have been able to do so with much smaller funding
It’s easy to “stand on the shoulders of giants” and claim some software is better when you’re adding 1-5% of additional work on top of a fully developed service/app/infrastructure. It’s why generally forks of software tend to have more features than the original source - See the following examples where people polish something and release it as their own improved creation:
- Chromium/Chrome > Edge/Brave
- Debian > Ubuntu/Mint/Pop!_OS
- Android Open Source Project (AOSP) > WhateverSamsung’s_is_called
- Firefox > LibreWolf
Now, I’m not trying to say people should stop forking software, I’m all for it as it breeds competition and innovation, but to complain that a software project is not meeting your specific demands and their forks are doing so much more means you’re not understanding the other projects would probably die without all the hard work that goes on in the core product.
whereas even such basic shit implemented solely in Molly, such as app passwords that actually encrypt it’s database is pretty useful.
You say this but do you have any evidence to back up the claim that it’s useful and to who? Who’s asking for it? What percentage of Signal users would enable the feature? Is it 1%. Is that worth it? There’s barely a demand for privacy from the general populace otherwise Signal would be a hit and everyone would leave Whatsapp immediately, but it isn’t.
if you use most tiling compositor
You’re the 1% of the 1% when it comes to desktop configurations if you’re using a tiling window manager. I used one about 10 years ago and have yet to find one other person in the real world who has ever used one and I work in IT. Whether you like it or not, Signal developers are not going to spend any effort on making your very niche use case any better. I’m not saying that to be rude, but you have to be realistic. Your expectations are high for a free service that generally works for 99% of the population.
Likely because while simplex looks great and is very promising, it doesn’t add much to the conversation here. Signal is primarily a replacement for SMS/MMS, this means people generally would want their contacts readily available and discoverable to minimize the friction of securely messaging friends/family. Additionally it’s dangerous to be recommending a service that hasn’t been audited nor proven itself secure over time.
Not all, but some will and that’s good enough. Security and privacy is all about layers, not guaranteed solutions.
That said, if you have “business” with a company, they are probably using your registered home address to understand how to deal with your local laws/regulations. e.g. If you’re using a registered google account and don’t have an address in a state that offers protection, its very unlikely they’ll extend any privacy policies to you just because your IP says you’re in California, for example.
OTOH, if you don’t have a registered address/account/profile and your IP is coming out of California, its possible some companies will apply stricter policies based on your preference.
To your original point though, yes, shady companies will continue to behave in unethical ways.
I’m not saying it can’t be private, but defaults matter and by default every message sent on Telegram (unless you opt into a “secure chat”) is viewable by anyone with access to Telegrams infrastructure and you have no way to know your message history has been compromised.
In contrast, everything within Signal is completely private and end-to-end encrypted with no compromises. Your groups, group names, profile pictures, stickers, reaction, voice/video message etc are all private without anyone having to make do anything. Privacy is enforced, not an option.
Telegram does have secure chats, but - either intentionally or not - they have made them incredibly inconvenient to use as they are not enabled by default, don’t work in group chats, and don’t sync across your own devices.
So yes, Telegram is private, just as private as a PGP encrypted email.
deltachat uses autocrypt which apparently doesn’t support key verification yet. how secure is it if you can’t even verify that your messages aren’t being intercepted? I also didn’t see anything about rotating keys after every message like Signal does, so anyone sucking up your encrypted messages just needs one key to see your entire message history. that doesn’t sound very good.
any benefits over Mullvad’s browser?
Mac address randomization has been enabled by default since Android 10. I would assume iPhone does something similar.
Link for the lazy: https://www.pine64.org/pinetime/
Not that I don’t believe you, but do you have a source? I mean, Molly has worked using Signal’s servers for at least 5 years now and Signal’s devs can see that people are using it and have the capacity to easily block them if they wanted to, so how are they not allowed but still allowed? Seems contradictory.
Yes they are allowed. The devs have nothing against third party clients as long as they’re not abusing the network or pretending to be the official Signal app.
