this post was submitted on 16 Oct 2023
195 points (97.1% liked)

Privacy

32456 readers
1178 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Like the title states looking for E2EE apps (Android and iOS) without going into much details or needs to be robust enough and easy to use for anyone and stable for operations that are susceptible to constant electronic warfare. I did some research and thought about replacing Signal with Molly and wondering if it will still work if Signal leaves the EU, but am also worried about its updates to patch vulnerabilities in a timely manner. I appreciate the help I am a “Jack of all trades and master of none” when it comes to these types of programs, but am also the go to currently in my unit since I am somewhat knowledgeable about exploits and attacks that can compromise systems would be great if there was an desktop as well (like Signal) and would also be nice if it was FOSS and auditable ( I know that’s kind of redundant ) I know it’s a tall order to ask but figured I would try. I really appreciate the help so much and hope I did things by the rules here and don’t get flamed if this has already been covered ( I searched but my skills with searching the fediverse is low

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 87 points 1 year ago* (last edited 1 year ago) (2 children)

Can you please link an article or something explaining what you're going on about? When was this announced?

Edit: guessing it's related to this. https://cyberlaw.stanford.edu/blog/2023/06/eu-member-states-still-cannot-agree-about-end-end-encryption

If so, banning E2EE because of CSAM is like cutting off your hand because you stubbed your toe. Banning E2EE won't stop child porn nor will it prevent the use of E2EE.

[–] [email protected] 90 points 1 year ago (1 children)

Unfortunately, It's not about ending CSAM. It's about ending encryption.

[–] [email protected] 28 points 1 year ago (2 children)

If they cared about ending CSAM they'd ban...checks headlines...police officers

load more comments (2 replies)
[–] [email protected] 11 points 1 year ago (1 children)

Yes, [https://www.patrick-breyer.de/en/chat-control-2-0-eu-governments-set-to-approve-the-end-of-private-messaging-and-secure-encryption/](https://www.patrick-breyer.de/en/chat-control-2-0-eu-governments-set-to-approve-the-end-of-private-messaging-and-secure-encryption/ This is exactly how I feel I don’t understand the logic behind this at all.

[–] [email protected] 45 points 1 year ago (1 children)

Understanding is simple. Every few years, 5 or 8 or 10, there's a big marketing push and brain wash around trying to destroy encryption by using the excuse of CSAM. Nothing new, a play as old as ever. It's basically (and really the whole point) trying to pass mass surveillance into law hoping that people forget the arguments of the last time or that people are not paying attention or trying to put it wrapped into a different gift wrapping and see if it goes into effect before anyone notices. The time frames for these things are getting smaller and smaller and more and more people don't care at all about privacy and basic rights and are ok with things like mass surveillance. It will eventually pass.

[–] [email protected] 10 points 1 year ago (2 children)

It's a real shame the eu is doing this. I've agreed with most of their policies recently regarding IT and phones.

I don't agree with that stupid cookie shit though.

I just felt that there was a lone voice of reason trying for a better future but I guess we are on our own.

[–] [email protected] 6 points 1 year ago (1 children)

As a fellow cookie warning hater, the Firefox extension "I don't care about cookies" is great. It'll dismiss the box.

[–] [email protected] 7 points 1 year ago

And please keep the reminder that most cookie popups are not required and it's mostly bad actors/companies that keep insisting on being annoying by saying they are just complying when in fact they are forcing all that on purpose on us users so we turn out heads to hate on the law instead.

load more comments (1 replies)
[–] [email protected] 73 points 1 year ago (4 children)

Pretty sure signal won't be forced to do anything:

Encryption plays an essential role in securing communications. The international human rights law test of legality, necessity and proportionality should be applied to any measures that would affect encryption. Both the UN Commissioner for Human Rights[1]and the European Data Protection Supervisor[2]have concluded that the EU’s proposal for a regulation on child sexual abuse material fails this test[3].

this is from May this year, when Spain proposed this. How in the everliving fuck the EU can get away with violating human rights?

So yeah I'll eat my hat unsalted if this actually will break encryption

[–] [email protected] 34 points 1 year ago (2 children)

If they actually ban E2EE, I’d like to see all banks, for a start, and most web sites, downgrade https to http. See how long the ban will last then.

“I was just following the law!”

[–] [email protected] 16 points 1 year ago

It’s ok the banks have a “too essential to be punished” card

[–] [email protected] 8 points 1 year ago

I give it a month before either the ECJ steps in or they quietly change the law/interpretation (Article 13/17 says hi)

[–] [email protected] 25 points 1 year ago (4 children)

you should eat it hashed and salted in protest.

load more comments (4 replies)
[–] [email protected] 18 points 1 year ago (1 children)

Well, they don't need to break encryption, since the scanning of messages is supposed to happen client-side.

[–] [email protected] 61 points 1 year ago (2 children)

I'd just like to point out that if Signal leaves the EU, it will most likely just mean that it's not available through the official app stores. With Signal updating itself, it's just a little inconvenient to install it on a new device, though, they even said that they'll try to make it as easy as possible.

[–] [email protected] 21 points 1 year ago (1 children)

Yup. At most, Signal gets removed from the Play Store. There's no meaningful way to block Signal, especially now that big CDN providers are starting to rollout Encrypted Client Hello.

load more comments (1 replies)
[–] [email protected] 42 points 1 year ago (1 children)

Much has been said about the idea of 'signal leaving UK or EU'. Little has been said about how exactly that would happen.

