vollkorntomate@infosec.pub
on 15 Jan 14:24
nextcollapse
[…] it uses the X25519 public key… as a symmetric key, for AES-GCM.
[…] anyone that knows the public key can decrypt it.
Ouch.
aport@programming.dev
on 15 Jan 15:33
nextcollapse
I’m OOTL, why do people want an alternative to Signal? It thought that was the good app
Confetti_Camouflage@pawb.social
on 15 Jan 16:47
nextcollapse
I don’t know about other people, but the only thing I don’t like about Signal is that it is centralized. It seems to be the only option to actually get everything right for security though from what I hear.
I dislike that I can’t reply to another message with a sticker.
I also dislike that, despite having admin access, I can’t delete abusive messages left in groups for anyone but myself. That makes it unsuitable for building communities.
ZaphodWilde42@lemmy.world
on 15 Jan 23:53
collapse
The replying with stickers bugs me so much, your pack has been helpful too. Hopefully we’ll eventually be able to edit created packs though.
I personally think they could replace the “centralized” part with the “relay” part. Seems technically possible with their protocol. Their center plays mostly the relay role. So it would be a bit similar to Usenet, or to NOSTR, or even maybe to something like old Freenet.
But yes, there are good arguments that making it decentralized would slow down necessary changes and fixes.
It's centralized, it doesn't officially allow 3rd-party clients, it requires a phone number, and the desktop app kinda sucks. I use it anyway, but it could be better.
EngineerGaming@feddit.nl
on 16 Jan 10:31
nextcollapse
Not just sucks, but is limited. Like, you can’t even register there! To use Signal without a smartphone, you’d need workarounds that are unfriendly to an average person! All while a computer is far easier to make private than a phone.
The “centralized” part is not a problem with their protocol and it’s well explained.
The 3rd-party clients thing … I agree with, but one can find justifications for that too. They probably don’t want people to use it for filesharing with uuencode and base64. Or even for VPNs, like they did with Tox when it seemed to have a future.
The phone number thing sucks, but there’s a need to defend against bot registrations somehow.
The desktop app sucks absolutely and conclusively. If there were a library one can use to make a Pidgin plugin, it would be a godly gift.
Live_Let_Live@lemmy.world
on 17 Jan 18:55
collapse
You need a phone number for Signal which means that your mobile provider will have your location, your IMSI, your mobile device model, serial number if you are using a T-Mobile or any other Telco" supplied device.
If not then via the IMSI / mobile number they can get your location and details from Google / Apple etc and that not even considering your IP-Address
Any time that there is a unique real world identifier the owner can be located. The only way around this would be to use something like Briar that use cryptographic uniqueness and that communicates via Onion like multihop anonymizers (TOR etc) from the outset.
Sparkega@sh.itjust.works
on 15 Jan 19:47
nextcollapse
What are everyone’s thoughts on Molly, advertised as a hardened fork of Signal?
dracs@programming.dev
on 16 Jan 09:43
nextcollapse
I’ve been using it for several months mostly due to it’s UnifiedPush notifications support and been really happy with it.
EngineerGaming@feddit.nl
on 16 Jan 10:30
nextcollapse
I’ve used it because it actually allowed me to register, while the registration in the official app broke (my best guess is due to lack of Google services, because that’s the popup the app got stuck on). And if I knew about it earlier, I could’ve used it to register in an Android VM and then tie a desktop client - because unlike the original, it did not force you to use your camera, you could just use a link. Another important quality for me is the ability to use arbitrary Socks rather than Signal’s own - when every protocol has a chance to be blocked, flexibility is important, and having a standalone proxy may be more convenient than a whole-device VPN (that you’d have to keep on all the time to receive notifications).
itslilith@lemmy.blahaj.zone
on 16 Jan 11:31
collapse
Don’t care too much about the supposed hardening, but it’s on FDroid and has UnifiedPush, so I use it over Signal
threaded - newest
Ouch.
I’m OOTL, why do people want an alternative to Signal? It thought that was the good app
I don’t know about other people, but the only thing I don’t like about Signal is that it is centralized. It seems to be the only option to actually get everything right for security though from what I hear.
That’s a reasonable thing to dislike about it.
I dislike that I can’t reply to another message with a sticker.
I also dislike that, despite having admin access, I can’t delete abusive messages left in groups for anyone but myself. That makes it unsuitable for building communities.
The replying with stickers bugs me so much, your pack has been helpful too. Hopefully we’ll eventually be able to edit created packs though.
I personally think they could replace the “centralized” part with the “relay” part. Seems technically possible with their protocol. Their center plays mostly the relay role. So it would be a bit similar to Usenet, or to NOSTR, or even maybe to something like old Freenet.
But yes, there are good arguments that making it decentralized would slow down necessary changes and fixes.
It's centralized, it doesn't officially allow 3rd-party clients, it requires a phone number, and the desktop app kinda sucks. I use it anyway, but it could be better.
That desktop app really is super hot garbage.
Not just sucks, but is limited. Like, you can’t even register there! To use Signal without a smartphone, you’d need workarounds that are unfriendly to an average person! All while a computer is far easier to make private than a phone.
The “centralized” part is not a problem with their protocol and it’s well explained.
The 3rd-party clients thing … I agree with, but one can find justifications for that too. They probably don’t want people to use it for filesharing with uuencode and base64. Or even for VPNs, like they did with Tox when it seemed to have a future.
The phone number thing sucks, but there’s a need to defend against bot registrations somehow.
The desktop app sucks absolutely and conclusively. If there were a library one can use to make a Pidgin plugin, it would be a godly gift.
You need a phone number for Signal which means that your mobile provider will have your location, your IMSI, your mobile device model, serial number if you are using a T-Mobile or any other Telco" supplied device.
If not then via the IMSI / mobile number they can get your location and details from Google / Apple etc and that not even considering your IP-Address
Any time that there is a unique real world identifier the owner can be located. The only way around this would be to use something like Briar that use cryptographic uniqueness and that communicates via Onion like multihop anonymizers (TOR etc) from the outset.
.
What are everyone’s thoughts on Molly, advertised as a hardened fork of Signal?
I’ve been using it for several months mostly due to it’s UnifiedPush notifications support and been really happy with it.
I’ve used it because it actually allowed me to register, while the registration in the official app broke (my best guess is due to lack of Google services, because that’s the popup the app got stuck on). And if I knew about it earlier, I could’ve used it to register in an Android VM and then tie a desktop client - because unlike the original, it did not force you to use your camera, you could just use a link. Another important quality for me is the ability to use arbitrary Socks rather than Signal’s own - when every protocol has a chance to be blocked, flexibility is important, and having a standalone proxy may be more convenient than a whole-device VPN (that you’d have to keep on all the time to receive notifications).
Don’t care too much about the supposed hardening, but it’s on FDroid and has UnifiedPush, so I use it over Signal
To be even more critical of Session, it uses Oxen which is like someone took Onion routing and decided to dress it up as a cryptocurrency grift
Session & Lokinet - Oxen | Privacy made simple.