this post was submitted on 23 Sep 2023
529 points (99.4% liked)

Technology

59581 readers
3164 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Meredith Whittaker reaffirms that Signal would leave UK if forced by privacy bill::Meredith Whittaker, the president of the Signal Foundation, the organization that maintains the Signal messaging app, spoke about the U.K.'s controversial new privacy bill at TC Disrupt 2023.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 11 points 1 year ago (3 children)

Yes. But signal is the gold standard, it's going to be hard to get your contacts onto any other platform.

https://www.privacyguides.org/en/real-time-communication/

Reviews the options nicely, I use briar, it's rough around the edges. But it does the job.

I've been meaning to try simple x, but I haven't given it a go yet.

You can follow the privacy guides guide on hardening signal, it's useful. Net net the easiest thing to do is disable your PIN, and ask any friends you're speaking with to disable their PIN.

https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/#signal-pin

[–] [email protected] 6 points 1 year ago

Why are you recommending people disable their Signal PINs? Best practice as far as I’m aware is to set a secure passphrase (rather than a 4 digit PIN) and to enable Registration Lock.

This article is the only one I was able to find with a recommendation that you opt out of setting a PIN, and even there they recognize that if you set a secure passphrase instead of a PIN, you aren’t reliant on SGX’s security anymore.

That article also doesn’t talk about how having a PIN is required to enable Registration Lock. Since Signal is dependent on phone numbers, disabling Registration Lock makes you vulnerable to account hijacking attacks. I would personally be more concerned about my contacts having their accounts hijacked - with the only indication of this on my end being that their Safety Number changed - than by them using a 4 digit PIN; if I were to recommend anything, it would be for them to use a secure passphrase (like an EFF dice-generated passphrase or a 12-word BIP39 phrase) and enable Registration Lock.

[–] Varyk 4 points 1 year ago

Okay, thanks. I'll read both of those articles and for now disable my pin on signal and talk to my contacts.

[–] [email protected] 4 points 1 year ago

Simplex is working pretty well for me. One of the people I chat with has an apple device so briar wasn't an option, otherwise that's probably what we would be using.