@xenobottle
link
28M

this is against the social graph discovery: https://signal.org/blog/private-contact-discovery/ we are talking about a gem in the privacy landscape, there is no software dedicated like this to privacy at this time

@xenobottle
link
28M

this is about metadata: there are no timestamps https://signal.org/blog/looking-back-as-the-world-moves-forward/

@xenobottle
link
28M
Dessalines
admin
link
18M

That gets linked all the time, even though its just a “proposal”. You don’t know if it works, because the signal back-end is closed source.

@hueyn
link
129M

the sad part is a great amount of people don’t care about privacy at all. they won’t quit any of the zuck-apps.

✨ krawieck ✨
link
69M

you should add telegram to that comparison

Dreeg Ocedam
creator
link
48M

There’s another post adding telegram here. This is what it looks like:

Pictogram: WhatsApp vs FB Messenger vs Instagram vs Signal vs Snapchat vs WeChat vs Telegram

@TheAnonymouseJoker
link
18M

Nice, as much attention we can gather, the better it is :)

rafael
link
69M

That’s interesting. Doesn’t Signal require a phone number to create an account?

Dreeg Ocedam
creator
link
29M

Yes, but that’s just it. They don’t link it to your name (The name you enter is only shared with the people you message, and is encrypted).

They also use your contacts contact discovery, so you can seamlessly start sending Signal messages to you address book. Once again they use the as little info as possible (the phone numbers are hashed). You can have more info about why private contact discovery is hard here and a potential solution here.

This is mentioned in the app store, but under the category “data NOT linked to you”

@AgreeableLandscape
admin
link
6
edit-2
9M

As far as I know, Matrix also has no data linked to you, as long as the federated instances you use and communicate with are running as intended.

Dreeg Ocedam
creator
link
49M

Element's labels

There seems to be a bit more than with Signal. I guess is highly depends on which instance you interact with. Matrix encrypts less metadata than Signal and not all conversations are E2EE.

Dessalines
admin
link
9
edit-2
9M

The difference is that phone numbers are tied to your identity, while email addresses are not (at least if you use an email service that doesn’t require a phone number).

Signal has mandatory phone numbers, matrix has optional ones.

@PyotrGrowpotkin
link
59M

How is telegram holding up here?

Personally Signal seems the best, but I constantly have messages that get delivered like 12 hours late - which is a deal breaker.

@onlooker
link
48M

Not very well. Telegram is not fully open source, E2EE is off by default, they use their own weird cypher, etc.

This thread has some very good suggestions, so if Signal isn’t your cup of tea, I’d suggest taking a look at one of them.

@PyotrGrowpotkin
link
28M

Honestly, if getting people to get a jabber account wasnt such a pain that would still be my go to solution.

None of the other apps really do it for me. I ran matrix/element for a year or two, was way to unstable for daily use and impossible to get friends to migrate.

Signal has the benefit of incorporating SMS as well, but it’s been fairly hit or miss with message delivery for me and some friends.

Telegram works fine but isnt fully open source

@onlooker
link
28M

Yeah, there’s no perfect solution, unfortunately.

If you don’t mind me asking, what issues specifically did you encounter with Element/Matrix? I’m trying to get my friends on Element and was under the impression that it’s good enough? Haven’t used it in a while though, so I could be wrong.

@PyotrGrowpotkin
link
38M

When I used it last the homeserver issues were to frequent. Delays in delivery, service outages etc.

And it was difficult getting more than a couple of friends on board. So it fell to the side for me.

It might be better these days tho, I dunno.

I’m also not overly fond of Electron apps. (I mainly use desktop versions as I dislike smartphones in general;))

@onlooker
link
28M

Oh, I feel you. I hate Electron apps with a fiery passion. Thankfully Element has tons of clients to choose from and if I ever get my friends on it, I will NOT be choosing the default desktop app. Anyway, thanks for the info!

