Under Meredith Whittaker, Signal Is Out to Prove Surveillance Capitalism Wrong (www.wired.com)
from neme@lemm.ee to technology@lemmy.world on 28 Aug 2024 16:05
https://lemm.ee/post/40876447

#technology

threaded - newest

sunzu2@thebrainbin.org on 28 Aug 2024 16:42 next collapse

How much signal and she spend onnthis shameless self promotion.

JFC, if anything she is taking signal the wrong way and going the way of mozilla IMHO

Signal is a good product but there is a lot areas where it can do better... Have gotten any new features over last 5 years? Besides aliases?

What are they working on?

Seen interesting discussions about how signal is farming our meta data to the feds, I was clowned a few years back on this hot take. I am very regarded though. Can anyone pitch on this tinfoil?

Main looking to understand if that is even technically feasible?

Im_old@lemmy.world on 28 Aug 2024 16:46 next collapse

(almost) anything is possible with a CIA black fund budget. I’ve moved to Simplex chat and not looked back.

sunzu2@thebrainbin.org on 28 Aug 2024 16:50 collapse

I feel that but people can't just move since we need somebody to talk on these super duper 69 layer quantum resistant protocols.

Looks simolex is gunning for the crown nowadays tho but there other viable contenders baking.

Once new leader arrives, going to need to tell my group we migrating again 🤕

Zoot@reddthat.com on 28 Aug 2024 18:41 collapse

Why? Just stay on Signal. For the time being it is one of the leaders in private communication.

Though, if you truly need secure private conversations, you would want to move around a lot anyway.

sunzu2@thebrainbin.org on 28 Aug 2024 18:56 collapse

For now it is the gold standard but I don't trust the leadership and their PR approach.

I won't move until I can justify moving my friends over and right now there is no alternative

ABCDE@lemmy.world on 28 Aug 2024 16:54 next collapse

I was clowned a few years back on this hot take. I am very regarded though. Can anyone pitch on this tinfoil?

?

underwire212@lemm.ee on 28 Aug 2024 17:29 next collapse

Yeah idk I’ve read it like 4 times and still struggle to find a coherent thought here.

deranger@sh.itjust.works on 28 Aug 2024 17:46 next collapse

Poster was made fun of in the past for saying Signal gave metadata to the feds. He has a learning disability (regarded = deliberately misspelled R slur). They’re looking for someone else to corroborate the metadata claim.

That’s my interpretation at least.

sunzu2@thebrainbin.org on 28 Aug 2024 18:02 next collapse

You sir ain't only a linguist but a regard whisper too!

Thank you for the service!

Lost_My_Mind@lemmy.world on 28 Aug 2024 19:11 next collapse

“Retarded” is not a slur. It’s a medical term. “Idiot” is a slur that roughly means the same thing, though not nearly as far.

noodlejetski@lemm.ee on 28 Aug 2024 20:36 collapse

“Idiot” is a slur that roughly means the same thing

“idiot”, “moron”, “cretin” and “imbecile” were all medical terms once and described different levels of intellectual disability, but they fell out of use and are now considered offensive. language changes, and context is important.

CosmicTurtle0@lemmy.dbzer0.com on 28 Aug 2024 19:45 collapse

They did a blog post about how the feds had made a second attempt to get metadata from them and they could only provide two fields of information: the date the account was created and the last time it connected to the service.

It’s in the public record as well if I’m not mistaken.

sunzu2@thebrainbin.org on 28 Aug 2024 20:44 collapse

The issue that if they were under FISA order or some other such shit, legally they would have to say what feds tell them, ie they would not be able to say and we give feds your logs.

Question is whether they can technically collect the logs which is tinfoil i am following up on.

Basic opsec thinking, if it is technically feasible, you must assume it is happening. This is game 101.

So here we are trying to prove a negative but nobody also is able to provide anything beyond, trust signal bro.

jollyrogue@lemmy.ml on 29 Aug 2024 00:20 collapse

They probably have turned over logs because legal persuasion, and it sounds like they anticipated that. Moxie has been around the cypherpunk scene for a while, so they knew what they’re doing.

Plus the paper on the double ratchet algorithm is out there. en.m.wikipedia.org/wiki/Double_Ratchet_Algorithm

jollyrogue@lemmy.ml on 29 Aug 2024 00:13 collapse

Signal uses Google Cloud Platform for their servers, for one.

Then I think it’s something to do with metadata.

helenslunch@feddit.nl on 28 Aug 2024 16:54 collapse

Wow, this is truly a hot take.

How much signal and she spend onnthis shameless self promotion.

Why would she/they do that? Did you realize they’re a nonprofit?

if anything she is taking signal the wrong way and going the way of mozilla IMHO

Oh no, not that awful non-profit Mozilla…?

Signal is a good product but there is a lot areas where it can do better…

The same could be said for literally every product.

Have gotten any new features over last 5 years? Besides aliases?

Aliases is kind of a big deal. They also added stories which, despite what the internet might have you believe, was one of the most popular feature requests on the Signal message boards for many years. They created the first and only private and secure social media platform in existence.

Keep in mind everything they do is 10x harder because it has to meet stringent safety and security requirements.

Check out the handle @SignalUpdateInfo@mastodon.world to see a detailed breakdown of added features.

Seen interesting discussions about how signal is farming our meta data to the feds.

That’s a bold claim that I assume has some sort of evidence?

sunzu2@thebrainbin.org on 28 Aug 2024 17:00 next collapse

Does signal meta data allow for signal to time stamp witu who you communicate using their app and servers?

Side note, PR like that costs about 15k fyi

helenslunch@feddit.nl on 28 Aug 2024 17:07 collapse

Does signal meta data allow for signal to time stamp witu who you communicate using their app and servers?

No. They use your phone number as your identifier (unfortunately, probably for spam evasion) and the only piece of metadata they keep is the last time that # connected to the server.

We know this because Signal has disclosed subpoenas publicly.

Side note

No its not.

PR like that costs about 15k fyi

…and? My question remains.

sunzu2@thebrainbin.org on 28 Aug 2024 17:59 collapse

  1. @yogthos what you got to say for this one?

  2. Verge doesn't run flulf for free. This is PR 101. But I trust you bro

helenslunch@feddit.nl on 28 Aug 2024 18:10 collapse

Verge doesn’t run flulf for free.

The Verge makes money the same way almost every modern media publication does; advertising to their readers.

sunzu2@thebrainbin.org on 28 Aug 2024 18:57 collapse

Re-read what you wrote... JFC

This can't be serious

scytale@lemm.ee on 28 Aug 2024 17:04 collapse

They also added stories which, despite what the internet might have you believe, was one of the most popular feature requests on the Signal message boards for many years

This was weird for me personally. I consider Signal a messaging tool which in my mind is separate from an actual social media app, so it was a bit of a head scratcher for me to see stories as a very popular feature request. I don’t really care about sharing “stories” in that format to my contacts or seeing theirs, but then again that’s just me.

helenslunch@feddit.nl on 28 Aug 2024 17:09 collapse

And I don’t care about what you think about it. If you don’t like it, disable it, and it’ll be like it was never there. Simple as that.