The issue you’re referring to happened, I believe, around 2016 and it was specific to one developer who was using a similar app name and the lead Signal dev basically told them specifically to not use their network.
Almost every other Signal client since then even report to Signal’s servers as a third party client - and the signal devs can see this in their logs - and nobody has been kicked/asked to stop anything since.
I also seem to recall the issue may have been 3rd party clients unintentionally abusing the network at the time, causing issues for other users, so I can see the frustration from a dev perspective to potentially be woken up at midnight for an issue/outage affecting your users, that is caused or at least made worse by clients that are pegging their servers.
If anyone has more background or corrections, please let me know so I can update/edit my statement.
One of the main or even first rules for a lot of Mastodon is nobody is allowed say anything bad about
tansgenderorhomosexualityan will result in account delete or ban, that much censorship is a cult.
Lets rephrase that:
One of the main or even first rules for a lot of Mastodon is nobody is allowed say anything bad about
mexicansorblacksan will result in account delete or ban, that much censorship is a cult.
If you’d have said that in the 50’s (had mastodon been around), it would have been clear to anyone that you’re a racist. Read the room. The LGBTQ community is under attack for absolutely no reason other than ignorant people have drunk the kool-aide and think “the gays” have it out for them and their kids. Boo-hoo, so you can’t be a jerk towards the current minorities, if you have something bad to say about someone’s character, say it, don’t be afraid, but why would you seek to speak bad about an entire group of people? Sounds sketch AF.
It’s a “basic” Diffie-Hellman key exchange that’s been a solved issue since before mobile phones were even invented[0].
Think of it like this:
I give you a lock that only I have they key to open it. You can secure (read encrypt) any message with it by placing it in a box and locking it with my lock, send me the box and - because I’m the only person in the world with the key to open it, we can say you’re sending me a secured (encrypted) message. It doesn’t matter if anyone can intercept this lock because all they’ll be able to do is send me secure messages from their inbox. Now, in the digital world this lock we’re giving each other is a cryptographic “public key” that you can lock a million things with (messages, images, videos) and send them to me via the internet. We can thus exchange public keys and securely message each other.
I’ve simplified it a lot, as Signal actually uses something called the “Extended Triple Diffie-Hellman” (X3DH) [1], but I hope this explains how it works. You can read more about it here [2]
[1] https://www.signal.org/docs/specifications/x3dh/
[2] https://security.stackexchange.com/questions/45963/diffie-hellman-key-exchange-in-plain-english
Overall, it is used by opposition parties in countries like Russia, Belarus and Iran for day to day stuff, so it is fairly secure
I think this is overselling the “privacy” aspect of storing your personal messages on a server where the admins have complete access without you ever knowing if/what they’re doing with it.
Make no mistake, Telegram is as “private” as Facebook. They have access to all your data and as that data grows, it grows in value. It’s only a matter of time before they directly or indirectly exploit this (or get compromised) and all your “privacy” is out the window.
No hate towards Telegram, I’m sure its a great platform, but people should at least be aware that it’s basically the Pepsi to Facebook’s Coke.
Sessions developers dropped Signal’s Perfect Forward Secrecy (PFS) and deniability [0] security features. Personally I would not trust a product that drops an end-user security feature for the sake of making the developer’s life easier [1] .
Using existing long-term keypairs in place of the Signal protocol massively simplifies 1-1 messaging.
For those unaware, PFS protects your data/messages from future exploits and breaches. With PFS, each message’s encryption is isolated, preventing compromise of current and past interactions [2].
A simple example to illustrate why PFS is beneficial. Lets assume any 3 letter agency is collecting all Signal/Session messages - on top of the tons of data they’re already capturing. The great thing is that your messages are encrypted, they can’t see anything - YAY - but they’re storing them basically forever.
Two ways they may be able to compromise your privacy and view ALL your messages:
-
A flaw is discovered that allows them to crack/brute force the encryption in weeks instead of years/decades/eternity. If you were using Sessions, because you use the same key for every message, they now have access to everything you’ve ever said. If you were using Signal, they have access to that one message and need to spend considerable resources trying to crack every other message.