AFAIK, Signal has no business presence in the UK or EU. IE, no offices, no registered corporate entities. Thus, they (arguably) have no more requirement to comply with UK's or EU's regulations than, say, Iran's or China's or any other jurisdiction where they do not do business and have no presence.

Signal's leadership has a record of giving any regional restrictions the middle finger, so I doubt Signal would voluntarily block EU countries. So that means the EU would either pressure Google and Apple to delist Signal (easily worked around, at least on Android, and soon on Apple too as EU is trying to force sideloading) or they'd pressure ISPs to block connections to Signal (more or less impossible).

If EU tried to do that, it'd just create a giant game of whack-a-mole. And people doing real CSAM shit would just move to even more private distributed systems.

[–] [email protected] 18 points 1 year ago* (last edited 1 year ago)
[–] [email protected] 36 points 1 year ago (1 children)

XMPP or SimpleX. It's easy to block signal, given they require a phone number and the servers are centralized. But it's quite hard, potentially impossible, to block the federated XMPP network or the decentralized relay structure of SimpleX

[–] [email protected] 8 points 1 year ago (2 children)

You need to add encryption on top with OTR plugins or equivalent

Or use Matrix where it's on by default

[–] [email protected] 7 points 1 year ago (3 children)

i would argue that matrix is not decentralized enough (almost everybody is on matrix.org)

also all popular XMPP clients (conversations, gajim etc.) supports OMEMO and OpenPGP/PGP out of the box

load more comments (3 replies)
load more comments (1 replies)
[–] [email protected] 35 points 1 year ago

I would still use Signal. By ignoring bad laws you are turning the EU government into a laughing stock

[–] [email protected] 33 points 1 year ago (1 children)

You can just continue using Signal. All the alternatives will disappear from the app stores too unless they spy on you.

A recent alternative with even better privacy is SimpleX: https://simplex.chat/

[–] [email protected] 7 points 1 year ago (1 children)

the author has a lemmy community about it too: [email protected]

load more comments (1 replies)
[–] [email protected] 32 points 1 year ago (3 children)

How about Session or SimpleX?

Both are E2EE. Unlike Signal, they also have the benefit of not requiring a phone number, so your account isn’t linked to you that way. In my experience, Session feels more mature, having apps on more platforms and more reliable notifications. However SimpleX has some really nice features, like the ability to have multiple profiles (including hidden profiles).

load more comments (2 replies)
[–] [email protected] 27 points 1 year ago (1 children)

Signal. Any restriction can be bypassed

[–] [email protected] 25 points 1 year ago (8 children)
[–] [email protected] 13 points 1 year ago

I caution mentioning both Matrix, and Element as if they are synonymous -- they are not (I'm quite certain that that wasn't your intent, but the usage of the forward slash could be interpreted as such). It may lead to confusion for newcomers. It would essentially be the same as saying "I recommend ActivityPub/Thunder" to someone who you want to introduce to Lemmy. Matrix is the protocol, and Element is simply a client that interacts with the Matrix protocol.

I personally think that it's sufficient to recommend Matrix if one is mentioning chat-app alternatives. Of course, nothing is stopping one from also recommending a client, but I don't believe that it's entirely necessary.

load more comments (7 replies)
[–] [email protected] 22 points 1 year ago (7 children)

Take a look at the matrix network. Its decentralized like lemmy and the cryptography is on point. And it cant really be cencored due to this reason.

load more comments (7 replies)
[–] [email protected] 21 points 1 year ago* (last edited 1 year ago) (7 children)

https://www.privacyguides.org/en/real-time-communication/

If signal is banned all of these other apps will be banned, but maybe they'll not enforce it completely

Your best bet is to start using a privacy respecting VPN today, always on on your phone. Like Mullvad

[–] [email protected] 8 points 1 year ago

This, I already set Mullvad as an always on VPN and turned on all the content blockers there.

load more comments (6 replies)
[–] [email protected] 17 points 1 year ago* (last edited 1 year ago) (3 children)

The only alternative that's FOSS and not centrally controlled is Matrix. By being decentralized, anyone can run their own server and good luck stopping that.

There may be 200 other "alternatives", but they're irrelevant to the point where I consider then non-existent. Nobody has heard of them. Nobody is using them. Trying to push them on normal people will most likely result in them no longer talking to you as often or at all, and none of the other ones has any chance of reaching a critical mass. Matrix at least has some recognition among nerds and some, tiny amount of adoption outside.

Stop pushing random niche shit, it does privacy a disservice.

load more comments (3 replies)
[–] [email protected] 14 points 1 year ago

Briar, xmpp with omemo, matrix, jami...

[–] [email protected] 8 points 1 year ago (1 children)

I've been using DeltaChat (available on F-Droid) for a few months now.

What I like about it is that because it's email based, it uses OpenPGP for encryption, making it easy to have compatibility with other email-based solutions.

If you want to go the extra-secure route, you and your contacts can even self-host your emails - as long as you're not going to send messages to people on Gmail or other big providers, you can avoid your messages being treated as spam.

The multi-device support is still a bit rough around the edges, but has gotten better in the last few months since the app is under active development.

load more comments (1 replies)
[–] [email protected] 6 points 1 year ago

https://www.f-droid.org/en/packages/com.amnesica.kryptey/ This looks like a good backup plan that can't be banned very well.

load more comments
view more: next ›