Like I said before, they created the first and only private and secure social platform. Nothing else like it exists or has existed. Personally I find that super valuable.

scytale@lemm.ee on 28 Aug 2024 17:23 collapse

Lol calm down, no one’s trying to fight you over Signal being the best private messaging platform. I was just sharing that it was weird to me how stories was one of the most sought out features from users.

helenslunch@feddit.nl on 28 Aug 2024 17:30 next collapse

And I just don’t understand why so many people feel compelled to share their feelings about it any time it is mentioned.

sunzu2@thebrainbin.org on 28 Aug 2024 18:00 next collapse

It is the internet and we are on a discussion board lol

mark3748@sh.itjust.works on 28 Aug 2024 21:16 collapse

You made a post in an open, public forum and you’re confused why others would like to discuss the things that you posted?

helenslunch@feddit.nl on 28 Aug 2024 21:18 collapse

I don’t understand why people feel the need to derail the discussion every time it is mentioned.

ThrowawayPermanente@sh.itjust.works on 28 Aug 2024 21:57 collapse

In the future please be sure to get your opinions approved by the comment thread captain before sharing them publicly.

Frozyre@kbin.melroy.org on 28 Aug 2024 17:15 next collapse

Bless the era of technology where Signal and ProtonMail exist.

chemicalwonka@discuss.tchncs.de on 28 Aug 2024 17:55 collapse

Signal yes, Proton I have my doubts

Live_Let_Live@lemmy.world on 28 Aug 2024 17:57 next collapse

Like?

noodlejetski@lemm.ee on 28 Aug 2024 18:00 collapse

like them embracing Bitcoin and “AI”

sunzu2@thebrainbin.org on 28 Aug 2024 18:09 next collapse

Embracing is a strong statement... Their core product are their core products.

[deleted] on 28 Aug 2024 19:03 next collapse

.

[deleted] on 28 Aug 2024 19:23 collapse

.

[deleted] on 28 Aug 2024 19:27 collapse

.

exanime@lemmy.world on 29 Aug 2024 11:35 collapse

Having a Wallet and calling that embracing Bitcoin is like saying they embrace spam because they have an email client

BassTurd@lemmy.world on 28 Aug 2024 18:01 collapse

I think yours is the first comment I’ve read that has Proton hesitancy. I’m curious what your reservations are.

aStonedSanta@lemm.ee on 28 Aug 2024 18:49 next collapse

I keep hearing they are CIA lmao.

Zetta@mander.xyz on 28 Aug 2024 18:56 next collapse

I actually don’t know what people’s hesitancy is, but I’ve seen numerous people say proton is not good, we’ll see if anybody chimes in with a reason.

forgotaboutlaye@lemmy.world on 28 Aug 2024 20:54 next collapse

I’ve seen doubt of it’s push to pack products into it’s offering ala Google - however I don’t see that as enough to call it not good.

It’s also very easy (and suspicious imo) for anyone to call a service not good without any reason to back it up.

ElegantBiscuit@lemm.ee on 29 Aug 2024 03:15 collapse

I see that as offering services that people clearly use and value, and that the bills have to be paid somehow. So as long as proton can deliver the privacy and security features it promises, I personally don’t see anything wrong with providing an alternative when the only other options are built on monetizing your data.

Frozyre@kbin.melroy.org on 28 Aug 2024 23:54 next collapse

The one and only critique I'll give to Proton is how they have it where you can have Google e-mails forwarded to you to your Proton address.

And it's like...why? The entire reason you're going to ProtonMail is to escape Google. Why the hell would you want Google to try and pry into your Proton usage when all you want is to distance yourself from them?

01189998819991197253@infosec.pub on 29 Aug 2024 01:41 next collapse

That’s not everyone’s privacy posture. Some people use Proton to hide, some people use it to secure, some for both. If your goal is to secure, google’s antiprivacy isn’t against that.

I’m with you, though.

dubyakay@lemmy.ca on 29 Aug 2024 02:47 next collapse

You set up the forwarding in google, not proton. You mark the forwarded emails in your proton mailbox. You forward the emails to your proton account until you changed all the sources that you care about from your google to your proton mailbox. Then you turn off forwarding.

Google never gets any more data from you except your protonmail address.

sugar_in_your_tea@sh.itjust.works on 29 Aug 2024 03:28 collapse

It’s really nice for the transition period. I personally forward my email to Tuta, which lets me slowly convert my services to my new address. I have my most important ones switched over now, but I had to switch dozens over (I would do 3-5 at a time, which was a pain).

I’ll probably leave my gmail forwarding to my Tuta account, just because there’s no way I’m going to go though every single service I have ever used and switch it over, and inevitably some contact will continue using my old email.

As far as Google goes, all it knows is that it’s getting less and less emails, and that what remains is being forwarded to <email>@tuta.com. But that’s not my main email address though, it’s just the one I set the account up with. I actually use <name>@<custom domain>, and I have a bunch of aliases configured for each type of account (e.g. <name>-banking@<custom domain> for my bank accounts, <name>-bills@<custom domain> for utilities and whatnot, etc). But that’s still not my actual, personal email, which is <name>@<different custom domain>, and I only give that one to my family and friends.

So in short:

  • gmail -> tuta.com email - all Google knows about
  • random online accounts -> custom domain 1
  • family/friends -> custom domain 2

If I can convince my SO to switch, I’ll give them an account at custom domain 2 and tell them to only use it for personal contacts, and to have everything else go through their old gmail or a Tuta alias. If I ever decide to switch to Proton, I’d have to transition all of those custom domain 1 emails to some proton aliases (unless I pay for the higher tier), which would be a pain, especially since the main reason I use these custom domains is to make it easier to switch services (e.g. just point my DNS records to the new host).

vulgarcynic@sh.itjust.works on 29 Aug 2024 17:35 next collapse

I often figure it’s google bias and / or people trying to impose their threat models on other people.

Been using proton for quite a while with a few custom domains and am impressed with the service to price of their offerings.

We can one off use cases with any vendor, but at the end of the day, they offer a more secure out of the box experience than just about any other platform out there. If someone is doing illicit shit and gets popped, it’s not on the service provider to provide air cover for them. Improve your opsec or self host.

Bakersfield@lemmy.world on 30 Aug 2024 09:30 collapse

The email service says it was unable to appeal a Swiss court’s demand to log the IP address of a French climate advocate.

