Missl hasn’t been maintained in a while, though. I’d recommend the fork DAVECON1. Dave is pretty active still, listens to the community. He recently removed the little prompt box that popped up when you were planning to commit war crimes and genocide, which has improved my workflow and plausible deniability!
RageAgainstTheRich@lemmy.world
on 06 Apr 2025 01:33
collapse
You can even try out their new AI feature. After 3 strikes, it learns who you like to strike the most and will give suggestions containing the most packed areas with as many children as possible.
It also has in-app quests to complete such as wiping out a whole family in 1 strike.
It rewards you with points you can spend in the store to buy skins and other cosmetics for your missiles.
If you signup with your nintendo friend code, you can unlock the banzai bill skin.
To be fair, variety makes groups more resilient. If Signal were to ever become compromised somehow, people who use other apps like Session will be okay.
It’s not a zero-sum game, either – people can use Signal and other apps.
rottingleaf@lemmy.world
on 06 Apr 2025 06:05
collapse
I think there was an article recently about Session devs, first, having their protocol derived from Signal’s, second, not knowing what they were doing with that, which would discredit it pretty hard.
Also everything is traceable, it’s a question of effort and who you piss off.
Amoxtli@thelemmy.club
on 06 Apr 2025 18:03
collapse
You don’t know what you are talking about. Just because Session is a fork of Signal doesn’t mean it isn’t better. Session adds identity protection and it is decentralized. There is no personal information needed to create accounts; no phone number or email required. There is no metadata storage. Had the Trump cabinet used Session instead of Signal, there would be no evidence to the identities of the individuals messaging each other. Signal requires a phone number to have an account which traces to an identity and metadata that logs time and date. The leaked war plans were not from encryption failing, but traceable identities by an insider.
rottingleaf@lemmy.world
on 07 Apr 2025 07:30
collapse
Just because Session is a fork of Signal doesn’t mean it isn’t better.
And nobody said that, strawman count one.
Session adds identity protection and it is decentralized.
Just so you knew, everything about security is made much harder and more complex by decentralization. Welcome to the real world, two good things do not help each other, you have to compromise on something.
This statement adds nothing but the vague idea that decentralization helps security, so answered only that.
There is no personal information needed to create accounts; no phone number or email required. There is no metadata storage.
The article I don’t remember was about purely technical mistakes of Session developers in processes inherited from Signal. Mistakes! Mistakes happen in software. While what you are doing is listing features.
Signal requires a phone number to have an account which traces to an identity and metadata that logs time and date.
You are again talking about features and policies and limitations.
Damn right it’s better to use a system where users using their IP addresses store messages in a blockchain, very anonymous.
Had the Trump cabinet used Session instead of Signal, there would be no evidence to the identities of the individuals messaging each other. Signal requires a phone number to have an account which traces to an identity and metadata that logs time and date. The leaked war plans were not from encryption failing, but traceable identities by an insider.
Buddy, that journalist didn’t trace anything, they just were added to a chatroom, saw what’s being discussed there, said oops, informed others and left it.
I’m sure you can set a nickname to your real name in Session too.
CobraChicken3000@lemmy.ca
on 06 Apr 2025 00:04
nextcollapse
Very informative article. By most measures, it is pretty terrific at encrypting messages and protecting your privacy, just not when it’s wielded by idiots.
SmoothLiquidation@lemmy.world
on 06 Apr 2025 00:08
nextcollapse
I understand how the public key encryption works when you are messaging person to person. Does anyone know how it works with group chats?
This is one way that signal differs from WhatsApp e2e in groups. In WhatsApp the server replicates the message out to all clients. It can’t read the message but it knows the recipient list. In Signal your phone sends the message several times, so only members of the group know who is in the group.
Natanael@infosec.pub
on 06 Apr 2025 22:18
collapse
The encryption still works roughly the same, the difference is mostly visible metadata.
Multiple bundles of encrypted message + decryption key & recipient tag for 1 person, or one bundle of the encrypted message and then keys for multiple people & recipients which the server can separate out when relaying the message
(message keys are encrypted to each recipient’s keypair*)
*simplified because I can’t be bothered to explain how deniability is implemented. Just look up the Signal protocol’s ratchet
knobbysideup@sh.itjust.works
on 06 Apr 2025 00:45
nextcollapse
The app doesn’t matter. Wrong fucking network.
wewbull@feddit.uk
on 06 Apr 2025 13:12
nextcollapse
Absolutely right. Messages of the type they sent should never be on a public network whether they are encrypted or not.
Natanael@infosec.pub
on 06 Apr 2025 22:22
collapse
The military does tons of stuff over public networks, the key is using vetted hardware and their own VPN and communication tools which allows complete control over recipients.