-
Your phone is compromised and they take your encryption keys. If you were using Sessions, this again gives them access to your entire message history. If you were using Signal, because the keys are always rotating (known as ephemeral) they can only use them to unlock the most recent received messages.
It’s important to state that both cases above only really matter if you delete your messages after a certain time. Otherwise, yes, all they have to do is take your phone and get access to your entire message history - which is why ephemeral messaging (i.e. auto deleting messages after a certain time) is crucial if you suspect you may be targeted.
[0] https://getsession.org/blog/session-protocol-explained
[1] https://getsession.org/blog/session-protocol-technical-information
I concur.
The services/platforms/networks on ActivityPub, for the most part, serve as a public forum. I don’t expect privacy in that context and others shouldn’t either.
I personally believe we shouldn’t conflate the two (private/public spaces) and have private End-to-end encrypted messaging via an alternate platform/service to ensure people don’t mix them up - maybe something like Matrix, since that’s also federated and self-hostable. But that’s just my opinion.
“Popular,” and even “ease of use,” are not relevant for the label of Gold Standard when we’re talking about security
First, ease of use is absolutely relevant when it comes to security. If it’s too technical, difficult, or confusing, nobody will use it. Just look at how prevalent PGP is in emails - it’s basically doesn’t exist outside of niche nerd circles. What percentage of Linux admins ever deal with SELinux before getting told to just us AppArmor because it’s easier? So yes, ease of use is a factor.
Second, ‘security’ is too broad a topic. I don’t see a point in debating what is “the best” if a threat model isn’t outlined first.
I originally stated “Signal is the gold standard for encrypted private messaging”, which stands true regardless of other security features because it defaults to end-to-end encryption for everything by default and works out of the box. At the end of the day your messages are guaranteed to be encrypted and private - anonymity is not in the equation.
That said, I did bring up the point about leaking metadata, but looking at SimpleX I see that even they claim [0]:
The protocol does not protect against attacks targeted at particular users with known identities - e.g., if the attacker wants to prove that two known users are communicating, they can achieve it. At the same time, it substantially complicates large-scale traffic correlation, making determining the real user identities much less effective.
So, without digging much into it, it seems there’s some limitations to your claims about SimpleX’s superiority to Signal in terms of even anonymity.
Jami
I tried it when it was called Ring, tried it again sometime after the name change. It’s a P2P messenger that provides E2EE. The architecture means all metadata leaks to ISPs and the internet. So you should be using it with Tor (or some other layer), and because your contacts also need to do that, and one of them is bound to fuck up, it’s better to use either something that’s metadata-resistant by default (like Briar) or to stick to Signal. Also, because its P2P, it requires both parties to be online to even work - at least last I tried it. This doesn’t work in the modern world.
Tox
Without getting into the various security issues over the years (here are two recent ones [3] [4], one which allowed remote code execution!), the Android client is spartan to say the least, and there’s no iOS client [1], making this unusable with half the people I’d like to communicate with in the US. Your regional mileage may vary [2].
Confide
Isn’t even open source so completely out of the question - security through obscurity, as the story post about the Converso apps proves, cannot be trusted.
I’ll skip the rest as I’ve already spent too much time on this, but I will say I do believe Threema might be as good if not better than Signal, but it’s a paid app and it’s hard enough to convince friends/family to get onboard with a free app, never mind something that requires payment.
[0] https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md#trust-in-servers
[1] https://tox.chat/clients.html
[2] https://www.statista.com/statistics/236550/percentage-of-us-population-that-own-a-iphone-smartphone/
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44847
[4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25022
I’ve read from SME’s that Signal is the gold standard for encrypted private messaging. I haven’t seen that claim of any other messenger. What are the alternatives?
I’ve tried Briar and that seems like it may be good in 5+ years, but not something I’d ask non-techy people to use in its current form. Sessions dropped Perfect Forward Secrecy because it was too hard to make it work. I don’t want security features dropped just because they’re “hard” so that’s an immediate no from me. What are viable alternatives that don’t leak metadata?