This weekend, news broke that the anonymous email service ProtonMail turned over a French climate activist’s IP address and browser fingerprint to Swiss authorities. The move seemed to contradict the company’s own privacy-focused policies, which as recently as last week stated, “By default, we do not keep any IP logs which can be linked to your anonymous email account.”

Edit: formatting

linearchaos@lemmy.world on 28 Aug 2024 20:27 next collapse

Not OP

There’s not a lot of negative press about them.

They complied with Swiss government requests to out the IP of a French activist.

It looks like they’re really doing the best they can.

MiltownClowns@lemmy.world on 28 Aug 2024 20:49 next collapse

Correct. They comply with court orders, its a business. People still need to be secure in how they use it, which that guy wasnt. So if you’re attempting to evade the government, use a vpn. All your data is encrypted, where you access it from and your billing information cannot be.

linearchaos@lemmy.world on 28 Aug 2024 20:53 collapse

Do keep in mind proton also runs a VPN he may have been running their VPN and they complied.

mildlyusedbrain@lemmy.world on 28 Aug 2024 23:15 collapse

If he was using their VPN, they wouldn’t have been able to turn that over according to their own site: protonvpn.com/features/no-logs-policy#:~:text=No-….

sunzu2@thebrainbin.org on 29 Aug 2024 02:24 collapse

They do have technical capability to do so. I just thing that is stopping then is "our trust"

pressanykeynow@lemmy.world on 29 Aug 2024 22:11 collapse

They do have the capability to not have the data requested. If they are not required by law(and it seems they aren’t), why store any data? They may have to provide data of the sessions that are active right now but it’s unlikely.

Frozyre@kbin.melroy.org on 28 Aug 2024 23:58 collapse

True but the guy was the one at fault and Proton had to comply. The French Activist was using ProtonMail e-mail for bad usages which is what it boiled down to. You left out the part where they complied with Swiss government yes but they didn't with the French authorities.

Yet it still comes down to people's own responsibility. But people love to throw that out the window and expect everything to protect them when they get up in shit.

Cryophilia@lemmy.world on 29 Aug 2024 04:36 collapse

The French Activist was using ProtonMail e-mail for bad usages

I don’t trust ANYONE to decide on my behalf what a “bad usage” is.

Frozyre@kbin.melroy.org on 29 Aug 2024 07:42 collapse

Piss off with your entitlement.

Cryophilia@lemmy.world on 29 Aug 2024 08:52 collapse

Do you fuck your mother with that mouth?

ElectroLisa@lemmy.blahaj.zone on 28 Aug 2024 23:27 next collapse

Not OP, I’ve heard criticism of their recent Duo subscription and their bitcoin wallet.

I use Proton services and my biggest gripe is their mediocre Linux VPN app. No binaries to download/Flatpak, advertised port-forwarding isn’t fully implemented and requires playing around in a terminal, and UI feels less polished than it’s Windows counterpart.

There’s a community made Flatpak of ProtonVPN though, in case it helps anyone

sugar_in_your_tea@sh.itjust.works on 29 Aug 2024 03:21 collapse

Honestly, I just use wg-quick to connect to VPNs, and I tested out ProtonVPN and it worked fine with it. I even set up my router to connect to ProtonVPN, so I could have a wifi network that’s always connected to their VPN.

But I’d really rather not have the same company host my VPN, email, and other stuff, I’d prefer to separate them a bit so no one company has a lot of my data. And something like a VPN really doesn’t benefit from bundling anyway, unless it’s bundled with a browser or something a la Mozilla VPN.

MigratingtoLemmy@lemmy.world on 29 Aug 2024 01:57 next collapse

Swiss laws aren’t as tight as a lot of people think.

I’d like for them to lean more heavily into open source

sugar_in_your_tea@sh.itjust.works on 29 Aug 2024 03:19 collapse

It’s probably tight enough for your needs. Unless you live in Switzerland or are breaking Swiss law, they’d need a really good reason to send your data anywhere.

That said, I use Tuta. They have a similar source model (open client, closed server) and are based in Germany, but since they’re an underdog, they have a bit more value and lower costs. I pay €3 and get 3 custom domains and 15 aliases, whereas w/ Proton I pay $4 and get just 1 custom domain and 10 aliases; I can also add people to my plan for €3, instead of upgrading to a Duo for $15 or family for $24. If Proton matched Tuta’s features, I’d probably pay slightly more for the better UX, but I use those features so I’m very hesitant to give that up. I don’t intend to use their VPN or other products, so I’m very much not interested in their higher tiers.

I do wish their server code was open source and self-hostable. I’d love to use my own storage, but still use their spam filtering and whatnot.

Cryophilia@lemmy.world on 29 Aug 2024 04:29 next collapse

Unless you live in Switzerland or are breaking Swiss law

That’s the thing though, governments tend to make everything illegal so they can selectively enforce.

Im_old@lemmy.world on 29 Aug 2024 11:50 next collapse

you might want to look at mailcow if you want to self-host your email server

Bakersfield@lemmy.world on 30 Aug 2024 09:22 collapse

It’s probably tight enough for your needs. Unless you live in Switzerland or are breaking Swiss law, they’d need a really good reason to send your data anywhere.

Unless you’re a climate activist in France:

“The email service says it was unable to appeal a Swiss court’s demand to log the IP address of a French climate advocate.”

sugar_in_your_tea@sh.itjust.works on 30 Aug 2024 14:57 collapse

My understanding is that they broke Swiss law. Don’t do that if you’re hosting your evidence in Switzerland…

Cocodapuf@lemmy.world on 29 Aug 2024 06:18 collapse

Yeah, I don’t trust proton mail.

First off, email is inherently insecure, trying to secure it is largely a waste of time.

Secondly, proton has complied with subpoenas in the past, revealing user messages to authorities/governments.

Finally, it’s just too centralized, with a single point of failure, why would you trust it?

trailee@sh.itjust.works on 28 Aug 2024 17:25 next collapse

Signal is the best thing going on in tech these days. I’m very glad it’s being led by Meredith Whittaker.

Did you know you can get a cool badge on your profile pic if you’re a recurring donor? $5 a month is far less than the value I get from it, but that’s all it takes for a cool badge (and knowing that you’re doing something active against the awful state of big tech today).

EK13@lemmy.world on 29 Aug 2024 12:12 collapse

Just to add to this, I also like to use the “donate for a friend” option to gift friends a donation to Signal on their birthdays. It’s also $5 but a one-off thing, they get a neat badge for 60 days and perhaps it raises awareness of the donation option a little bit!

Summzashi@lemmy.one on 28 Aug 2024 17:28 next collapse

Nobody is going to use Signal when it lacks so many features. Feels like MSN messenger compared to it’s peers.