No random unaudited consumer devices which might have various exploits known to outsiders, which might fall into the hands of spies, and which DEFINITELY does not have any active security monitoring.
Natanael@infosec.pub
on 06 Apr 2025 22:18
collapse
Wrong hardware!
FriendBesto@lemmy.ml
on 06 Apr 2025 05:01
nextcollapse
True. For war plans use Tinder, or maybe Pinterest.
Batman@lemmy.world
on 06 Apr 2025 05:59
nextcollapse
What’s wrong with the traditional war thunder comms?
FriendBesto@lemmy.ml
on 06 Apr 2025 06:01
collapse
(They have an alternativeto.net entry that explains a lot more about them too. Also, AlternativeTo is a great resource to find more open-source (But you have to check online if it’s community-made or corporation owned) platforms/apps/websites/etc to switch to. Recommend using that too)
Allow you to have different profile pics per community you are in
Can use bots without needing Premium
There’s more once you use it to experience it and read their site
I say we make a U.S. Server on there to inform each other, inspire each other, take action, collaborate, & coordinate
That would be a great way for all of us to really get things going in real life & online. Also, to have different sections of the server dedicated to various issues:
This whole mess with GOP fighting back on every level
Making Protests Fun, & Effective. Connecting Social Events to Them, & having Goals for Each Protest (Get to know others to work with, building out better infrastructure, gettings things done, etc)
Homelessness
Walkable/social/fun/bikeable/transit infrastructure for cities and towns
Building and Maintaining Community
Collaboration with Allies
Etc Etc
I would do it but don’t know how to run a community, & server
FourWaveforms@lemm.ee
on 06 Apr 2025 19:07
collapse
Truth Social. That way, nobody will ever see the plans
Bazoogle@lemmy.world
on 06 Apr 2025 19:34
collapse
And if anyone magically finds them, they’ll dismiss it as a crazy conspiracy
TankovayaDiviziya@lemmy.world
on 06 Apr 2025 22:09
collapse
SavageCoconut@lemmy.world
on 06 Apr 2025 13:38
nextcollapse
TLDR: some government/military official added a reporter to a Signal group were some high profile people were discussing and sharing war plans.
The app’s encryption is perfectly fine. It’s just clickbait.
billwashere@lemmy.world
on 06 Apr 2025 19:08
nextcollapse
They weren’t war plans. They were attack plans. /s 🤦♂️
Bloomcole@lemmy.world
on 06 Apr 2025 21:36
collapse
genocide assisting murder plans
Screen_Shatter@lemmy.world
on 07 Apr 2025 02:02
nextcollapse
Its not click bait, its a great layman’s terms explanation of the app and what it does. This is the kind of article I would send to my parents who are basically tech illiterate when this topic inevitably arises. It also clarifies points that were poorly reported by other outlets, which is necessary to call out, especially in our current informational climate.
Cocodapuf@lemmy.world
on 07 Apr 2025 02:25
collapse
What about it is clickbait? That title is really upfront about signal’s encryption being fine.
kittenzrulz123@lemmy.blahaj.zone
on 06 Apr 2025 19:23
collapse
Fundamentally the biggest security vulnerability in every peice of software is the end user. It does not matter how intelligently the software is designed, no amount of preparation can handle the users. That is not to say Signal has no security vulnerabilities but almost nothing can stop someone from inviting a random reporter (if they explicitly invited them). Furthermore I have a conspiracy theory of sorts, I dont think it was a mistake. I think Trumps own administration is trying to backstab him. Maybe they had ideas of becoming more powerful, maybe they thought Trump would reduce their power, but I feel that the amount of government leaks and just how complicated they are would suggest infighting.
piecat@lemmy.world
on 07 Apr 2025 03:24
nextcollapse
Yeah- that is a bit odd. Who and if not intentional, how?
JiminaMann@lemmy.world
on 07 Apr 2025 19:57
collapse
What security vulnerabilities does signal have?
kittenzrulz123@lemmy.blahaj.zone
on 07 Apr 2025 20:30
collapse
sugar_in_your_tea@sh.itjust.works
on 07 Apr 2025 20:57
nextcollapse
The main issue I know about is in how messages are stored (the top CVE in that list). If a phone is compromised, all chat history could be exfiltrated. That’s incredibly unlikely for a regular citizen, but it’s a lot more likely for an important position like the head of the Department of Defense or something.
NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
kittenzrulz123@lemmy.blahaj.zone
on 07 Apr 2025 21:00
collapse
Im not a security researcher tbh and I havent extensively studied the security model of Signal (I use Matrix)
sugar_in_your_tea@sh.itjust.works
on 07 Apr 2025 21:11
collapse
Same. I’m just generally pretty cyber-security curious, and have read a bit on this topic.
