I never said anything to that effect. The ancestor comment discussed running Signal for Android inside an Android emulator for account creation, after which it could be linked to Signal desktop.

Someone could presumably fork Signal desktop to allow the scenario you’re describing, but I’m not aware of any such efforts.

I imagine search of server backups would be pretty hard to do securely. Better management of locally stored media would be nice, but you can sort by size, export, and delete media from inside the settings.

If anyone is actually going to get that right in a mainstream product, it will probably be Signal.

A phone number that can receive SMS is required, but it doesn’t have to be associated with the device that’s running Signal last I checked.

It would be nice if the backups were split into time-indexed files so I could move the old parts to cheap external hard drives and only keep recent backups on my expensive phone storage.

I never set auto expiry and often search messages. Sometimes it’s because I want to find a specific fact or datum from two years ago; other times it’s just for a reminder of a memory. On occasion, if the history wasn’t there, people might remember something important differently.

There seem to be two main arguments put forth here:

1. F-Droid does not thoroughly audit the apps it distributes, so they might include bad behavior that is not initially obvious.
2. It is theoretically possible to provide a package to F-Droid that does not match the source code it claims to be based on.

To which I respond:

1. No app store thoroughly audits the apps they distribute. You must ultimately decide if you trust the developer enough to run their app, or audit the code and build it yourself.
2. This creates a theoretical opportunity for a developer or maintainer to upload a package that doesn’t match its purported source code, but it’s possible to check for this manually, and to automate that process. It’s likely anyone exploiting this would be caught and their reputation tarnished. It comes back to the first point: do you trust the developer or maintainer enough to run their app?

If you have average security needs, you probably don’t need to worry about this. If you have reason to believe someone well-resourced and dangerous wants to compromise your phone, you should probably be extremely selective about what apps you install and where you get them.

It is increasingly unrealistic to entirely prevent children from having unsupervised access to internet-connected devices from a young age, but attempts to make it impossible for anyone under 18 to access porn are equally unrealistic, and often far worse than the problem they purport to solve.

With good parenting, the possibility of accessing porn won’t harm most kids. It’s not just about keeping them away from it, but about teaching healthy and realistic attitudes toward sex.

I agree, and I think my solution in combination with some filter lists addresses that problem pretty well. Very few eight year olds will have the ability or desire to bypass restrictions like that to look at porn.

Kids can’t use computers, and that’s not good for the world. If teenagers figure out enough about how the computer works to get around the parental controls and watch porn, I consider that a net win.

I don’t actually care if teenagers sophisticated enough to do that see porn.

In a January blog post, it said age verification should take place on users’ devices, such as through their operating system, rather than on individual, age-restricted sites.

The details of this are potentially problematic, as they could preclude the use of open source browsers and operating systems.

It would be great to standardize an HTTP header that says the user is underage, which could be sent by any OS/browser combination that has suitable parental controls.

Instagram and Tiktok are usable in a web browser, though they do want you to make an account.

Terms like “safe” and “private” are not binary.

Are the contents of your Signal conversations on an iPhone private with regard to mass surveillance conducted by governments and ISPs? Probably. Apple uses security and privacy as marketing points, and there are a whole lot of people looking for vulnerabilities in its products who are incentivized to disclose them (possibly with a delay for patches). Signal itself takes steps to prevent data leaks to less secure parts of the OS and other apps.

Would your conversations remain private in the face of a targeted attack against your device by a nation state willing to spend a significant amount of time and money when you’re using Signal on an iPhone that’s presumably used for purposes other than secure conversations with a small set of people you know? Almost certainly not.

Tried this; continued to see no ads for anything at all. Am I doing it wrong?

I use Matrix, and I’ve moved some conversations with people I met in public rooms there to Signal because it kept failing to transfer keys rendering it unable to decrypt messages. I haven’t seen that in a while so maybe it’s fixed, but I haven’t been using it for one-to-one conversations lately.

Unfortunately, I’ve found most people have a lot of resistance to adding another messaging app. I don’t really understand why that is, but it’s true. Asking someone to install a messaging app when I’m their only contact who uses it and they have another way to contact me has a success rate near zero.

What is this? A Twitter post?

Just about. JWZ is known for his cynical hot takes on tech in general.

I don’t think any of his complaints are invalid, though his conclusions are uncharitable at best. Making a communication tool that’s both reasonably secure and sufficiently palatable to people who don’t know how to use computers to achieve broad adoption is a hard problem with no perfect solutions. If he has a better idea, well… he’s a skilled and somewhat famous programmer; he’s better equipped than most to implement it.

That may be viable for some combinations of finances and lifestyle, but credit scores are used in interactions that don’t involve borrowing money. I’m inclined to believer they shouldn’t be, but I don’t make the rules.

I’m not sure what “safe” or “mostly private” means to you in this context. The Vodafone filtering proxy might stop you from visiting some websites that host malware.