Varyk@sh.itjust.works on 28 Aug 2024 17:31 next collapse

what do you mean? i use it a lot and it works great, photos, videos, phone calls, optional temporary location sharing with friends, and encryption.

what features do you want it to have that it’s lacking?

trailee@sh.itjust.works on 28 Aug 2024 17:42 next collapse

Don’t forget voice calls! It has some rough edges there (my audio doesn’t always connect successfully, etc), but when it works the codec sounds better than a standard phone call and there’s no mass surveillance. I use it in place of phone calls for all the people in my network who have it, including my immediate family.

Varyk@sh.itjust.works on 28 Aug 2024 17:45 next collapse

that’s a great point, i use the voice calls daily.

added above.

Valmond@lemmy.world on 28 Aug 2024 22:30 collapse

And video! Group video too!

vinyl@lemmy.world on 28 Aug 2024 17:48 next collapse

Yea we heavily use it in the army

Varyk@sh.itjust.works on 28 Aug 2024 17:56 collapse

very cool, i had no idea.

free, convenient, reliable encryption.

DoucheBagMcSwag@lemmy.dbzer0.com on 28 Aug 2024 17:57 next collapse

I’m guessing they probably want stickers or something

Edit: apparently this is available on signal so I have no fucking idea then

anarchrist@lemmy.dbzer0.com on 29 Aug 2024 03:52 collapse

Yeah you can even make your own stickers for free

Live_Let_Live@lemmy.world on 28 Aug 2024 17:59 next collapse

My guess is it heavily private and does not have channels

[deleted] on 28 Aug 2024 18:03 next collapse

.

noodlejetski@lemm.ee on 28 Aug 2024 20:33 collapse

does not have channels

except that it does. you can make a public group with a shareable link, and change permissions so that only the admins can post.

Bob_Robertson_IX@discuss.tchncs.de on 28 Aug 2024 18:58 collapse

Don’t forget, cross-platform!

Varyk@sh.itjust.works on 28 Aug 2024 19:04 collapse

i totally forgot, another great point

noodlejetski@lemm.ee on 28 Aug 2024 18:01 next collapse

very weak bait

Summzashi@lemmy.one on 29 Aug 2024 10:44 collapse

Judging from the comments, it seems like you’re wrong.

I_Clean_Here@lemmy.world on 30 Aug 2024 22:44 collapse

You suck, man

Summzashi@lemmy.one on 31 Aug 2024 05:41 collapse

Lol

big_slap@lemmy.world on 28 Aug 2024 18:21 next collapse

<img alt="" src="https://lemmy.world/pictrs/image/316651a6-0610-4c07-af51-a2349a78c860.jpeg">

Lost_My_Mind@lemmy.world on 28 Aug 2024 19:02 next collapse

I liked msn messanger when it was around.

Summzashi@lemmy.one on 29 Aug 2024 10:44 collapse

It was indeed great.

15 years ago.

Frozyre@kbin.melroy.org on 28 Aug 2024 23:51 collapse

That's not a bad thing. Maybe some of us don't want to be cluttered with a lot of things we don't really care for on using. God forbid we go back to simpler days of communication whereas now we've got things like Discord trying to charge people to pay actual money to have fancy little animations for your profile picture.

Is that what you think is missing? Stupid pointless things that make you feel special because you paid money for it when the true attraction should be focused on how much communicating can be efficient and caring about your privacy and security?

[deleted] on 29 Aug 2024 03:08 next collapse

.

[deleted] on 29 Aug 2024 07:41 collapse

.

Summzashi@lemmy.one on 29 Aug 2024 10:41 collapse

Did you really just tell somebody to kill themselves over the preference if a messenger app lol

Summzashi@lemmy.one on 29 Aug 2024 10:42 collapse

Is that what you think is missing?

No.

The rest of your incoherent essay is now useless.

[deleted] on 29 Aug 2024 12:05 collapse

.

Summzashi@lemmy.one on 29 Aug 2024 12:35 collapse

You seem like a very stable and rational person.

kbal@fedia.io on 28 Aug 2024 18:38 next collapse

I wish Signal was developed more openly, more like the linux kernel for a "critical infrastructure" example. I wish it had more features, so it could take the place of something like Slack. I wish it supported interoperability like fedi.

But it's good for what it is and I sure am glad it's around. People who disrespect it don't know what they're talking about.

ninjaturtle@lemmy.today on 28 Aug 2024 19:04 next collapse

Isn’t matrix more like slack that you are looking for?

paraphrand@lemmy.world on 28 Aug 2024 21:05 collapse

When it comes to security, I don’t think it’s close at all.

asdfasdfasdf@lemmy.world on 29 Aug 2024 00:18 collapse

Why not? I thought it had very good security. It’s E2E encrypted and the government of France uses it.

paraphrand@lemmy.world on 29 Aug 2024 01:38 collapse

Maybe I misunderstood. I thought I heard about terrible security implementations relating to matrix servers.

Edit: I think I was remembering this: arstechnica.com/…/matrix-patches-vulnerabilities-…

Looks like I’m mostly wrong.

M500@lemmy.ml on 29 Aug 2024 11:36 collapse

A while back people had a problem with metadata or something. I used to have my own server, so I wasn’t really worried about it.

But it’s been like 3 years since I’ve used it or looked into it.

Kinda curious what’s changed at this point.

noughtnaut@lemmy.world on 28 Aug 2024 19:19 next collapse

You know, if you want to replace Slack, look into Mattermost. It’s foss but otherwise pretty much exactly what Slack does so well.

[deleted] on 29 Aug 2024 01:56 collapse

.

MigratingtoLemmy@lemmy.world on 29 Aug 2024 01:56 next collapse

Time for Molly

Laborer3652@reddthat.com on 29 Aug 2024 03:49 next collapse

What is Molly?

MigratingtoLemmy@lemmy.world on 29 Aug 2024 04:11 collapse

Signal fork

TheBat@lemmy.world on 29 Aug 2024 05:09 collapse

Terrible name lmao

MigratingtoLemmy@lemmy.world on 29 Aug 2024 05:42 collapse

??

shneancy@lemmy.world on 29 Aug 2024 05:50 collapse

“Molly” is a common nickname of the drug Ecstasy (MDMA)

“time for molly” kind of implies you’re off to get high

suction@lemmy.world on 29 Aug 2024 06:23 collapse

MDMA high is great, I’d do it all the time. Good name

Makhno@lemmy.world on 29 Aug 2024 11:30 collapse

Found the dude mumbling gibberish and pissing himself in the subway station

suction@lemmy.world on 29 Aug 2024 20:37 collapse

No, I’m not a Japanese salaryman on Friday evening.

lightscription@lemmy.world on 01 Sep 2024 15:36 collapse

Also a nickname for Molybdenum which makes Iron stronger like torrifying Signal makes encrypted communication stronger by protecting metadata from interception.

pressanykeynow@lemmy.world on 29 Aug 2024 21:52 collapse

I wish it wasn’t located in the US where you know even though it’s e2ee they send all the data they get(and that’s a lot) to the government or whoever wants it. But e2ee is cool, right. Nobody from the government cares about it though, but it’s cool.

