@koalp
link
67M

Signal is centralised (you can’t easily use another server) and the company is based in the USA. Moreover, a phone number is needed to use it I would rather recommend tox or matrix to really fight surveillance capitalsim

Dreeg Ocedam
link
6
edit-2
7M

to really fight surveillance capitalsim

Because somehow FLOSS E2EE (both client and server) run by a non-profit is still surveillance capitalism.

Tox has never had a third party audit, and I wasn’t able to find any info on Matrix. Signal on the other hand has passed several and is praised by most security experts. Sure, the use of a phone number makes it a bad tool to communicate with people you don’t trust, but it is still the best for communicating with friends/family that already have your phone number anyway.

@koalp
link
3
edit-2
7M

Have you been able to run your own signal server and use it with other people ? Last time I checked, server deployment wasn’t documented, signal was acting against alternative signal clients and you had to distribute you own signal client because the server public key are hard-coded. For me it really look like signal is trying to build a “jail” to capture users. I’m not sure that it’s their aim, maybe they only reproduce what they see in other companies. But it look like they try to make it hard to not use their servers and it doesn’t differ that much from strategies used by other actors of surveillance capitalism. And what happen if you live in a country with US economic sanctions ? You wouldn’t be able to use signal. And if your contacts in other countries use them, you are screwed.

Yeah, signal isn’t part of surveillance capitalism, but they reproduce a dangerous model : centralization of the communication and capture of the users, and it is a big threat in my opinion : I don’t want to use something that I can’t fully reproduce and host, and interoperability is a prerequisite.

I use signal with my family because it’s always better than whatsapp and matrix is less user-friendly. But I use matrix with other people that are more privacy-aware, and don’t want to rely on a phone number for identification.

I wasn’t able to find any info on Matrix.

I think that the name for this technology is very poorly chosen as it is not unique and therefore difficult to search for. I think the same of signal, actually 😛 You can found information here : https://matrix.org/ . Matrix is the protocol and you can use clients like element and host your own server. Servers can federate which means that you can communicate with people not using the same server as you. Matrix includes a way to help to interoperate with external messaging technologies (slack, irc, whatsapp, …) called bridges, so that people don’t have to use matrix if they already use another messaging app. But I haven’t saw any viable signal bridge so far. I think that it is because it is hard to interoperate with signal.

There is a company behind the main matrix client element and their page shows that they have been chosen by major customers like Mozilla¹ or the french state²

As for the adoption, matrix still lacks some features like threads, guilds³ and audio rooms⁴, but it is the most promising messaging technology I’ve seen so far. It will take time to get rid of the sms/whatsapp/signal way of doing things with contacts as phone numbers and a unique server, though. I don’t know yet how to tackle this issue for mass adoption. For anarchist communities, I think it is ready to use, and for companies, it will soon be, once “guilds” and better moderation are implemented.

  • ³ *similar to discord or slack “servers”
  • You can do it using an external service like jitsi but it isn’t well integrated in my opinion : you have to use a client that supports web. Therefore, no native client can support it
Dreeg Ocedam
link
17M

Have you been able to run your own Signal server and use it with other people ?

I never had a reason to, but the fact that Signal is Floss would make it possible (though not necessarily easy) and that’s enough for me The openness of Signal as already proven super useful, for example the Signal protocol is now the golden standard for asynchronous message E2EE, and has been implemented in other apps. There are already forks of Signal that exists too (session).

centralization of communication and the capture of users

Given that most people already have multiple messaging apps installed, I don’t feel like it’s that much of an issue when the organisation behind it is a non-profit. You should read Moxie’s blog post and conference talk “the ecosystem is moving”, it makes some really good points IMO.

interoperability is a prerequisite

I disagree. To me, the n°1 prerequisite is that it is accessible to the point where even my grandma can use it. Signal reaches that goal perfectly. Federation has advantages, but an app that first asks someone which instance are they a member of is terrible for that.

