this post was submitted on 24 Jul 2024
93 points (92.7% liked)
Privacy
31980 readers
305 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's a non-profit run by ex-CIA people that's hosted centrally in US, and being aggressively marketed as the only legitimate means of secure communication. Any time somebody points out the many problems associated with Signal, people swarm in to defend it as the one perfect secure chat platform that everybody should be using. Weird!
Yup, I got dogpiled with smarmy comments downplaying my pointing out that the Open Technology Fund (that's affiliated with Radio Free Asia) audited the Signal Protocol. I still try to get people to switch to it from SMS or Whatsapp (with limited success, an ex was one of the few who already had it installed prior... cuz of their dealer), but it's not like I have any illusions of organizing the revolution on the app
So what is your suggested platform?
I think if you really care about privacy then you basically have to run your own for people you know and trust. At that point it doesn't really matter what it is. It also depends on your threat profile. If you don't actually care that people know your contact network, then Signal or any other app is perfectly fine. For vast majority of people it really doesn't matter. The point is that Signal isn't a good solution for people who do genuinely care about privacy.
Running your own isn't a great answer as that doesn't necessarily mean it is secure. I personally like Simplex Chat and Briar. Matrix would be on the list if it was a little bit more stable.
Running your own server doesn't necessarily mean it's secure, but it's a lot more likely to be secure than a server somebody else runs. The very fact that the server is only used by a handful of people you know and trust makes it infinitely more secure. Also as you say in your other reply:
and this Matrix? https://github.com/libremonde-org/paper-research-privacy-matrix.org/blob/master/part1/README.md
Matrix has a habit of eating my chats. They will suddenly be all "message can't be decrypted"
I like Simplex Chat
I feel like it being founded by ex CIA people is really not important. They aren't actively working for the CIA and chances are they know the threat they face. Best to just ignore that part and focus on the technical details. At the end of the day any server you don't control shouldn't be trusted.
I feel like it's very important in terms of understanding the potential goals and motivations of people working on a particular piece of technology. Just because they say they're ex-CIA absolutely does not mean they're not actively working for them. While technical issues are obvious here, that's not always the case. For example, there's a famous case where NSA suggested using a particular configuration that made SSH vulnerable. There was nothing that would jump out at anybody as being nefarious because you had to already know that a particular exploit existed to notice it. However, questioning the intentions of the NSA in this scenario would've helped avoid the exploit.
https://thehackernews.com/2015/10/nsa-crack-encryption.html