You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 124 users / day
- 1.05K users / week
- 1.3K users / month
- 4.58K users / 6 months
- 1 subscriber
- 4.18K Posts
- 106K Comments
- Modlog
Building a threat model helped me figure out what was worth my energy and what can be put off to be done later at my leisure. This should be your first step.
What kind of phone and OS do you use? You can contain the spying a bit if you set up a work profile with Insular or Shelter, install your proprietary apps there, set a schedule for checking those, and turn off the profile otherwise. I realize that it’s not the easiest, but if you can find people to talk to in real life regularly, frequent access to messages / social media need not be a prerequisite to a healthy social life.
Getting hacked through the BIOS/Intel ME, while possible, is statistically highly unlikely, activist or not. If there’s a piece of technology I have to use, but don’t trust, I just keep it at my desk, fine as long as it can’t actively track me moving around. Don’t let perfection get in the way of your bigger goals.
While we’re at it, have you considered libreboot on the T480? A few tiny scraps of the Intel ME do have to be left in place, but realistically they’re not going to see an exploit anytime soon. And you’ll still have most of the satisfaction of liberating your computer.
deleted by creator
I get you, but my friend, the guy that started Signal gave up $850 million from Meta to go start Signal.
What’s more likely is your phone to get spyware on it that renders any E2EE worthless, regardless of what app you use.
deleted by creator
OK, so based on what you’ve posted here I think you might have a lot of misconceptions about what works and what doesn’t and what’s “good” and what isn’t. It’s not even clear what you mean by “Free.” I assume this means FOSS, but it’s hard to tell.
Edit: Speaking of Signal - it is FOSS, it’s the equipment that the network uses that isn’t because someone has to take care of it. That’s how every FOSS project works. You can, if you like, fork your own version of Signal if there’s something about you don’t like. But the thing about E2EE is that once the message leaves your device, it’s encrypted, so worrying about server location isn’t worth it. Otherwise go see what ISIS or Russia uses and go use that. Remember how they all used Telegram, which wasn’t secure at all and the EU is about to try and pass a law making Signal and other E2EE positions illegal because they can’t see the messages?
This is a much larger conversation, but I would expect that you’re placing far too much emphasis on big-picture labels and geography without understanding where nuance exists that might make something worth using. So you’re possibly trying to balance very unbalanced notions.
deleted by creator
No misconceptions - it’s a word that has more than one meaning, especially in this context. That’s why I said I was unsure which version you meant. I’m not attacking you or doubting you, there’s just not enough information here. Not just about what you mean, but also to ensure you have fundamentals reasonably covered to the point where worrying about where Signal’s servers are should be a sticking point for you.
Free as in no money needed to install? Free as in freedom from proprietary software? Free as in free from specific geographic snooping? Free from centralization under a single entity? When the start and end of FOSS are “Free” and “Software,” I am free as well to see 2 words next to each other and understand there’s ambiguity left to sort out and just ask what you mean. Seems like you mean all of those things - correct me if that’s not accurate.
I’m also not having a disagreement with you, at least not that I’m aware of. I’m trying to get you to take a step back and see if your concerns really bare themselves out, and if the balance you note in the title is actually a search for balance at all. Your post title is about balancing convenience and privacy, but the point of the post is to just ask “What is an E2EE messaging app that doesn’t touch any equipment in the US?” Which is an entirely different question.
Also, there’s no balance if you have a “spyware phone” and find some unicorn app that uses quantum entanglement to send the messages if your keyboard on that spyware phone is giving up what you’re typing anyway. Which is a very real possibility and I’m not seeing indication or not that you’re using non-default keyboards. Or even what phone you’re using as we might say “spyware” but what and how deep Apple and Google track users are fairly different. Balance can’t be found if a vulnerability undoes all your security improvements. If I have a rootkit on my laptop, virus scans of incoming PDFs doesn’t undo the rootkit, right?
Also, if you’re on Android do you have Whatapp sandboxed in a separate profile? If not, then you’re already giving up enough that Signal’s servers are the least of your concerns. Anything that you do where that’s a concern shouldn’t be done on your phone in the first place. Your device isn’t trustworthy enough, and changing one app isn’t going to fix that. And that’s OK - my phone does things I can’t change and so I have to ultimately just know that it’s rated for no conversation more sensitive than what’s for dinner and what time do we meet for someone’s birthday. It’s something I just have to accept.
Look, you’re asking for help and I’m trying to provide some based on partial information. So you can either help us all in this community with information to help you, or not and come away frustrated and angry with no results.
For example; It’s hard to find mobile keyboards that arent spyware!
Not really - have you looked at the F-droid shop? I use Heliboard and Simple keyboard on android which are both FOSS and cover all my language needs. Neither is spyware as far as anyone seems to know.
Simple Mobile Tools were bought by an Israeli ad company, use Fossify instead.
Ok I actually have those on my Android device and you are correct, they’re cool.