[deleted] on 28 Aug 2024 19:22 next collapse

.

WldFyre@lemm.ee on 28 Aug 2024 22:39 collapse

“hashtag anarchist yacht club”

Lmfao

Twinklebreeze@lemmy.world on 28 Aug 2024 21:06 next collapse

I love the idea of signal, and want to use it and invite friends to it. But then I remember I don’t really want to message anyone, and don’t really have friends because I have no interest in messaging people.

Cryophilia@lemmy.world on 29 Aug 2024 04:37 collapse

Cool story bro

sailingbythelee@lemmy.world on 28 Aug 2024 22:24 next collapse

This is a very rude question, but on this subject of being lean, I looked up your 990 and you pay yourself less than some of your engineers.

Yes, and our goal is to pay people as close to Silicon Valley’s salaries as possible, so we can recruit very senior people, knowing that we don’t have equity to offer them. We pay engineers very well. [Leans in performatively toward the phone recording the interview.] If anyone’s looking for a job, we pay very, very well.

So, I googled their tax filing out of curiosity. It’s true that Meredith pays herself much less than her engineers, which is great. What I was rather shocked to see is that they pay their software developers enormous salaries. They’re listing developers making over $400,000 per year, with their VP making over $660,000 per year. Now, I’m all for the value-creators making more money than the CEO. I just had no idea that software developers make that kind of coin. I was thinking of donating to Signal, but I’m kind of weirded out by those astronomical salaries.

mosiacmango@lemm.ee on 28 Aug 2024 23:43 next collapse

That’s inline with Silicon valley salaries. Basic houses cost 2mil there, so it’s not completely outrageous.

As an example, openai pays all its engineers 300k flat+500k/yr in some stock based asset. Another example is Netflix, who are notoriously a very fickle employer, but salaries start in the 400k range and go up from there.

sailingbythelee@lemmy.world on 29 Aug 2024 02:29 collapse

Yes, the article makes the point that Signal needs to compete for talent with the rest of Silicon Valley. I get that. And we’ve all heard about the nearly unfathomable amounts of money that tech companies throw around. When you break it down to individual salaries, though, and see that even normal people in normal jobs are making a million dollars a year between salary and stock… well, I think it really exposes the spectacular wealth inequality that we have allowed to fester. I mean, sure, shelter costs may be high in Silicon Valley, but the cost of other goods remain about the same. A $50,000 truck that an average person in Nebraska might have to save for years to afford is barely a rounding error for folks making a million a year. I’m no economist, but it does seem like there are consequences for this kind of ever-growing wealth inequality.

It is also absurd on its face for a multi-millionaire developer to place a “Donate Now” button in an app and talk about being a non-profit to tug at the heart strings of people who make one-tenth of what the developers are making. It’s feels like Scrooge asking Tiny Tim for a donation.

Anyway, I don’t blame the developers for this absurd situation, and I do appreciate Signal, and Meredith is clearly a cool person who is fighting the good fight against big tech surveillance. But every once in a while an article like this reminds me how deeply fucked up the world is. It seems we are approaching pre-French Revolution levels of economic disparity, and maybe it helps explain why so many working class people are pissed off.

Cryophilia@lemmy.world on 29 Aug 2024 04:27 collapse

I cannot WAIT for the inevitable market correction on SWE salaries. Entitled bastards.

Linktank@lemmy.today on 29 Aug 2024 01:04 next collapse

I mean, how does a free app with no advertising in it make that kind of money?

trailee@sh.itjust.works on 29 Aug 2024 05:54 collapse

A free app with no advertising doesn’t make that kind of money, it gets progressively deeper into debt to a good Silicon Valley rich guy who got it off the ground, Brian Acton.

His biography on the Signal Foundation website:

Brian Acton is an entrepreneur and computer programmer who co-founded the messaging app WhatsApp in 2009. After the app was sold to Facebook in 2014, Acton decided to leave the company due to differences surrounding the use of customer data and targeted advertising to focus his efforts on non-profit ventures. In February of 2018, Acton invested $50 million of his own money to start the Signal Foundation alongside Moxie Marlinspike. Signal Foundation is a nonprofit organization dedicated to doing the foundational work around making private communication accessible, secure and ubiquitous.

Prior to founding WhatsApp and Signal Foundation, Acton worked as a software builder for more than 25 years at companies like Apple, Yahoo, and Adobe.

The Wikipedia article on the Foundation says the loan balance was up to $105M later in 2018. Meanwhile, Acton is still worth $2.5B according to Wikipedia, so things are probably fine for now, even 6 years later.

But you’re right that Signal eventually needs revenue to keep even a small team of high caliber software engineers and devsecops folks around. You very much want excellent engineers to continue to be involved with critical encrypted communications software on an ongoing basis, so it will cost money indefinitely. Presumably Acton does not wish to bankroll it indefinitely.

Again back to the interview:

I wouldn’t imagine that most nonprofits pay engineers as much as you do.

Yeah, but most tech is not a nonprofit. Name another nonprofit tech organization shipping critical infrastructure that provides real-time communications across the globe reliably. There isn’t one.

This is not a hypothesis project. We’re not in a room dreaming of a perfect future. We have to do it now. It has to work. If the servers go down, I need a guy with a pager to get up in the middle of the fucking night and be on that screen, diagnosing whatever the problem is, until that is fixed.

So we have to look like a tech company in some ways to be able to do what we do.

I’m really glad they pay those engineers that much, so that Zuckerberg and his ilk can’t entice them away with oodles of money. One presumes they also believe in the cause, but I think this currently looks like Acton fighting surveillance capitalism with what capitalism got for him earlier in his career.

Cofounder Moxie Marlinspike is clearly a brilliant hacker and coder who was crucial to Signal’s creation, but I think it makes sense that he hasn’t stuck around to try to solve the long term business problem of keeping it aloft infinitely.

So what to do about it? The OP interview is with Meredith Whittaker, who’s entire job is figuring that out:

Since she took on the presidency at the Signal Foundation, she has come to see her central task as working to find a long-term taproot of funding to keep Signal alive for decades to come—with zero compromises or corporate entanglements—so it can serve as a model for an entirely new kind of tech ecosystem.