Signal doesn’t want third party clients connecting to their servers, potentially leading to weird UX, even for those that use the official client, and that’s fine. It’s not like they really have any kind of DRMs to forbid that. And they didn’t want someone using their name. TBH, I think that trademarks are the only part of intellectual property that make some sense.

When it comes to US sanctions, Signal works in Iran, and they are working hard to keep it available despite the country’s own ban.

I know what Matrix is, I was saying that I couldn’t find any info on Element passing any third party security audit.

@koalp
link
1
edit-2
7M

I never had a reason to, but the fact that Signal is Floss would make it possible (though not necessarily easy)

I have a use case where I deploy messaging servers. And in my opinion, open source isn’t enough : I think that to be really be floss, a software must be well documented and easy to deploy. It will always require technical knowledge but I think that it should aim at providing a way to quickly deploy the service with minimal technical knowledge, and make it easy for people to hack on the codebase.

I will look at session. I didn’t know that signal had been forked.

Given that most people already have multiple messaging apps installed,

Doesn’t people hate having multiple messaging apps installed ? People I know don’t like and when they create groups, they create it on application they are already on and try to convert newcomers to it. That what I call capture of the users (and what matrix bridges will hopefully help to solve)

Signal protocol is now the golden standard for asynchronous message E2EE

From what I understood, signal e2ee protocol doesn’t scale with multiple device per user as they rely on a single source of truth. If this is true it means that it only covers the use case of having a phone all the time, and only one account. It also means that if you’re phones is confiscated you will lose access to your account after a certain time (and or new computers).

When it comes to US sanctions, Signal works in Iran, and they are working hard to keep it available despite the country’s own ban.

You still rely on the good will of a company and on the government of the state the company is in. When you see the repression anarchists (and socialists) have faced through history, I really think that centralization is not a long-term option for an anarchist community or a political organization.

I disagree. To me, the n°1 prerequisite is that it is accessible to the point where even my grandma can use it

I think that we don’t have the same use cases. I use both signal and matrix, but I see signal as a temporary solution for a very specific use case (family, small communities that do not need too much rooms, friends) to mitigate the usage of proprietary applications, but that will not scale and do not cover professional usage, whereas I see matrix as a long-term solution that solves way more use cases such as the use cases companies and large communities. I also see it as a solution for a new society, when (and while) surveillance capitalism is abolished. If there no more advertisement, and no more privatization of the knowledge, I think it would means big changes in way internet services are funded and hosted.

This is why I wouldn’t recommend signal for anarchist communities or companies, but still would recommend it to “my grandma”, my family or my friends if to replace whatsapp.

Dreeg Ocedam
link
1
edit-2
7M

I think that we don’t have the same use cases.

I do agree, I don’t use really use direct messaging as a way to communicate with people I don’t know, it’s for friends and family, so people I already know IRL. Signal wasn’t designed with the goal of communicating with people you don’t know (because you are exposing your phone number). They are working on it though.

From what I understood, signal e2ee protocol doesn’t scale with multiple device per user as they rely on a single source of truth.

What? You can have multiple devices for Signal (Phones + Desktop client) for the same account. Matrix uses the Signal protocol for its own encryption (as I said it is now the golden standard) so I don’t really get what your are talking about.

but I think that it should aim at providing a way to quickly deploy the service with minimal technical knowledge

Good point, but Signal uses a lot of security measures that can’t be deployed trivially, I guess that their use of Intel’s SGX enclaves are a pain to set up. Matrix doesn’t use theses security features. And even then, Synapse’s (Matrix’s official server) is known to be quite resource intensive. Also, relying on non-professional to run instances can be a security risks, as instances are more likely to get hacked than Signal’s servers. For organisations, options like Matter/Rocket chat and Twake are cheaper to host and will be more en user friendly.

When it comes to authoritarian regimes, I’m not sure that decentralisation is actually the solution. Instances can be shut down, and how can you know which other instances are trustworthy? Decentralised protocols often leak a lot more metadata (at least that is the case for Signal vs Matrix vs Tox), so trusting your instance is important. Also, if you are using Matrix’s webclient, you have to trust that the server is sending you the right JavaScript, otherwise it could completely bypass the E2EE.