However on my ios device I’m fucked.
The new Android makes it considerably more complicated to install apps that are not notarized
https://keyboard.futo.org/ is a good one!
Signal is on mobile
deleted by creator
That is true, but the clients have been audited by crypto experts and it is probably way more secure than a random chat application just by the sheer amount of eyeballs on signal
deleted by creator
What? Whatsapp clients aren’t free software. What even is your point
deleted by creator
deleted by creator
I think what they’re saying is that, to a lot of people (myself included), Signal is currently the best option despite being centralized. The decentralized options have UX issues, too small a user base, or aren’t well known enough to have gone through robust security/privacy reviews. While you can’t see what’s running on the signal servers, the app is open source and so far it looks to be encrypting the information correctly and it’s not sending anything but the minimal data to their servers.
‘A lot of eyeballs on the code’ is only relevant for open source apps. They were making a comparison between Signal and the many other open source mobile messaging apps.
You might also find this chart helpful if you’re looking for other alternatives. Personally, I found Signal to be the best one to get my friends and family onto
https://www.securemessagingapps.com/
deleted by creator
Consider the extra security to be had with Molly the signal fork. I love it and the devs
Uh, never heard of it! Looks very promising. Are third party clients officially allowed by Signal?
Yes? Yes.
deleted by creator
matrix, threema or simplex
have been through something similar. What helped for me is to try to figure out your threat profile first… Because jumping straight into total lockdown mode on everything and frantically uninstalling anything that so much has any ties with GAFAM not only doesn’t actually help, it can take a toll on your mental health…
It’s also sometimes a good idea to “blend in” and have a few undesirable software (that don’t do tracking), just a thought.
If that doesn’t help, and you’re sure that your threat profile is clear as day, there’s also the option of getting a secondary phone or laptop (if you can afford it) and install all the unwanted/non-FOSS software there.
Stop doing what you’re doing.
Your whole post is “I want to only do this but it messes up every other part of my life”.
Just stop doing what you’re doing. There is no ethical consumption under capitalism. You can’t weigh your devices and their softwares unfreedom against a feather and be admitted into gnu/fsf heaven.
There is no benefit to your everyday experience of life, something you have a very limited supply of, by going libre in all computers.
deleted by creator
That’s not very well thought out. You can find purpose in things that don’t actively mess up other parts of your life.
Rebellion in an unsustainable way is not a contribution to a greater cause. Rebellion isn’t ontologically good in and of itself.
A good mobile alternative to Signal is Simplex, it works both on Android and GNU+Linux. It’s AGPLv3. You have it on F-Droid
I have a Thinkpad X220 myself with Libreboot (coreboot distro). But if you do think that microcode updates is bad you can go for Canoeboot. Always check the chipset in order to know exactly what kind of me_cleaner you have to apply.
Thinkpad X220 works out of the box with Linux-Libre (I use Guix). You probably will need a WiFi card that works with the free software kernel drivers, you can check h-node for hardware that works with free software drivers.
The thing is that that kind of laptops aren’t too powerful. You could check more modern Thinkpads supported at Libreboot.
There are also modern laptops from: System76, framework and Purism. Some support freesoftware more than others, but it’s a good resource. For example not all System 76 laptops have Open Source Bios and EC, most of them disable the ME though.
The phone market is a bit different everything runs on SoC. So unless you go Purism phone or Pinephone. But they lack a lot. I would recommend using a custom de-googled Android like GrapheneOs, CalyxOS or LineageOS.
**Since I’ve been there, take everything with calm. Change bit by bit, and don’t try to force yourself. **
Note: There’s also Briar as a replacement for Signal, but the synching is between devices, so if the other is not connected… I prefer Simplex for now. I really like the way you share chats (since there are no IDs per se). I’ve been testing it out and it works well, you can even call and everything.
Note2: Matrix is a bit shady since the only Matrix instance (public) is Matrix.org and for now their whole selling point is based on that, but we’ll see (I use it too though).
deleted by creator
Always keep work on a separate device.
Signal is libre. If you’re already failing, stop making it harder. Get others to care first, then go for decentralisation.
https://lemmy.world/post/21620691
Make them come to you. Keep your replies short. Make them ask more. If you give it all away upfront, they’ll forget by tomorrow.
https://lemmy.world/post/35312231
Start here but make sure you really understand it.
Excuse me. ‘Free Software’ is capitalized. It is a proper noun. Do I need to explain to you the differernce between ‘Free as in Freedom’ and ‘free as in beer’?
I think you need to step back and review your threat model. Grab a pen and paper or open a spreadsheet. List all the tech you use for various things. Then determine what threats you are protecting yourself from for each. Try to use a scoring system to rank importance/criticality and convenience. Then try to find the balance, which ones you’re willing to sacrifice convenience for and ones you are willing to compromise. Then take action one by one.
Matrix.
