this post was submitted on 10 Aug 2024
127 points (97.0% liked)
Solarpunk technology
2348 readers
9 users here now
Technology for a Solar-Punk future.
Airships and hydroponic farms...
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Personally since I read this, I stopped recommending Signal. In this article among other things they say:
I also saw a video where Moxie was a speaker defending centralization not only for Signal, in general, and I don't agree with this approach. (I think it was this one 36c3 Moxie Marlinspike: The ecosystem is moving)
I agree with you but I think that signal was built as to not trust the server either way.
That's what they like you to think yes. But it is only the message content and not the various forms of metadata that is protected by their encryption scheme.
It's also the metadata. Profile and contact discovery is also private. I don't think they have anything except your IP.
Seal sender is a nice idea, but since you can easily run timing attacks on centralised infrastructure it is pointless for Signal, or rather you have to trust them that their infrastructure is not compromised.
They also store device ids for push notifications via Google/Apple.
I see where this is coming from and I personally prefer Matrix because of that but I must recognize that while I disagree with Moxie on some things he has a more pragmatic approach that has merits and probably has this position for good reasons that do not come from an evil/corporate plan. He wants people to use secure communication and he proposes compromises between security and ease of use (without which no one will switch, making general communication worse).
I still recommend Signal. To my geekier friends I recommend Matrix. But all in all, I consider Signal is still fighting the good fight.
I've said it before and I'll say it again. Signal is in the perfect niche of privacy and usability and, sadly, suffers for it. Privacy enthusiasts don't think it is private enough and "normies" (for lack of a better term off the top of my head) don't use it because there aren't enough people using it or it just isn't fun enough. Meanwhile, it's insanely trivially easy to install and register and it works like a normal message app.
Edit: ironic that I accidentally triple post a comment that starts with "I've said it before and I'll say it again"
Moxie isn't involved in Signal decisions day to day, he resigned in 2022.
TIL. Thanks!