trash
27
poVoq
link
12
edit-2
1Y

People consider way to little under what jurisdiction the developers and servers are. Even if Signal was fine right now, them being under US law, is a total no-go for anyone not living there (zero rights for non-citizen) and it would be trivial for the NSA to force Signal to intercept more meta data etc. even with a gag order.

Matrix.org is AFAIK based in the UK, which is nearly as bad, especially now with Brexit. And self-hosting while avoiding any connections with the main instance is nearly impossible.

If you insist on a centralized platform and are a EU citizen, then Threema is probably the best option, now that they open-sourced their clients. For non-EU & non-US, I guess Telegram (Doha based, but servers on US cloud providers AFAIK). I think for east Asia (other than China), LINE would do (Japan/South Korea based).

But IMHO, by far the best option is to selfhost XMPP or sign up with a local community run XMPP server.

@je_vv
link
2
edit-2
1M

deleted by creator

Travis Skaalgard
link
111Y

I use Telegram and Signal. Telegram is the most like WhatsApp, but Signal is a little better for privacy.

@marmulak
link
81Y

If you use Android then Conversations is probably your best choice. Some people won’t use it because it requires them to create an XMPP account on some server, which apparently is too much trouble. Signal is more appropriate for normies who just want to open an app and have it work like WhatsApp out of the box. (It supports iOS as well.)

poVoq
link
5
edit-2
1Y

There is blabber.im, which uses a fork of Conversations and also runs a federating XMPP server: https://blabber.im/ Or if you want phone number linking there is: https://quicksy.im/ from the original Conversations developer.

@Lowey
link
61Y

Short answer Signal: https://signal.org/download

poVoq
link
6
edit-2
1Y

It really isn’t, just read the below messages.

Switching from WhatsApp to Signal, while being an improvement in the short term, is in the end the same story. You are still stuck in a centralized walled garden that falls under US jurisdiction and has clients that are controlled externally (and thus it is trivial for US intelligence services to force the Signal Foundation to push an update that kills all the privacy features without you ever knowing).

Edit: Probably FUD, but I wouldn’t be surprised if Signal is used as a honeypot by the NSA already. They did a similar game with a Swiss encryption product company for decades. And as much as I like Snowden, he is still very much a US intellgence service insider and can’t be fully trusted when it comes to recommendations for non-US citizens.

@gorugorugo
link
21Y

I use Signal to chat with my friends and family.

  • I like the fact that it’s E2EE

  • I like that it’s very easy to signup with a simple download, install, text code confirm.

  • I like the UI to an extent, it has nice features and looks nice enough. Text is text, pictures are pictures… we don’t need to obsess with “the shiny”.

  • I do not like that it’s hosted in the US

  • I do not like that it requires a phone number (for now)

  • I do not like that the servers are centralized, that the devs do not take decentralization into consideration, and that they are aggressive against alternative clients using their backend (which I am somewhat understandable on, servers ain’t cheap)

Which is why there are alternatives like Matrix, Session, and lots of others; however:

  • Matrix requires a bit more from the user to signup, such as username and email. This arguably is less worse than a phone number (although temporary or one-time phone numbers are available).

  • There’s also some shared disappointment around the web with the standard Element UI, can’t necessarily back those claims up though.

  • And to be really secure, you’d probably want to self-host a Matrix instance, which requires considerably more time, resources and effort to maintain, especially if you have poor internet at home, and feel that renting a VPS off-site would perhaps defeat the purpose of self-hosting (as I do).

  • Session is backed and developed by an Australian based company, which should immediately raise alarms for anyone familiar with Australia’s crazy backdoor encryption law [1] [2]

Obviously this is all personal anecdotes, my bottom line being that Signal is not perfect, far from it, but if you’re using Whatsapp, now is probably the easiest time to shift your contact groups off. It’s an equivalent that’s far better, while still having some usage pains.

If anyone wants sourcing on any of the above claims, please reply or otherwise offer a source up. I know they’re out there, I don’t have the energy right now for it. I do not intend to lie.