I’m a recurring donor because I want Signal to succeed and I want to vote now with my wallet, but fundamentally it’s on Whittaker to figure out how to make the long term work. Here’s what she says:

I see Signal in 10 years being nearly ubiquitous. I see it being supported by a novel sustainability infrastructure—and I’m being vague about that just because I think we actually need to create the kinds of endowments and support mechanisms that can sustain capital-intensive tech without the surveillance business model. And that’s what I’m actually engaged in thinking through.

sugar_in_your_tea@sh.itjust.works on 29 Aug 2024 03:11 next collapse

Not all SW devs make that kind of money. I don’t live in Silicon Valley, and I make significantly less than that amount. I could probably get a job there making somewhere north of $300k, but my expenses would go through the roof and I’d be stuck in SV traffic all the time, no thank you. I get paid well, but less than half what Signal is paying.

higgsboson@dubvee.org on 29 Aug 2024 11:58 collapse

Yeah, that’s not especially enormous compared to startups in the valley offering huge equity alongside already generous compensation packages.

graphene@lemm.ee on 29 Aug 2024 00:05 next collapse

Wasn’t there some controversy about Signal’s creation being supported by the US government to provide private communications for anti-us-enemy organisation or something? I’m sure I remember it correctly…

graphene@lemm.ee on 29 Aug 2024 00:15 collapse

theregister.com/…/telegram_ceo_calls_out_rival/

Alleged and mostly bullshit from the Telegram founder it seems.

higgsboson@dubvee.org on 29 Aug 2024 11:55 collapse

Which is ironic considering the source.

solrize@lemmy.world on 29 Aug 2024 00:59 next collapse

What is signal anyway? I’ve never paid attention to phone apps much. Why isn’t it on F-droid if it’s FOSS? Is it like irc but with encryption? I guess I should look into it.

dubyakay@lemmy.ca on 29 Aug 2024 02:39 next collapse

It’s more like WhatsApp or messenger (pick your poison on which one I am referring). Fairly lightweight. No useless features. And I think there’s an F-Droid version, running as Molly.

solrize@lemmy.world on 29 Aug 2024 03:03 collapse

Interesting, it looks like molly.im has its own f-droid repo, but there is nothing about Molly in the regular f-droid repo. Thanks though. I guess I should look into this a bit more. I’m way out of date with phone stuff.

vii@lemmy.ml on 29 Aug 2024 04:25 collapse

Molly allows you to use alternative push servers (instead of Google’s), amongst other things.

solrize@lemmy.world on 29 Aug 2024 04:31 next collapse

Oh interesting, yeah I saw some reference to Signal relying on some kind of Google service. I figure I would want to self-host anything I was serious about. It also looks like these things do video chat, so they’re much more elaborate (perhaps unnecessarily) than IRC, which is text-only. I’ve never used Whatsapp and am not even sure what it is, except that for a while I confused it with Instagram.

I’ve installed GNU Jami and that seems like enough for video chat? I just haven’t had occasion to actually use it. I’m not a video guy and frankly am usually happy with email. PGP from the 1980s still works fine, if anyone cares.

vii@lemmy.ml on 29 Aug 2024 14:03 collapse

The aim of Signal Foundation is to displace the likes of WhatsApp and Messenger thus it has to support all modern and expected features.
Interestingly enough WhatsApp uses Signal’s protocol for encryption, it’s part of the planned messaging interop forced on Meta by EU.

solrize@lemmy.world on 29 Aug 2024 17:33 collapse

Thanks that is interesting. I wonder if newer versions will use MLS.

EngineerGaming@feddit.nl on 30 Aug 2024 15:21 collapse

And (what is important to me now) allows using any Socks proxy instead of only Signal’s own censorship-bypassing solutions. This is a weird decision on Signal’s part, because in places like this, you might need to switch between various protocols when the old ones stop working. And for Signal, developing censorship evasion is not the primary task so naturally they would not be as advanced and quickly-evolving as the communities dedicated to it.

RecluseRamble@lemmy.dbzer0.com on 29 Aug 2024 02:40 collapse

Why isn’t it on F-droid if it’s FOSS?

That got me interested and apparently, they fear forks running out of date.

Concerning F-Droid, we already providing an auto-updating APK directly from our site, and we really don’t want forked versions of the app maintained by other parties connecting to our servers. Not only could the users using the forked version have a subpar experience, but the people they’re talking to (using official clients) could also have a subpar experience (for example, an official client could try to send a new kind of message that the fork, having fallen out of date, doesn’t support). I know you say you’d advocate for a build expiry, but you know how things go. Of course you have our full support if you’d like to fork Signal, name it something else, and use your own servers.

While that statement got plenty of thumbs down, I hate to admit that F-Droid is indeed out of date quite often. I currently can’t find a source for this but I once read this has something to do with their signing process.

sugar_in_your_tea@sh.itjust.works on 29 Aug 2024 02:57 next collapse

Yes, they manually sign every package.

But they could easily have their own F-Droid repository, I have repositories for FUTO apps like Grayjay and their keyboard, Bitwarden, and Newpipe, among others. Those are run by the projects themselves, so they’re in charge of how often they update it, as well as how they sign it. So if they have issues with the “official” F-Droid repositories, they can always host their own. I honestly prefer projects that host their own repos precisely because they should, in theory, update faster.

That said, a self-updating APK is good enough for me. However, I didn’t see an install option easily listed on their website and had to search for “signal android apk” to find the page. It should be listed on the regular install page on their website, next to the link to Google Play. I found three separate pages for getting it for Android, and all three had a link to Google Play and only one had the APK.

Laborer3652@reddthat.com on 29 Aug 2024 03:46 collapse

Yeah this is what Bitwarden ended up doing. They didn’t want to be on F-Droid for very similar reasons; eventually they started hosting their own repo and its been gravey ever since. Highly recommend this option.

solrize@lemmy.world on 29 Aug 2024 03:02 collapse

Hmm, ok, thanks. But I’m kind of tired of version churn: who needs to keep changing a chat program? IRC has been around since the 1980s or so and still works fine.

noodlejetski@lemm.ee on 29 Aug 2024 04:42 collapse

who needs to keep changing a chat program? IRC has been around since the 1980s or so and still works fine.

some people like texting their family who doesn’t use IRC, and they’d rather not send messages in plain text for one reason or another.

solrize@lemmy.world on 29 Aug 2024 05:30 collapse

I get that IRC is old school and encryption is important. My question is why the program has to keep changing. If the task is simple enough, there shouldn’t be incompatible changes required if there are new versions at all.

RecluseRamble@lemmy.dbzer0.com on 29 Aug 2024 07:08 next collapse

With new possibilities due to new tech user demands rise, too. People asked for features like group or video chats or coupled devices (not trivial with E2EE) and since good companies listen, they developed those and still do.