I think Signal and Matrix are absolutely fantastic. I use Signal as an SMS replacement and Matrix for group chats, and I whole-heartedly recommend both.
BTW, thanks for providing the CVEs, I hope that answers a few peoples’ questions about it. One thing to note is that a high number of CVEs is indicative of a lot of academic interest, which is a good indicator that a project is interesting to the security community. So seeing a lot of CVEs is a good thing, assuming the more critical ones get close quickly (and Signal does a good job keeping up with updates).
kittenzrulz123@lemmy.blahaj.zone
on 08 Apr 2025 16:56
collapse
Thats why the Linux kernel has a massive amount of CVEs, its extensively audited and researched.
JiminaMann@lemmy.world
on 08 Apr 2025 20:10
collapse
threaded - newest
Good to know! I wanted to plan a war but looks like I need to use a diffrent app 😔
Have you tried iWar by Apple? I find the mind-mapping tool really helpful for collaborating where to strike next.
Sorry, that feature is only available in the iWar+ subscription, which is $9.99/mo
Also, if you want to have more than one war at a time you’ll need to purchase add on slots for $4.99ea.
Dude. We’re on Lemmy. Don’t be advertising some closed source app.
Missl is the best federated, defense first, FOSS war planning app available. You can self host using docker or use one of the many public instances.
The jerk has reached critical mass
Missl hasn’t been maintained in a while, though. I’d recommend the fork DAVECON1. Dave is pretty active still, listens to the community. He recently removed the little prompt box that popped up when you were planning to commit war crimes and genocide, which has improved my workflow and plausible deniability!
You can even try out their new AI feature. After 3 strikes, it learns who you like to strike the most and will give suggestions containing the most packed areas with as many children as possible. It also has in-app quests to complete such as wiping out a whole family in 1 strike.
It rewards you with points you can spend in the store to buy skins and other cosmetics for your missiles.
If you signup with your nintendo friend code, you can unlock the banzai bill skin.
<img alt="" src="https://lemmy.world/pictrs/image/608c671c-e3f4-4f34-a590-b68945a7775b.jpeg">
4chan is what you need
Nah, too much moderation, go with one of the many more niche *chans, or even just one of the 8chan clones.
WarThunder forums has the highest experts apparently
I usually use Genocide Palestine. It’s actively developed and supported on all major platforms, in pretty much all countries.
Battle plans you use Signal, war plans your going to want Threema, Session, or SimpleX.
Signal is traceable. Session is untraceable.
Signal is gaining the network effect. Session is not. Don’t let perfect be the enemy of good enough.
If you can influence others to do so, use the better app. My family, we use Briar.
.
To be fair, variety makes groups more resilient. If Signal were to ever become compromised somehow, people who use other apps like Session will be okay.
It’s not a zero-sum game, either – people can use Signal and other apps.
I think there was an article recently about Session devs, first, having their protocol derived from Signal’s, second, not knowing what they were doing with that, which would discredit it pretty hard.
Also everything is traceable, it’s a question of effort and who you piss off.
You don’t know what you are talking about. Just because Session is a fork of Signal doesn’t mean it isn’t better. Session adds identity protection and it is decentralized. There is no personal information needed to create accounts; no phone number or email required. There is no metadata storage. Had the Trump cabinet used Session instead of Signal, there would be no evidence to the identities of the individuals messaging each other. Signal requires a phone number to have an account which traces to an identity and metadata that logs time and date. The leaked war plans were not from encryption failing, but traceable identities by an insider.
And nobody said that, strawman count one.
Just so you knew, everything about security is made much harder and more complex by decentralization. Welcome to the real world, two good things do not help each other, you have to compromise on something.
This statement adds nothing but the vague idea that decentralization helps security, so answered only that.
The article I don’t remember was about purely technical mistakes of Session developers in processes inherited from Signal. Mistakes! Mistakes happen in software. While what you are doing is listing features.
You are again talking about features and policies and limitations.
Damn right it’s better to use a system where users using their IP addresses store messages in a blockchain, very anonymous.
Buddy, that journalist didn’t trace anything, they just were added to a chatroom, saw what’s being discussed there, said oops, informed others and left it.
I’m sure you can set a nickname to your real name in Session too.
Very informative article. By most measures, it is pretty terrific at encrypting messages and protecting your privacy, just not when it’s wielded by idiots.
I understand how the public key encryption works when you are messaging person to person. Does anyone know how it works with group chats?