[1] [2]

poVoq
link
2
edit-2
1Y

that they are aggressive against alternative clients using their backend (which I am somewhat understandable on, servers ain’t cheap)

This argument is very weak IMHO, as Signal is a free app and anyone using it with a 3rd party client puts the same load on the servers as someone signing up for free. They do also say that having only a first party client allows them to quickly and easily change and innovate, but then why are they hostile to 3rd parties compiling and distributing the first party app?

If you think about it a bit more closely, then it becomes apparent that by forcing everyone to only use the 1st party client and distribution channel, they can keep control of the app and change it freely without most people noticing, especially if a modified version is only pushed to certain individual devices. And maybe I am a bit paranoid, but that is exactly how an intelligence service would operate in order to compromise the communication of selected individuals.

PS.: You should rather compare it to XMPP with the Conversations client (or the fork blabber.im). Works great, is fully e2ee and has a UI and functionality very similar to WhatsApp or Signal. And you can easily get it from Fdroid or compile it yourself, so the risk of the developers messing with the binaries is minimal.

Rugged Raccoon
link
11Y

they can keep control of the app and change it freely without most people noticing, especially if a modified version is only pushed to certain individual devices.

Is it possible though? like Google Play updates the modified app only for certain individual devices

poVoq
link
11Y

Sure that is easily possible. They can also push an update to everyone and a slightly modified version the same time only to certain devices.

In fact if this is still true then Google could even dynamically push a exploit into Signal without an update to the app itself.

@gorugorugo
link
11Y

Thank you for this reply, I did not consider that. The small unseen changes due to forced use of a single client. I always want to use a decentralized platform if I can which is why Fediverses are so nice, but my friends are not as keen. Signal is the gap for now

@Lowey
link
110M

Android builds are reproducible builds(download from website). As such I can be sure I get what it says, as for US jurisdiction I think it has been published extensively that they were only able to give account creation and deletion date.

​@
link
31Y

Seems like https://www.privacytools.io/software/real-time-communication/ recommends only Signal if you want a centralized service.

jacques malchance
link
31Y

Signal seems to be the ideal replacement for WhatsApp at the moment. It would be fairly simple to get someone to install it if they want to switch. I am going to attempt to get my mother to switch in the coming weeks.

Element/Matrix would be my choice but I would bet my life savings and first born son that I would never be able to get more than one person to switch.

Just as a side note/side question: RE: the upcoming changes to WhatsApp, what will be the deal in Europe? I did see that the changes won’t be the same, will there be any changes made at all for European users?

@PyotrGrowpotkin
link
61Y

Element/Matrix would be my choice but I would bet my life savings and first born son that I would never be able to get more than one person to switch.

That was my exact experience. I got two people. Both left.

@TheAnonymouseJoker
mod
link
31Y

One person asked me this on reddit in comments. Read comments here https://teddit.net/r/privatelife/comments/krr7gf/writeup_dissecting_massive_whatsapp_privacy/

@soloninja
link
210M

element / matrix is usually a good one. it is similar to discord in a way

@TheAnonymouseJoker
mod
link
2
edit-2
1Y

Favourite answer: Signal for personal chats and Telegram for public groups and public chat boards

Honest answer: keep WhatsApp to have an open presence in social public sphere, devoid of permissions except contacts, but use Signal for personal and sensitive chats

If you want to read more, read conclusion part in my writeup: https://lemmy.ml/post/46726

@e44nbe4
link
3
edit-2
1Y

deleted by creator

@TheAnonymouseJoker
mod
link
-2
edit-2
1Y

WhatsApp for some people can be integral to participation in academia (schools or colleges) or businesses. For them getting rid of WhatsApp is work suicide, hence the advice.

@e44nbe4
link
1
edit-2
1Y

deleted by creator

@AgreeableLandscape
admin
link
1
edit-2
1Y

I’m a student, ALL my friends use WhatsApp, you want to talk with me? Signal.

I wish I could do this. Facebook Messenger group chat is the platform of choice for organizing group projects at my university, and obviously I can’t refuse to communicate with classmates for assignments. I tried suggesting other platforms but practically no one is interested. Other communication, I direct them to email or Matrix.

@TheAnonymouseJoker
mod
link
11Y

Personal chats is surely fine on other secure messengers, which is what my own OPSEC is. What I meant was that universities and schools have their groups for notes and announcements on WhatsApp, and one would not like to miss out on that essential information.