This isn’t about balance, but it’s an interesting watch https://youtu.be/1opKW6X88og?si=1XgJj2gkjrq3Ww-s
deleted by creator
It’s a weird time to tech-aware.
If fluffychat gets buggy(I’m told it’s decent now), I strongly recommend schildichat and schildinext
So… I started to write down technical answers to your questions but honestly it’s really rare that people don’t want to communicate with someone solely because they don’t have the same tools.
I’m not saying you are doing anything wrong, socially speaking, but I want to highlight that there are usually ways to get back to people. Back in the days (yes… I’m going there) people didn’t have mobile phones and walked to phone booth. People even waited nearby another phone boot for someone else to call them back. I think it’s a good example that we forget how “inconvenient” it was. If people you want to get in touch with can’t handle an email (typically the lowest common denominator, I’m not suggesting that a “normie” as you say setup their own Matrix instance) then they are probably not worth spending time with anyway.
I’ve had similar feelings before. You’re not the only one to struggle with this. You are pushing against the grain and doing something, aligned with your values, that 99% of people don’t know about.
What helped for me is separating what I can control from what I can’t. Everything on my device, that I personally choose to use, is under my control. So that is all free software, downloaded from system repositories, because I care about that. Meanwhile, everything I can’t control, I just gradually try to improve over time.
Here are the things I feel I can’t easily control:
I bought a laptop many years ago without free firmware for wifi, bluetooth, microcode etc. I like using devices as long as I can. Ok, no worries, lets just replace it with a Thinkpad next time.
My employer requires me to use Zoom, and some proprietary VNC client on my own device (on top of a load of proprietary software that I run on their devices). I don’t really have a choice here, unless I quit my job. So, I give in the short term, but do what I can to minimize the damage, running it in a dedicated VM. For the long term, I try and keep an eye on FOSS job boards and also network with people in the FOSS world (I’m quite bad at this, but trying to get better).
Likewise, some of my friends haven’t switched over to XMPP, which is my network of choice. Eventually, the people closest to me did, but many did not. So, I bridge those who haven’t into XMPP (via Matrix, for now, but looking to remove it eventually), and decided that I don’t want anyone “new” to contact me through the proprietary networks (I haven’t set up “enforcement” for this, an autoresponder probably, but this is the plan). The good news is that the proprietary networks always screw up eventually. When they do, your friends will get pissed off for their own reasons, and that is your chance to offer them the alternative. I never push, but let people know that I use XMPP. Some become genuinely interested, others you have to wait until they get screwed over by the proprietary networks.
Now bear in mind I am more interested in software freedom than security. So your priorities might be different. But the short story is: don’t beat yourself up over this. It’s a journey and you are pushing against the rest of society. What I do is just try and improve my setup, whatever that means to me, gradually over time.
deleted by creator
My next laptop will probably be a Thinkpad T480 from Minifree. But I reckon it will be a while before this one breaks in an irreparable way.
CAD + ML is certainly difficult, maybe that needs a dedicated machine you only use for that? But that will increase costs overall. I’m also not sure how to find PC parts that I know won’t need dedicated firmware. So that part is definitely more tricky, I’m sorry I can’t be more help here :(
As for Matrix and XMPP, I started off with Matrix and found it pretty good for bridging lots of different networks together. But, over time, I came to prefer XMPP for a few reasons:
prosodyvia Debian’s archives, and once it was set up, I didn’t have to touch it. I update it with the rest of my server every 2 years, and I don’t fall behind the rest of the network or miss out on much in the meantime. Meanwhile, I have to pay much more attention to my matrix server, I get the software from upstream and not from my distribution, and there are more regular changes that I have to pay attention to.As for advantages of Matrix:
Many of the pros and cons are based on values (e.g. living on the leading edge vs using something more mature, preferring community based solutions vs commercial ones etc.), so I totally understand and support people who use Matrix instead. Ultimately, both ecosystems can cooperate, learn from each other and are millions of times better than the proprietary networks. That said, above is why I came to prefer XMPP.
deleted by creator
I’m not the person you replied to, but a lot of my friends that pushed us to initially use Matrix have grown unhappy with the direction it’s gone and really dislike the clients. I personally host a private Matrix server and I am fine with it for now, but I’m able to avoid most of the drama and bugs by simply not moving to the latest and greatest. I always liked XMPP in the past, but I haven’t used it in a few years. I am glad to see it picking up support and hope that some of the things I didn’t like about it (which I can’t seem to recall at the moment :) ) are no longer problems or at least may get some traction on resolving.
deleted by creator
I’d take that page with a grain of salt, especially since it is quite old and not all of it valid anymore, but I agree that generally you hear the good things about Matrix. Even disregarding what that site has to say, I’d give XMPP a look. XMPP likely isn’t all rainbows either, but I like the traction it is getting and it did a lot of things right in my mind.
There’s no sane reason to switch off of Signal. It is what you want to use given what you are saying.