Each participant is sent a separate copy of each message encrypted with their own key.
This is one way that signal differs from WhatsApp e2e in groups. In WhatsApp the server replicates the message out to all clients. It can’t read the message but it knows the recipient list. In Signal your phone sends the message several times, so only members of the group know who is in the group.
The encryption still works roughly the same, the difference is mostly visible metadata.
Multiple bundles of encrypted message + decryption key & recipient tag for 1 person, or one bundle of the encrypted message and then keys for multiple people & recipients which the server can separate out when relaying the message
(message keys are encrypted to each recipient’s keypair*)
*simplified because I can’t be bothered to explain how deniability is implemented. Just look up the Signal protocol’s ratchet
The app doesn’t matter. Wrong fucking network.
Absolutely right. Messages of the type they sent should never be on a public network whether they are encrypted or not.
The military does tons of stuff over public networks, the key is using vetted hardware and their own VPN and communication tools which allows complete control over recipients.
No random unaudited consumer devices which might have various exploits known to outsiders, which might fall into the hands of spies, and which DEFINITELY does not have any active security monitoring.
Wrong hardware!
True. For war plans use Tinder, or maybe Pinterest.
What’s wrong with the traditional war thunder comms?
Oh man, you got me there.
You surely meant Warthunder forums
Ok, let’s pick the correct App for planning the rebellion.
Bluesky, Lemmy, Revolt, Ghost, Spark, & Flashes apps. Diaspora, Zen Browser, & Raindrop too
Those each cover a different aspect that will empower everyone. We need a US Community on Revolt too not just Lemmy
Never heard of it before.
What’s the elevator pitch?
Alright here
revolt.chat
Its an even better thing than Discord.
(They have an alternativeto.net entry that explains a lot more about them too. Also, AlternativeTo is a great resource to find more open-source (But you have to check online if it’s community-made or corporation owned) platforms/apps/websites/etc to switch to. Recommend using that too)
Positives:
I say we make a U.S. Server on there to inform each other, inspire each other, take action, collaborate, & coordinate
That would be a great way for all of us to really get things going in real life & online. Also, to have different sections of the server dedicated to various issues:
I would do it but don’t know how to run a community, & server
Truth Social. That way, nobody will ever see the plans
And if anyone magically finds them, they’ll dismiss it as a crazy conspiracy
Post it on 4chan so that people will dismiss the leaks as fake and gay.
TLDR: some government/military official added a reporter to a Signal group were some high profile people were discussing and sharing war plans. The app’s encryption is perfectly fine. It’s just clickbait.
They weren’t war plans. They were attack plans. /s 🤦♂️
genocide assisting murder plans
Its not click bait, its a great layman’s terms explanation of the app and what it does. This is the kind of article I would send to my parents who are basically tech illiterate when this topic inevitably arises. It also clarifies points that were poorly reported by other outlets, which is necessary to call out, especially in our current informational climate.
What about it is clickbait? That title is really upfront about signal’s encryption being fine.
Fundamentally the biggest security vulnerability in every peice of software is the end user. It does not matter how intelligently the software is designed, no amount of preparation can handle the users. That is not to say Signal has no security vulnerabilities but almost nothing can stop someone from inviting a random reporter (if they explicitly invited them). Furthermore I have a conspiracy theory of sorts, I dont think it was a mistake. I think Trumps own administration is trying to backstab him. Maybe they had ideas of becoming more powerful, maybe they thought Trump would reduce their power, but I feel that the amount of government leaks and just how complicated they are would suggest infighting.
Yeah- that is a bit odd. Who and if not intentional, how?
What security vulnerabilities does signal have?
Heres a list of all current CVEs
The main issue I know about is in how messages are stored (the top CVE in that list). If a phone is compromised, all chat history could be exfiltrated. That’s incredibly unlikely for a regular citizen, but it’s a lot more likely for an important position like the head of the Department of Defense or something.
Im not a security researcher tbh and I havent extensively studied the security model of Signal (I use Matrix)
Same. I’m just generally pretty cyber-security curious, and have read a bit on this topic.
I think Signal and Matrix are absolutely fantastic. I use Signal as an SMS replacement and Matrix for group chats, and I whole-heartedly recommend both.
BTW, thanks for providing the CVEs, I hope that answers a few peoples’ questions about it. One thing to note is that a high number of CVEs is indicative of a lot of academic interest, which is a good indicator that a project is interesting to the security community. So seeing a lot of CVEs is a good thing, assuming the more critical ones get close quickly (and Signal does a good job keeping up with updates).
Thats why the Linux kernel has a massive amount of CVEs, its extensively audited and researched.
Hmm, last cve was in 2023…