QuentinCallaghan
link
2
edit-2
1Y

I like Telegram mainly because of the many features and larger userbase.

Rugged Raccoon
link
11Y

The only thing that Signal seems to ask for is the phone number. But, in terms of privacy, do they collect any other metadata and can the phone number be linked back to device or the user externally?

@kitsunekun
link
-21Y

I’d suggest you try Threema or Telegram. I personally use both but have more trust in Threema overall.

https://threema.ch/en/blog/posts/messenger-comparison-2021

@tofuwabohu@lemmy.161.social
link
1
edit-2
1Y

Telegram works very well but is a nightmare from privacy perspective since they store everything* unencrypted as long as they want. They even call themselfes “cloud messenger”.

(*) everything but the e2e chats you can set up but are barely used since they can’t be accessed on desktop and there’s no e2e for groups

@kitsunekun
link
210M

My favorite telegram feature is that you can nuke entire chats with a couple of clicks. I wish more texting apps had that type of design because it gives you ownership of your messages/discourse.

@awa
creator
link
13
edit-2
9M

deleted by creator

@ksynwa
link
41Y

Element gets a “good” on ease of use but IME using multiple clients is a pain in butt with the way encryption keys are handled. Lots of people complain about not being able to read some messages in an encrypted room I am in. I understand if it’s a limitation of them not storing your keys on a centralised server (unless you opt for it I think) but it makes it very difficult for normie friends.

@nutomic
admin
link
3
edit-2
1Y

Where does Telegram have ads? I’ve certainly never seen any.

@dreeg_ocedam
link
6
edit-2
2M

deleted by creator

@nutomic
admin
link
71Y

Okay but thats only for public channels, so anyone who uses it as an instant messenger will never see those.

@kitsunekun
link
210M

Your post says that Threema doesn’t have voice and video calls, that’s wrong. https://threema.ch/en/blog Feature-wise Threema is very, very solid, and they will soon be adding even more features now that people are in a frenzy about not being spied upon 24/7.

@federico3
link
1
edit-2
1Y

This comparison ignores the leaking of metadata: for that, the only viable option is Briar.

It also ignores ease of use: Signal is still reasonable, Element is too fiddly and buggy for non-technical users.

@dreeg_ocedam
link
4
edit-2
2M

deleted by creator

@Nevar
link
1
edit-2
6M

deleted by creator

@cruon
link
13
edit-2
1Y

Not Wire please. Apart from the issues listed on that blog post, its UI/UX is terrible.

@onlooker
link
41Y

Yeah, it’s not great. It’s also an electron app, which gobbles up more memory than I’m comfortable with AND last I used Wire, it wouldn’t detect my mic unless I was using the web version. Just no thanks.

@Nevar
link
0
edit-2
6M

deleted by creator

@Echedenyan
link
51Y

As far I see, Threema only became FLOSS in the client side and few things in the server side, the rest is still propietary software.

poVoq
link
31Y

Yes, similar to Telegram. Still that opens a lot of possibilities for reproducible builds and bridging etc. and they are also not hostile to 3rd party clients: https://www.openmittsu.de/ Servers located in Germany/Switzerland afaik. Recently got a larger cash investment from a large German investor.

@Echedenyan
link
11Y

Yes, my point was only that and I apply the same to Telegram. It is a disadvantage for me and a major one.

@Nevar
link
-1
edit-2
6M

deleted by creator

@TheAnonymouseJoker
mod
link
01Y

Telegram is okay only as a public board/group messenger service, nothing more. They take time in open sourcing their client code, around 3-4 months.

poVoq
link
-11Y

That’s not that relevant, as long as older versions compiled from source still work.

@TheAnonymouseJoker
mod
link
2
edit-2
1Y

Older versions work, but would also have security flaws. So Telegram is open source depending on what definition of security or feature updates you are okay with.

Most (spoiler: nearly all) people have no clue about this in privacy community.

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 4 users / day
  • 50 users / week
  • 182 users / month
  • 581 users / 6 months
  • 3.91K subscribers
  • 2.04K Posts
  • 9.62K Comments
  • Modlog