Also, I don’t think there’s a single IRC client still in use that hasn’t been updated since the 80s. I wouldn’t be surprised if your favorite client got an update in the last couple of months - and that despite it being a trivial protocol.

oldfart@lemm.ee on 29 Aug 2024 16:53 collapse

…ccc.de/…/3e0a51f5-f60a-4a90-a78a-3a311c6ffe41 here the author explains why and it all sounds like a bucket of bullshit

solrize@lemmy.world on 29 Aug 2024 17:35 collapse

Thanks, I might try to watch some of that.

01189998819991197253@infosec.pub on 29 Aug 2024 01:45 next collapse

My only gripe with signal, is the use of phone numbers as usernames. Not everyone with whom I want to communicate via signal has a phone number. I understand why they went this route, but wish there was an alternative way.

ikidd@lemmy.world on 29 Aug 2024 02:20 next collapse

It creeps me the fuck out. I do not get why a service that bills itself as secure needs to know something that can be traced back to my credit card and name. I won’t use Telegram or Signal because of this.

01189998819991197253@infosec.pub on 29 Aug 2024 03:02 next collapse

It’s about your posture. Most people who use signal use it to have privacy from governments. They’re not hiding that they use signal, they’re hiding what they write on signal. In this case, using your phone number isn’t a big deal.

Some people, have a tighter posture, which could translate to your position. In that case, something like Briar could fit the bill.

Lastly, security and privacy are not the same thing. Google products are secure, but they are not private. Self hosted sftp, for example, is private, but may not be secure. Signal is definitely secure, at least enough for general and governmental use. So, it seems, is telegram. Signal is more private than telegram in many ways, but it is not the gold standard for privacy (because of its use of phone numbers as usernames), but it is “good enough” for the masses. The balance between good for everyone and zero-knowledge private for everyone is delicate, potentially impossible. Honestly, I don’t know if signal was able to strike that balance perfectly, but they did a much better job than many other services, certainly than those others that are accepted by the masses.

ikidd@lemmy.world on 29 Aug 2024 04:10 collapse

But putting a phone number in immediately exposes protesters to association. Sure, Signal can’t give out the contents of messages, but it still has the chain of contact. So if a government gets hold of this record, legally or otherwise, now you have everyone associated to a suspect phone number/person and can start rounding them up.

It’s the complete antithesis of freedom of association when there’s a record of everyone that you’ve contacted. The contents don’t enter into that problem, and I can’t see why they feel the need to keep this as part of their system. It purposely makes it impossible to use this for something like peaceful protest. So, no, it doesn’t give you privacy from governments, because governments that don’t respect freedom of association will use that information to punish dissidents.

I can’t imagine any reason to use phone numbers except to purposefully keep this chain of association for governments to use. Even Facebook doesn’t require this sort of personal proof, and it’s suspicious as hell.

noodlejetski@lemm.ee on 29 Aug 2024 04:38 next collapse

Sure, Signal can’t give out the contents of messages, but it still has the chain of contact.

it doesn’t. they’ve been ordered to hand over data multiple times, and the only thing tied to the phone number they have is 1. time the account has been created and 2. last time the account connected to the server: signal.org/bigbrother/

sunzu2@thebrainbin.org on 29 Aug 2024 17:06 collapse

FISA order could require them to collect the data and turn it over, US courts won't be able to to do shit about it.

This is purely I trust signal bro type argument

01189998819991197253@infosec.pub on 29 Aug 2024 12:43 collapse

You’re mistaken on the basis of your beliefs here. Signal only had two pieces of data around your phone number (joined datestamp, last online datestamp). This means that governments can’t petition signal for any more information, since signal simply doesn’t have it to give (by design).

Your point on fb is hilarious, because they do require it. They just don’t require you to input it, because (1) they already have it and (2) you freely provide the missing pieces without them even asking. But, like I said earlier, if this goes against your posture, use something like Briar or Matrix or whatever. Choice exists, because everyone is different and has different postures.

sunzu2@thebrainbin.org on 29 Aug 2024 17:09 collapse

FISA order could be in place and signal disclosed what they were told.

This argument about them producing only two data points is good but it is not a slam dunk arguement everyone makes it to be.

Signal has technical capabilities to time stamp every ineteration you have with another person if it goes through their server. This is internet 101.

So we relying that they don't do this but if US government said do it. They would and Jack shit anyone can do about it.

pressanykeynow@lemmy.world on 29 Aug 2024 22:26 next collapse

That is my concern with any US based company. With all the information we have how their government agencies used both legal and illegal means to access data how can you ever think those companies can protect your privacy even if they sincerely want to?

01189998819991197253@infosec.pub on 30 Aug 2024 00:21 collapse

Them being a us company is a very valid concern, and one I share. If I were a dissident, I likely wouldn’t use signal just because they’re us based.

UnderpantsWeevil@lemmy.world on 30 Aug 2024 14:17 collapse

The Signal pitch is that you don’t need identity security so long as the encryption is strong enough.

That is, incidentally, the same pitch Botcoiner make.

sugar_in_your_tea@sh.itjust.works on 29 Aug 2024 03:09 next collapse

You can use a username only for finding and adding friends, you only need the phone number to create an account. That’s probably because Signal started as an alternative to Messages (or whatever it was called back then), so you could send SMS if you wanted, or secure messages to friends w/ Signal. The whole point was to be a gentle transition from SMS to private messaging. However, they eventually dropped the SMS feature, but it seems they kept the phone number as username thing.

It kind of sucks, but I think that’s a reasonable limitation since the vast majority of people using this service will have a phone number. You could probably even sign up for a free trial of something (e.g. Google Fi) to sign up for Signal, set up the username, and then drop the phone number service. I don’t know if there are any problems with this, but I don’t think they do anything with your phone number after everything is set up.

01189998819991197253@infosec.pub on 29 Aug 2024 03:22 next collapse

Yeah. And I don’t fault them for this route. I just with I could sign up without a phone number. Maybe the username thing is a predecessor to allowing usernam-only registration in the future.

sugar_in_your_tea@sh.itjust.works on 29 Aug 2024 03:31 collapse

Yeah, hopefully. It would also be awesome to have a web login so I could access messages and whatnot when using someone else’s computer w/o having to install something.

I don’t know what direction they’re going, but I’m honestly okay with the caveats that currently exist.

01189998819991197253@infosec.pub on 29 Aug 2024 03:35 next collapse

Having web logon would mean they would need to hold the decryption key in some form (or have a weak decryption key, your credentials), so, while convenient, I think it would degrade security and possibly privacy. Unless you mean to receive new messages, the way the desktop app works?

Laborer3652@reddthat.com on 29 Aug 2024 03:42 collapse

Not if they used WebAssembly to do all the decryption locally.