It looks like it offers:

• A virus scanner or application firewall
• A filtering proxy intended for blocking websites known to be associated with malware
• A service that notifies you if certain personal details are published in public, but shady lists
• A filtering proxy intended for keeping kids from accessing content their parents don’t want them to

It is possible this would involve keeping a log of your browsing activity. Most of it doesn’t sound especially useful, especially in the likely-crappy form an ISP is going to provide.

Why do you need this if you don’t use analytics or store anything but a session? It looks like the GDPR and CCPA don’t require a notice or consent for session cookies, shopping carts, or similar features that are strictly necessary to provide functionality the user is intentionally accessing.

prevent screenshots or copying from an encrypted chat

Aside from the obvious analog hole, that’s only possible if the user’s device cooperates, which is never guaranteed.

There is no way to send messages to someone’s device and guarantee they won’t provide them to a third party. Technology can’t force an untrustworthy person to keep your secrets.

Signal does not attempt to stop me from taking screenshots, and all chats on Signal are encrypted.

The headline is a bit misleading. The government had a warrant to search the phone, which required repair before they could do so. The court ruled that repairing the phone was not a separate search requiring a separate warrant.

I’m surprised so many criminals are picking these niche services that haven’t had their security verified by trustworthy third parties. That’s just asking for trouble.

This comment assumes good faith. That is probably a mistake.

Google RCS, which is effectively just another proprietary internet messaging app despite being based on a standard at least claims to use end-to-end encryption, and is probably more resistant to mass surveillance than SMS. If those are your options, Google RCS is an upgrade.

I don’t think that’s necessarily true. What I do think is true is that there’s a chance some AI thing will be a trillion dollar investment, and the most motivating thing for VCs is fear of missing out on a giant score.

A nonprofit open source profit ought to have different motivations though.

That’s pretty much what I wrote in the comment box. The options for the multiple choice questions don’t really acknowledge that as a preference people might have.

You probably can’t fit a large enough explosive in a cell phone battery compartment to reliably crash a plane by exploding it anywhere in the passenger cabin, though that seems like more of an airport security thing than a customs thing.

I’m inclined to agree, and said so in the linked thread.

Lemmy thread and link.

Basically, anyone who can read your home directory could decrypt your Signal database. That’s about typical of traditional desktop applications, but questionable for security-oriented software. Mac OS and (sometimes) Linux have more robust credential management options, and Signal signaled (yes, pun intended) its intent to adopt them.

That’s probably what everyone using Lemmy would prefer to do, but some people believe it would negatively impact their ability to stay in touch with friends or family.

Lemmy will never do such a thing, but specific Lemmy servers might.

Mobile check deposit is the only thing I want from my bank’s app.

I’m running LineageOS with Magisk and Play Integrity Fix. That works for my bank’s app, but I’m annoyed that they make me do it and gave their app a 1-star review on Google Play for it.

Has anyone you talk to regularly asked you to install a specific messaging app? If so, do you actually see a downside to installing it?

If you want actual help with these issues, try the GrapheneOS forum.

I’ve found gos extremely frustrating

Some parts of this are probably unavoidable. High-security systems tend to be inconvenient, and using a non-mainstream operating system often means limited third-party support.

I’m facing the nearly insurmountable task of convincing my friends, family, and colleagues to download and use signal when they are all using encrypted iMessage.

For reasons I can’t figure out, it seems Americans hate the idea of installing any third-party messaging apps. Most Europeans I know have at least two.

Most of my banking apps just simply do not work.

There’s some information on the GrahpeneOS forum, but if the bank insists on using Google’s device attestation, you may not be able to do much other than raise hell with customer service (please do this).

This is one of the reasons I run LineageOS rooted with Magisk; there’s a bypass for Google attestation. That, of course does not have the same security-first goals as GrapheneOS.

Holding down on the space bar to move the text cursor between characters.

This feature exists on some Android keyboards including AOSP keyboard and Heliboard, which are open source.

Phones also have web browsers, and Instagram is usable that way (several years ago, it was not). It is possible that privacy protections will look like automated behaviors to their systems.

Using an app on a device that’s used for little else and has minimal data stored and apps installed on it also limits the potential for data leaks, though probably not as effectively as the browser, particularly when your browser is Mull.

I don’t think Instagram can read your Matrix conversations, but may be able to predict your interests with fancy algorithms or buying information from data brokers, even if it’s related to things you did on another device.

If you want to be more sure it’s not spying on your phone, uninstall the app and use it through your web browser.

I’m a little surprised by Twitter restricting an account for that. Of course I never believed Musk’s free speech rhetoric, but this isn’t a specific issue where I’d expect them to put their thumb on the scale so blatantly.

That may technically be true, but it’s currently very normalized. Do we actually want to denormalize it? Should the government know about every trivial transaction?

The alternative is safeStorage, which uses the operating system’s credential management facility if available. On Mac OS and sometimes Linux, this means another process running in the user’s account is prevented from accessing it. Windows doesn’t have a protection against that, but all three systems do protect the credentials if someone copies data offline.

Signal should change this, but it isn’t a major security flaw. If an attacker can copy your home directory or run arbitrary code on your device, you’re already in big trouble.