this post was submitted on 20 Sep 2024
46 points (76.1% liked)

Privacy

32165 readers
123 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Convincing people to use apps such as Signal is hard work and most can't be convinced. But with those you manage to convince, do you feel happy to talk to them on Signal?

The problem is these people use Signal on Android/IOS which can't be trusted and IOS has recently been in the news for having a backdoor. And it has also been revealed that american feds are able to read everyone's push notifications and they do this as mass surveillance.

So not only do you have to convince people to use Signal which is an incredibly difficult challenge. You also have to convince them to go into settings to disable message and sender being included in the push notifications. And then there's the big question is the Android and IOS operating systems are doing mass surveillance anyway. And many people find it taking a lot of effort to type on the phone so they install Signal on the computer which is a mac or Windows OS.

So I don't think I feel comfortable sending messages in Signal but it's better than Whatsapp.

These were some thoughts to get the discussion started and set the context.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 2 months ago (3 children)

This is the ideal scenario as I see it, in order of importance:

  1. industry-standard E2E encryption using open-source software on the client (privacy)
  2. distributed server network controlled by many entities (resilience)
  3. open-source, open-standards, interoperable software on both client and server (user autonomy)

As I understand it, the goldilocks solution is therefore the Matrix stack. BUT! It's hard to set up and nobody uses it!

The best real-world option, with feasible UX and an existing critical mass of users, is therefore Signal. It only fully meets the first criterion, yes. But personally I give it a bit of credit for the second too, in that it belongs to a non-profit foundation with multiple stakeholders, somewhat like Wikimedia. Signal will do while we're waiting for a proper email-like open standard for secure messaging.

[–] [email protected] 3 points 2 months ago (2 children)

the Matrix stack. BUT! It’s hard to set up and nobody uses it!

Is it really that hard? For me it was just downloading an app and creating an account--easier than setting up Facebook Messenger. I think it doesn't yet have the network that Messenger/Signal/Whatsapp have, which makes it harder to use with others, but setting up has been easy in my experience.

[–] [email protected] 4 points 2 months ago

They mean setting up your own server.

[–] [email protected] 1 points 2 months ago

Yes it looks a bit like the Twitter-Mastodon paradigm. Nobody uses it because nobody uses it. And also because changing is hard. And also because the installation and UX is bad. Which is partly because not enough people are using it.

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago)

There are several open protocols that meet your criteria that aren’t Matrix (with most of them using double-ratchet encryption similar to if not exactly like Signal). Due to server costs (Matrix eats a lot of RAM & storage), medium-sized entities usually bow out so the Matrix network largely consist of a few 1–10 user servers & massive centralization around Matrix.org & the hosted servers they provide. Since almost all the messages get synced to the Matrix.org server if just one Matrix.org user is in your room or whatever, all metadata will be synced to the mothership in Matrix.org that was originally funded by Israeli intelligence.

[–] [email protected] 1 points 2 months ago
  1. distributed server network controlled by many entities (resilience)

It only fully meets the first criterion, yes. But personally I give it a bit of credit for the second too, in that it belongs to a non-profit foundation with multiple stakeholders, somewhat like Wikimedia.

These two things are not at all equivalent, or even comparable.