01189998819991197253@infosec.pub on 29 Aug 2024 03:55 collapse

I can’t tell if you’re joking haha

sugar_in_your_tea@sh.itjust.works on 29 Aug 2024 04:14 next collapse

Why would they be joking? There’s really not a big difference between how their mobile and desktop apps work and what’s possible in the web. It can fetch the keys from my computer or my phone just like their other apps work, and store the keys and whatnot encrypted in temporary local storage, just like on the phone. WebAssembly could allow them to share the code and retain similar performance.

I honestly don’t see an issue here. If they need help, I’d be happy to lend a hand.

Laborer3652@reddthat.com on 01 Sep 2024 00:27 collapse

Why? C++ does wasm and I’m pretty sure the signal client is already written in C++. It definitely wouldn’t be something that could be pulled off quickly, but the ability to securely run code like this is kind of the whole point of wasm as I understand it, no?

Manalith@midwest.social on 29 Aug 2024 11:02 collapse

I’d be more interested in allowing more than one Android device at a time like MySudo. They let you link Windows with a phone so I wouldn’t think it would be too hard to implement.

EpicGamer@lemmy.world on 29 Aug 2024 08:02 next collapse

I think another reason they use a phone number is that it can mitigate issues with people or bots creating hundred of accounts maybe

sugar_in_your_tea@sh.itjust.works on 29 Aug 2024 13:07 collapse

But there are plenty of other services that don’t require a phone number that also seem to mitigate that issue, so while it may be a convenient option, it’s hardly the only option.

vulgarcynic@sh.itjust.works on 29 Aug 2024 17:20 next collapse

Big concern with your number being recycled and a new user receiving the signal activation key on that number.

sugar_in_your_tea@sh.itjust.works on 29 Aug 2024 17:32 next collapse

Sure, and I think that would send a message to all of your contacts that a new account is using that number, but I’m honestly not sure. If you have an active account (i.e. on a desktop or something), I think you can just change your number if that happens (i.e. get another temp number).

It’s certainly more convenient if you use a longer-term number, but I think it’s feasible with a throwaway number. Once your account is set up, Signal doesn’t need your number for anything if you disable publishing that.

vulgarcynic@sh.itjust.works on 29 Aug 2024 18:32 collapse

It does send a “your safety number has been updated with user” message. But not as an automated message. Only when a new signal thread is started.

Haven’t tried when only logged in to desktop and changing devices / numbers so I can’t speak to that.

Neon@lemmy.world on 30 Aug 2024 14:04 collapse

You need to enter your Signal Pin, otherwise you will get removed from all groups etc

EngineerGaming@feddit.nl on 30 Aug 2024 15:04 next collapse

Google is a very bad choice because it requires a phone number on its own. Also heard that there may be additional KYC.

sugar_in_your_tea@sh.itjust.works on 30 Aug 2024 15:09 collapse

Are you suggesting you need a phone number to get a phone number from Google Fi?

And yeah, it’ll definitely to KYC, because that’s a federal regulation. My point is that you don’t need the number long-term, so the number will only be associated with you for like a week while the trial period lasts. So sign up for Google Fi trial, create a Signal account, then cancel the trial. That sounds pretty reasonable to me.

EngineerGaming@feddit.nl on 30 Aug 2024 15:13 collapse

Yea. Don’t you need a Google account first to use such a service? Those do need phone numbers to register.

And also KYC is unacceptable in this case, imo. If the number is needed only for a short time, there are similar, non-KYC options like what you would find on kycnot.me.

sugar_in_your_tea@sh.itjust.works on 30 Aug 2024 15:25 collapse

Yeah, I think you’ll create a Google account as part of the Google Fi account creation process.

If that really bothers you, use a different MVNO. Some offer free trials, but even if not, it’s not too bad to buy a month of service. My provider is Tello, and the minimum service that’ll give you SMS is $5/month. If you’re clever, you can probably also find a VOIP provider that does SMS for really cheap.

My point isn’t that Google Fi specifically is what you should use, just that it’s an example of a service that offers a free trial, so you can sign up for Signal for free.

EngineerGaming@feddit.nl on 30 Aug 2024 16:32 collapse

I get the point, I just said how bad of an example this is, lol

EngineerGaming@feddit.nl on 30 Aug 2024 15:08 collapse

Another issue with phone numbers is that it makes it easier to censor - from what I heard, in Iran the confirmation SMS just would not arrive, making rentals the only option (thus making you risk your account being deleted by the new owner).

My personal biggest issue with Signal, though, was the inability to register from the official desktop client. They were pushing to register on mobile instead. There are ways around it, like Signal-Cli (what I used) and Android VMs. However, the fact that they push people onto mobile at all is worrying, because phones are much harder to make private (while you can install Linux onto pretty much any given laptop/desktop, only certain phones are compatible with alternative OSes, and mine wasn’t so I could not trust it with my chats).

sugar_in_your_tea@sh.itjust.works on 30 Aug 2024 15:26 collapse

Hmm, I guess then you’d need to get a VPN that works in your country (not sure how hard that is in Iran) and find a VOIP service that either doesn’t require any payment, or accepts payments from Iran.

It’s certainly not ideal, and I wish they’d eliminate the dependency on phone numbers, but until then, there are options for most people to create an account w/o having a permanent number.

EngineerGaming@feddit.nl on 30 Aug 2024 16:32 collapse

You can use Monero for payment, I started doing this ever since sanctions began. Free services are not really viable because they’re far more likely to have all their numbers already used up.

But yea, the overall point is that it is a large inconvenience and a possible point of failure (the next number user deleting the account).

sugar_in_your_tea@sh.itjust.works on 30 Aug 2024 17:13 collapse

Yeah, it’s certainly problematic, and I’d very much prefer that it not have that dependency. But I think it’s still worth using Signal despite needing a number, because it’s a really low barrier to getting new users on it.

If you want something truly private w/o the dependency on a number, there are better options, such as SimpleX. However, the barrier to entry there is a bit higher.

EngineerGaming@feddit.nl on 30 Aug 2024 17:55 collapse

I have a few problems with Simplex (I worry about it being effectively centralized for now and that the VC funding may get it to either enshittify or stop development)… But I do use it quite a bit and even have the servers (which were very easy to set up and don’t consume a lot of resources). I like a lot of what it does (including being very easy to use), and hope it succeeds as it matures!

snek@lemmy.world on 29 Aug 2024 03:29 next collapse

I’ve been using it for a while and by far the biggest issue is how giant the backup file is and now about 3Gb of data were lost because of a signal version mismatch between an old phone I was using and the new one I switched to.

foremanguy92_@lemmy.ml on 30 Aug 2024 12:16 collapse

For me, today the best messaging app is SimpleX, it is a bit in early development but it’s already really nice.

fubarx@lemmy.ml on 29 Aug 2024 04:02 collapse

As long as they stay away from public ‘channels.’

There lie dragons.