When Encrypted client hello becomes standard, centralisation will be an advantage, as any website’s traffic hosted on a major cloud vendor will be indistinguishable from the rest of the traffic hosted by the same cloud provider, which will make it pretty much impossible to block. I’m pretty sure that Signal will be quick to deploy ECH when it is standardised, while many Matrix instances won’t.

Both approaches have their merits and downsides, and both have talked about it:

I suggest you read/watch both, as they make really good points. But for now, only one of those solution reaches the goals of being usable by the masses, and does so while being praised by nearly every security researcher out there. Signal is FLOSS, is backed by a non profit and a billionaire (Brian Acton, co-founder of What’sApp) as well as donations. This lead me to believe that it’s won’t go to shit any time soon, unlike proprietary apps, so my choice is made. Sure, Signal doesn’t fit every use cases, but it fits all the ones I need, and is evolving to fit the ones it doesn’t fit yet.

@awful
link
67M

do you know of any anarchist matrix chats?

@rockroach
link
37M

there are many

@51524262fTw
link
37M

Xmpp is another option. The hosting of a server is lightier and there’s a lot of servers for free use.

@awful
link
-1
edit-2
7M

deleted by creator

@rek2
creator
link
2
edit-2
7M

I agree but if comrades are doing this I am going to support them, because, is open and is stll secure, maybe not anonymous. two diff things, so yes I use matrix. but I am not going to ditch the reasons of comrades, this is the problem we have in our anarchist communities… The first thing it ocurred to me is that maybe they though that for regular whatsapp people is easier to find that middle ground… again I use matrix everyone knows this.

@lps
link
-37M

Session is the best yet for simple click install, takes all the best from signal in terms of usability/ease of use but not centralized https://get session.org if you haven’t tried it:)

@nikifa
link
37M

wtf. why is session promoted here? they worked together with alt-right shitheads.

@nikifa
link
37M

and then the capitalist gamification that they aruge brings stronger protection then how Tor does it.

@rockroach
link
07M

how is this fighting surv cap if need to go through the playstore to use it ???

@rek2
creator
link
1
edit-2
7M

RTFM - you can download the apk from their site, or compile it yourself is libre software. do you need to be handspoon by the playstore? people use f-droid and custom apk builds for everything, with custom ROMs with no google apps. never use playstore. Now if regular people is going to install signal, is much better to get them off whatsapps/facebook/instagram as a first step. so yes is a win win situation for normies. I rather see normies using the playstore to download signal, fediverse, matrix etc apps than fellow so called anarchist using facebook/instagram/whatsapp …

@rockroach
link
17M

I am a new android user, people told me to use f-droid instead of the play store, but signal is not on the f-droid listing. telling people to compile their own software is just bad user experience and it excludes people.

also, why RTFM people? it is elitist behavior and it ignores the plurality of realities(ie not everyone has the time, resources and knowledge to do it), is elitist behavior tolerated in this space?

@rek2
creator
link
17M

peoplesayRTFM for then a simple duckduckgo/google/startpage search will yield what you need, it takes longer to write about what you dont know instead of knowing what you talking about first… https://signal.org/android/apk/ <----- do you need to compile? nooo. also I said if you read well that for normies is ok to use the google play. heck I dont even use signal but I know because I search before I speak shit on forums and claim non-true statements… this is when the RTFM comes in handy. is not elitist is what some people need so they learn to learn and to not spread rumours.

@rockroach
link
07M

congratulations, are you trying to prove that you are better than me ? because it fails when you jsut ignore all the points I present and just focus on the fact that i am noob. great praxis.

@rockroach
link
-1
edit-2
7M

deleted by creator

@rmotao
link
-2
edit-2
7M

DO NOT USE Signal.

Rules:

  1. Be respectful
  2. Don’t be a nazi
  3. Argue about the point and not the person
  • 0 users online
  • 2 users / day
  • 4 users / week
  • 34 users / month
  • 123 users / 6 months
  • 1040 subscribers
  • 255 Posts
  • 934 Comments
  • Modlog