Looks like Mullvad has this regarding the changes being made in their browser: https://mullvad.net/nl/browser/hard-facts
So we’re trusting Tor but not Mullvad who collaborated with the Tor Project [0] to create this browser?
… developed in a collaboration between Mullvad VPN and the Tor Project
Who’s behind Librewolf and Ungoogled Chromium that we should trust them over Mullvad?
Even Librewolf recommends you use Tor [1].
Can I use LibreWolf with Tor?
Please don’t.
The Tor network is designed to give you complete anonymity, but it can be compromised if you use it with any browser other than the Tor Browser. If you want anonymity, download the Tor Browser.
They’re all open source projects, how do you define who should/shouldn’t be trusted? Seems rather reactionary to discredit Mullvad without any evidence when the alternatives provided suffer the same issue - who’s behind the project and how do you establish trust?
Lastly, Ungoogled Chromium provides almost no privacy enhancing features by default [2], so how could this be a recommended as a privacy preserving browser?
ungoogled-chromium features tweaks to enhance privacy, control, and transparency. However, almost all of these features must be manually activated or enabled.
Lets discuss real alternatives and real issues, not jump to conclusions and throw everything out because it’s not “perfect”
“Don’t let perfect be the enemy of good” and all that.
[0] https://mullvad.net/en/browser
[1] https://librewolf.net/docs/faq/#can-i-use-librewolf-with-tor
[2] https://github.com/ungoogled-software/ungoogled-chromium#objectives
A quick rebuttal of some points you made. Not going too in depth as I just want to provide my perspective:
- CIA Funding:
-
- This is a non-issue. The OTF also funds: Briar, Tor, Wireguard, Delta Chat, Bind9, CGIProxy, CertBot, K-9 Mail, Tails, NoScript, QubesOS, The Guardian Project, and a host of other essential privacy tools/software. You’re telling me they’re all compromised just because they’re getting funded? I don’t buy it.
- A Single, Centralized, US-based service
-
- The Code is open source and Android has reproducible builds, iOS would have them too, but it’s impossible based on the way Apple’s build process works. Lastly, Signal’s devs/infra exist in the US, they have to exist somewhere, why not the country of origin? With the code being open/reproducible, you don’t have to trust them.
- Phone # Identifiers
-
- This is to make onboarding easier and minimize spam - I got my grandma to install it and find the rest of the family on Signal VERY easily. Trying to get her onboard with Matrix/Element or even Briar would have been a struggle. I like Briar, but its not ready for mainstream yet. I also like Element, but I don’t believe it’s quite a text/sms replacement like Signal is - in addition to leaking metadata.
- Social network graphs
-
- Here you mention metadata, so I’ll ask which other provider goes to the lengths that Signal does to minimize the collection of metadata? And please read over how Sealed sender works before you claim its easy to circumvent. You deride their implementation and claim how easy this is to collect without understanding what’s going on under the hood.
- Abandonment of Open source
-
- This is a stretch. Signal is a non-profit. They don’t have the same funding or staffing as their competitors and all their code is current. Yeah, they let it get out of sync for a while, they’re human, not robots. Don’t let perfect be the enemy of good.
- Bundling a Cryptocurrency
-
- What does a messaging platform have to do with crypto/payments? I don’t know, you should ask every other big player who is also trying to get in on the game hoping to siphon even more data from everyone’s purchases.
I do want to close by saying that Signal is definitely not the end-all-be-all of secure messaging platforms, but it is currently the best for mass adoption. I’m keeping my eyes on Matrix, Sessions, and Briar, but can’t say they’re ready to “go mainstream” yet.
Anyone following anyone interesting on Nostr? Tried it for a while and while the tech is cool I felt it was missing a good collection of people. All I ever saw was crypto scams and self referential memes/discussions about how cool Nostr is - which I agree - but that’s not what I’m interested in.