• 0 Posts
  • 15 Comments
Joined 3 years ago
cake
Cake day: September 4th, 2021

help-circle




  • Well, in my opinion, it kind of does, since it doesn’t notify the user that their messages are being forwarded.

    That’s more than Signal does. This is not a typical feature; I can’t think of an end-to-end encrypted messenger that does do this. If you want to make this argument, all end-to-end-encrypted messengers must be broken because the person who receives the message can then send it to anyone else without your knowledge, or take a photo. It’s trivial.


  • I use uBlock Origin on Firefox with Javascript, remote fonts, and all 3rd party resources blocked by default, and I also use Yomichan with several J-J and J-E dictionaries for quick, high-quality lookups and making Anki cards.

    I have another profile with no extensions aside from cookies.txt to extract cookies so that I can use youtube-dl for those sites.

    And, if you can call it an add on, I use custom search engines for a lot of sites. As for the extensions I don’t use, I’ve disabled and removed the EME and Widevine DRM modules that Firefox ships by default because it’s proprietary and…it’s DRM. DRM is ridiculous and bad, and it only ever punishes people who don’t pirate content. It also empowers monopolies.


  • ethicallypulmonarytoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    3 years ago

    That would be Session, the Australian Signal fork that uses a Tor-based network to route traffic and requires no information to setup. You don’t have to give any of your personal information to anyone you want to communicate with; you give them a randomised hash, which represents your address instead of a phone number. It’s even easier to setup than Signal because you don’t really have to do anything after you download it. I like it as a simple method to send encrypted messages between computers, because I don’t have to register a phone number every time I want another account. There’s no arbitrary 5 linked devices limit like Signal. Works on Windows/macOS/Linux.

    I can’t imagine getting any of the people I know to use it, though.

    The app is incredibly buggy and takes a long time to send and receive messages because of the onionized network. Also, it’s in Australia, a country that’s openly against end-to-end encryption and has been passing (and is still trying to pass) laws that mandate backdoors in encryption protocols. You can read about that here, under “Does the Australian government’s anti-encryption stance pose a risk to Session?”: https://getsession.org/faq

    Session is developed by a non-profit foundation like Signal, and they also have their own cryptocurrency token, OXEN.

    I think it’s definitely interesting, but there are probably too many annoyances for the people I know to use it on a daily basis.


  • ethicallypulmonarytoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    10
    ·
    3 years ago

    I agree. But it’s worse than what you’ve said here; Signal is only accessible on Android/iOS and not on the Pinephone and its myriad OSes, for example. People have to develop their own clients for Signal, but Signal has said that they will deny these clients access to the server. But there’s no way they’re going to develop Signal for these obscure platforms.

    Now, whether they’d actually do that is another thing altogether, but they’ve said they would, and they’ve done it before.

    As I mentioned before, Signal’s servers are hosted on AWS and Azure, which, even if that doesn’t concern you from a personal privacy perspective, Signal is funding these anti-privacy actors, and continued use of Signal increases its popularity, which increases the number of servers it needs to support users, which increases the amount of money it has to pay to these companies. So, by using Signal, you are indirectly financially supporting Amazon.

    That makes me a little uncomfortable.

    While you could make the argument that Signal’s servers can’t access your message content because it’s E2EE, metadata is still accessible, and probably accessible to Amazon and Azure, as they host the servers.

    And Signal is also making weird moves lately with MobileCoin, which seems directly related to withholding their server source code for over a year.

    Worst of all, you need a phone number to get Signal working. You could use a landline, or a free phone number, or a VOIP number, but you still need to do this to use Signal. Thankfully, it’s not limited to mobile numbers, because SIM cards are tied to your identity in some countries, but you need a phone number. This barrier to entry exists for no good reason. It exists for a reason (Signal was meant to replace SMS), but it’s not a good reason. Being given the option to link Signal to your phone is a good idea. Being forced to link Signal to a phone is dumb and annoying.

    Signal might be open source, but they’re doing everything they can to close it off, which really annoys me.

    But Signal isn’t proprietary, like @SudoDnfDashY suggested.


  • ethicallypulmonarytoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    1
    ·
    3 years ago

    I figure, if I can’t get them to download Signal, I have no chance getting them to download and setup XMPP. I don’t use SMS often, so there’s not that much data to covet, and not supporting Facebook is more important to me than attempting to protect these small conversations.

    I do plan on looking into XMPP at some point in the future; just to see what it’s like.


  • ethicallypulmonarytoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    1
    ·
    3 years ago

    Australia. Most of the people who don’t have smartphones here are 60+.

    I might have to revise that statement I made about banks requiring smartphones. It’s probably possible to turn the bank app as a second factor off, but the alternative is not having a second factor (they don’t support security keys, which are the best you’re gonna get), which is far worse. My bank also lets me login on a browser, but I’ve heard of banks that are only accessible from apps. But I have no evidence to support that this is a thing that exists (or exists in Australia), so I think I’ll edit that part out.

    And, well, even if you don’t like it here, you can’t leave right now anyway, with the pandemic and all.


  • ethicallypulmonarytoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    5
    ·
    3 years ago

    What part of Signal is not open source? Both the signal clients and server-side code is licensed under GPL and AGPL respectively.

    They hadn’t published the server-side code (which we can’t verify they’re running on their AWS/Azure servers anyway) for a long period of time, however, it’s now being released to the public again.


  • ethicallypulmonarytoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    4
    ·
    3 years ago

    It would be nice. I’ve already had a smartphone for years (though I never paid for it myself), but in an effort to get away from it (for various reasons), I see that I’m inconveniencing other people. And even if they don’t resent me for it, it’s not a nice feeling to have.

    Hopefully, when the pandemic calms down, mandatory QR codes will be a thing of the past. I’d appreciate if my bank let me use my hardware token as a second factor instead of my phone, too. I’m fine with calls and the occasional SMS being the only thing I use my phone for.


  • ethicallypulmonarytoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    3
    ·
    3 years ago

    I’m the only one I know who uses a hardware token as a 2FA method, except for someone I bought a hardware token for.

    Most people just use Facebook Messenger, but there are plenty of other options. In terms of open source solutions, Element (Matrix) seems the most viable alternative, but it’s a bit more complex. I like Signal; I just wish I didn’t have to tie it to my phone. That said, it is possible to create a Signal account with a VOIP number and then mess about with signal-cli on a desktop to get it to work…but it’s a bit late for that now, and it seems like more effort than I’m willing to go to. In the future, I might consider looking into XMPP, but I’m comfortable with Signal.

    I wouldn’t force people to use Signal or another app to communicate with me. Some I’ve gotten to use Signal, others communicate with me through SMS. I don’t contact them often, but they won’t get a prompt response from me because my phone is off so often, so I suppose if it annoys them enough, they’ll use Signal.

    I do access my browser from my bank account and can make some payments, but other payments require me to enter a 2FA code from the app on my phone. This is better than SMS 2FA, but worse than TOTP. I’d rather leave it on, though I’d prefer a TOTP/hardware token authentication method…but I doubt that will ever happen for banks. I’ve heard of some banks not being accessible from outside of the app at all, which is why I brought that up, but my bank account is accessible from a browser.

    The payment processor depends on what the service uses. Often, it’s Paypal. They might use Stripe instead. I haven’t made a conscious effort to stop using Paypal simply because I don’t buy things that often, but recently, I’ve been trying to use Stripe. I do wonder if Stripe is really any better than Paypal in terms of privacy, though. No matter what payment you make online, so long as it’s not Monero (I don’t own any cryptocurrency, by the way), you’re not private, so I don’t really worry about it. But, in an effort to not support Paypal’s monopoly, I do make an effort to use Stripe when possible. I would look into cryptocurrency for where I can make the payments, but I don’t like the idea of KYC, and I don’t want to take the risk with BISQ.


  • ethicallypulmonarytoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    1
    ·
    3 years ago

    This seems mostly aimed at users who actively contribute to reddit, and not, for example, lurkers who don’t post, or even use frontends like libreddit to browse through content. Unlike Facebook, Instagram, Snapchat, Whatsapp, Telegram, Twitter, Tik Tok, LinkedIn, the amount of quality content on reddit is surprisingly high.

    This is especially true for subreddit wikis like the one for /r/learnprogramming. YouTube has far more garbage, but it also has a considerable amount of high quality content, so for the same reason, it’s hard to get away from. I don’t access YouTube except through mpv and RSS, and moved all applicable creators to Odysee. I’ve been distancing myself from reddit more and more by choosing to only browse reddit through libreddit instances, and even switching to Lemmy as an alternative, but I inevitably find myself gravitating toward it when I need answers to questions somebody else has asked and had answered years ago.

    Libreddit instances don’t require Javascript, let alone any other details because you’re not registering an account, so I think it’s considerably safer than mainline reddit. It also has a much more pleasant interface than reddit. There are also instances that have onion addresses, for Tor users.

    I don’t think this is a sustainable option, and I agree that Reddit isn’t, and can’t be, the future. These instances have been throttled by Reddit lately, too. But by not contributing to reddit, you’re not contributing to the network effect that pressures people into use Reddit, so I think this is a positive step.

    Lemmy is also much smaller, so there aren’t as many niche communities for things like…visual novels. /c/visualnovel has 10 users. /r/visualnovels has 523,000. So, I can’t really use Lemmy for that, yet.

    But, who knows. Maybe I’ll contribute to it and help to make it a place other people want to come, too. If I have the time and motivation.


  • ethicallypulmonarytoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    7
    arrow-down
    2
    ·
    edit-2
    3 years ago

    Not having a smartphone makes life considerably less convenient.

    • You’ll have to badger workers to sign you in manually, as opposed to using a QR code.
    • You’ll have to use SMS 2FA (which is often used as a backup method, when it really shouldn’t be) for certain sites instead of a security key or TOTP in a password manager because the only TOTP method they support is their iOS or Android app.
    • You can’t use Signal on a non-smartphone, and if you don’t have a smartphone, you can’t use Signal…unless you jump through several hoops. Convincing people to use Signal is hard enough; I can’t iamgine convincing them to use XMPP or Matrix.
    • Not having a bank account is hard, but when you do have a bank account, your only choice of second factor is SMS or the app. No support for hardware tokens, for example. But this is very typical for banks, worldwide, which support a maximum of 12 characters for passwords.
    • You would have to setup VOIP to call people and businesses, which I often have to do for my job.

    Paying with cash is pretty hard right now.

    • Most businesses won’t accept it.
    • Most businesses are closed, so you need to order online and use a payment processor like Paypal.

    Not having a bank account seems like far more trouble than it’s worth.

    I get by with my smartphone off 99% of the time. I use it to scan QR codes, confirm bank transfers, or make calls, and then I turn it off.

    Also, SIM cards are tied to your identity. It’s illegal to get a SIM card that isn’t your real identity.