removed by mod
fedilink
30

Why does Signal need my phone number?

Signal is subject to National Security Letters in the U.S.

Signal received funding from Radio Free Asia owned by the U.S. Agency for Global Media with ties to the CIA.

They seem to have a history of needing quite some time to release the server source code.

Here are some articles to read about Signal:

https://yasha.substack.com/p/signal-is-a-government-op-85e

https://www.androidpolice.com/2021/04/06/it-looks-like-signal-isnt-as-open-source-as-you-thought-it-was-anymore/

https://github.com/signalapp/Signal-Android/issues/8974

Jamilla
link
fedilink
11Y

@smegforbrains

Just take a look at

- Chat Anonymously: No Phone Number Required

- No collection of user data.

- Pay $5 once, chat forever.

And check:

https://securemessagingapps.com

and rate the security
🟩=3 🟨=1 🟥=0

Results:

  1. Threema = 85 = WINNER
  2. Session = 79
  3. Signal = 77
  4. Wire = 70
  5. Wickr (Amazon) = 62
  6. Element / Matrix = 59
  7. WhatsApp = 34
  8. Telegram = 29
  9. Apple iMessage = 25
  10. Facebook Messenger = 25

@Jamilla @smegforbrains you should check out Simplex chat

FarLine99
creator
link
fedilink
11Y

Yeah. It is good!

@smegforbrains Phone numbers are hashed and then used as an identifier. The Hash cannot be used to figure out the original data. NSA letters are useless as they only have sign up and last connection times.

@smegforbrains
Unfortunately most #people #trust blindly the #Signal 's marketers and do not read the full #privacy #policy and #terms

Jamilla
link
fedilink
21Y

@topsecret_chat @smegforbrains

“metadata absolutely tells you everything about somebody’s life.

If you have enough metadata, you don’t really need content.”

NSA General Counsel
Stewart Baker

Source:
“We kill people based on metadata”
https://www.nybooks.com/daily/2014/05/10/we-kill-people-based-metadata/

@topsecret_chat @smegforbrains “trust blindly”

my guy, you don’t even release source code.

@Rush @smegforbrains

Hi, the client-code is naturally open, while currently the core-engine is kept highly encrypted and we do not publish it (yet) as open-source.
There are different views with pros & cons about opening it, regarding confidential comms.
Anyway we are independently pen-tested by volunteers. Thanks

133arc585
link
fedilink
11
edit-2
1Y

Says the person with a 4 day old account who’s bio is literally marketing-speak for a rival app:

The #messaging application with #anonymous identity, #untraceable content and military-grade #security. AKA the Dark Messenger.

Also, what is this infuriating nonsense where #every #word #is #tagged? #Can #you #not #type #normally? #Or #is #it #automated? #It’s #inane. And it hurts readability, which is really the bigger problem.

@133arc585
Yes, walking the first steps here in Mastodon :-)

We are volunteers operating under an NGO based in Ireland… not rival of Signal, WhatsApp (or similar), but instead a complement for higher privacy

Sorry for the several hashtags, it’s just the habit when posting

@src@lemmy.ml
link
fedilink
3
edit-2
1Y

Everything about your project just screams wannabe, or honeypot. I don’t think it’s possible to sound more sketchy and suspicious if you tried.

133arc585
link
fedilink
31Y

not rival of Signal, WhatsApp (or similar), but instead a complement for higher privacy

Sure sounds like you’re a rival if your bio is accurate. What do you gain from positioning yourself as not-a-rival? Wouldn’t it be more honest and benificial to position yourself as a rival, and be very explicit in how and why you are better than alternatives?

Sorry for the several hashtags, it’s just the habit when posting

Why is this a habit though? It doesn’t help discoverability, at least not for random shit like #people and #policy and #terms. What is the point of that? Don’t all these services have full-text search, where searching for #Signal and Signal are equally effective at finding comments mentioning Signal? And, even if it was exceptionally useful at helping discoverability, it really hurts readability: it becomes harder to scan and is visually cluttered. It takes me significantly longer to read somethign full of #tags than without, and I’m lately likely to forgo reading such a comment entirely rather than put up with line noise.

@133arc585

A rival sounds more like fighting against, but we rather designed a complementary solution that secure your data and metadata also while is use.
With Confidential Computing the messages are not traditionally stored/deleted, but they operate in a memory enclave so they cannot be retrieved with forensic technology… of course this comes with a capacity limit, focusing on (few) highly confidential comms.

We’ll take the feedback about the hashtags in consideration. Thanks

133arc585
link
fedilink
21Y

That’s fair, rival does have a different connotation than “competitor”, which is a more accurate term here I think.

Is the source code fully available for your product?

@133arc585

The client-code is naturally open, while currently the core-engine is kept highly encrypted and we do not publish it (yet) as open-source.
There’s a bit of a debate about pros & cons of opening it, regarding confidential comms.
Anyway we are independently pen-tested by volunteers.
Thanks for asking 👍

133arc585
link
fedilink
21Y

while currently the core-engine is kept highly encrypted and we do not publish it

Why not? If you’re 100% confident it’s secure, you should have no issue making it public. If you aren’t 100% confident its secure, not making it public is just dishonest and ends up hurting trust when something inevitably does happen. Also, what do you mean that the code is “highly encrypted”? First off, using phrases like “highly encrypted” and “military grade” are already massively suspicious because they’re marketing terms that really don’t mean anything. Second, keeping the code encrypted (at rest perhaps?) doesn’t mean anything; and in order to run the code, it has to be un-encrypted anyway.

There’s a bit of a debate about pros & cons of opening it, regarding confidential comms.

How so? Here are the possibilities:

  • Your code is 100% secure:
    • You don’t release it: nobody trusts your claim of security (and fairly so).
    • You do release it: people can verify for themselves that your claim is valid.
  • Your code is not 100% secure:
    • You don’t release it: nobody trusts your claim of security (and fairly so).
    • You do release it: you can potentially have bugs discovered for you; or, people will fairly decide not to use an insecure product.

There’s no situation in which not releasing code helps security or trust. Security by obscurity is not security.

Anyway we are independently pen-tested by volunteers.

Which is fine as one facet of being verifiably secure, but it’s not suffucient. Code can have flaws that pen-testers will not (or are very unlikely to) stumble upon, even with fuzzing environments. The proper approach is to have the code audited and openly-available and to have independent pen-testing of the running implementation.

Not that I was a potential user of your software to begin with, but the way you’re describing your product and operations really would turn me off trusting it.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 2.97K Posts
  • 74.6K Comments
  • Modlog