473
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 06 Jul 2024
473 points (94.4% liked)
Privacy
30011 readers
1110 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 4 years ago
MODERATORS
Why is Signal almost universally defended whenever another security flaw is discovered? They're not secure, they don't address security issues, and their business model is unsustainable in the long term.
But, but, if you have malware "you have bigger problems". But, but, an attacker would have to have "physical access" to exploit this. Wow, such bullshit. Do some of you people really understand what you're posting?
But, but, "windows is compromised right out of the box". Yes...and?
But, but, "Signal doesn't claim to be secure". Fuck off, yes they do.
But, but, "just use disk encryption". Just...no...WTF?
Anybody using Signal for secure messaging is misguided. Any on of your recipients could be using the desktop app and there's no way to know unless they tell you. On top of that, all messages filter through Signal's servers, adding a single-point-of-failure to everything. Take away the servers, no more Signal.
Whats the next best alternative?
Meeting in person.
I'll organise a time and place to meet in person via ... Carrier pigeon?
We're citizens raging against phones Lazlow.
With a helicopter over you, loud music next to you, and a dude mowing next to you.
And no smartphone in your pocket, of course.
That depends on your threat model. What are you worried about?
(for Android) https://molly.im/
I can find the desktop client, am I missing something?
You're right, there isn't one, my apologies; I edited the comment.
You could use some kind of encrypted container on the desktop though, or maybe run it as a separate user that has an encrypted home folder. The problem is you need to define a threat model first. Depending on what you're afraid of, any particular "solution" could either be way overkill, or never enough.
Matrix or xmpp, bonus points with a personal server
Thanks to interest of late, the conversations and gajim apps have come a long way in recent years, and matrix has made good strides too with element-x
I'd tried matix but without a high level of technical experience it was pretty difficult to setup. I got as far as docker, that needed ansible, that wouldn't compile. I also recall there was services I could pay for, but then I'd rely on them to provide the security/servers.
Matrix doesn't seem for the majority of people taking a first step away from big tech.
Snikket is meant to be super simple to self-host. Ejabberd has a web GUI that can make configuration easier.
I would only ever suggest matrix if you're running a private self-hosted instance that is NOT federated, which you can do even easier with Signal anyways.
That's fine, but why?
It is a privacy and GDPR nightmare, basically all federated services right now are.
https://github.com/libremonde-org/paper-research-privacy-matrix.org/blob/master/part1/README.md
https://web.archive.org/web/20240611200030/https://hackea.org/notas/matrix.html
https://anarc.at/blog/2022-06-17-matrix-notes/
https://web.archive.org/web/20210804205638/https://serpentsec.1337.cx/matrix
Looked into anarc blog. What there wss said about Matrix can be said about SMTP and probably XMPP. To do GDPR you need to know every server you have sent message to. And compared to IRC defaults(forward and remove) anything will look like GDPR nightmare. GDPR was not designed for federated(like matrix and activitypub) communications and especially wasn't designed for peer-to-peer communications.
Interesting, thanks for the links I'll take a look
Only with appservices. Doesn't make sense otherwise.