@PyotrGrowpotkin
link
28M

I have toyed around with a couple of the other, actually native, apps. They were pretty nice back then but not really feature complete. I assume that has changed somewhat since I last used it. :)

Dreeg Ocedam
creator
link
39M

Telegram is far far behind Signal. In terms of privacy, it’s not owned by a big Corp but Signal isn’t either, and from a technical perspective, Telegram has pretty no E2EE, while almost everything in Signal is E2E encrypted.

The issue with the messages being delivered late only happens when there are notifications issues too. Check your settings. Also, it seems that when an app isn’t opened for a while, it looses the notifications. I have that issue with element.

@PyotrGrowpotkin
link
49M

when there are notifications issues too. Check your settings.

for what? turn off notifications? thats pretty useless.

It’s happened quite regularly for me, and I mainly use the desktop version.

When I enabled it for SMS as well I missed several important texts for a day or so.

So all in all, I have not really been that impressed with it.

@CodingOtaku
link
6
edit-2
5M

deleted by creator

@PyotrGrowpotkin
link
49M

What I am reading here is that it’s definitely not the app to get my non tech friends to install.

riccardo
link
3
edit-2
8M

Notifications delay is a common issue for every messaging app relying on google’s push notifications, because based on the android specs, manufacturers are allowed to aggressively “battery-optimize” apps relying on FCM for push notifications. WhatsApp is not relying on them for example, and in a lot of cases OEMs specifically whitelist it from aggressive battery optimization. I’ve had this issues with friends that started to use Signal, Telegram, Wire and even Slack and DiScord. They were not receiving messages until I told them how to exclude the apps from aggressive battery optimization. Unfortunately there isn’t a common standard way to do that, but every OEM has its own place in the settings to check (and sometimes it’s more than one). You can refer to https://dontkillmyapp.com/ or to Slack’s help page about this issue, which is quite well explained

Dreeg Ocedam
creator
link
18M

That explains a lot of things. I don’t receive notifications in apps I rarely use, but What’sApp always worked (while other widespread apps didn’t like Discord or Slack). The fact that it’s in an allow-list for this kind of stuff explains it. Fuck What’sApp!

Dreeg Ocedam
creator
link
18M

For me, installing it on the play store worked fine for all of my family and friends.

@PyotrGrowpotkin
link
1
edit-2
8M

deleted by creator

Wasn’t OpenWhisper Systems, the maintainer of Signal, acquired by Twitter?

Dreeg Ocedam
creator
link
58M

According to the timeline on Wikipedia :

  • Whisper Systems was founded by Moxie Marlinspike
  • It was acquired by Twitter
  • Moxie left Twitter and founded Open Whisper Systems
  • Moxie and Brian Acton create the Signal foundation (a non profit) with founding by ex-What’sApp founder Brian Acton (What’sApp had already been bought by facebook).

The foundation is still here and relies on donations, to pay for development and hosting. So what your saying is near the truth (and I wasn’t aware of that actually) but today Signal is a fully independent non-profit.

Thanks, would that explain the change from TextSecure and RedPhone to their merger into Signal?

Dreeg Ocedam
creator
link
28M

You can check out the Timeline on Wikipedia, they did change the name to Signal after merging RedPhone and TextSecure.

Check the signal app settings. The app should be allowed to use any battery it wants etc, many android flavors give it a battery restriction which inhibits signal from working in the background.

@PyotrGrowpotkin
link
18M

And the reason why should that matter for my desktop app is? If my phone is off won’t the desktop app run?

rafael
link
49M

Is this considering the new privacy policy for WhatsApp? If both accounts from WA and FB are linked, then the ‘Data Linked to You’ from WA will be merged with those from FB Messenger, right?

@ufrafecy
link
3
edit-2
5M

deleted by creator

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 25 users / day
  • 91 users / week
  • 191 users / month
  • 614 users / 6 months
  • 3461 subscribers
  • 1871 Posts
  • 8331 Comments
  • Modlog