this post was submitted on 03 Jul 2023
1509 points (90.9% liked)

You Should Know

33124 readers
112 users here now

YSK - for all the things that can make your life easier!

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must begin with YSK.

All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.



Rule 2- Your post body text must include the reason "Why" YSK:

**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding non-YSK posts.

Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.



Rule 7- You can't harass or disturb other members.

If you harass or discriminate against any individual member, you will be removed.

If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- The majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.



Partnered Communities:

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

Credits

Our icon(masterpiece) was made by @clen15!

founded 1 year ago
MODERATORS
 

"When you use Signal, your data is stored in encrypted form on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on."

This isn't an ad, I wasn't paid for this post. Just to clear the air: fuck facebook, fuck elon musk and twitter, fuck anyone who thinks this is a paid advertisement. I wish I was paid for this shit, I just wanted to spread the word. Thank you. πŸ˜€ πŸ‘

you are viewing a single comment's thread
view the rest of the comments
[–] pchem@feddit.de 5 points 1 year ago* (last edited 1 year ago) (2 children)

I have to say that some of the points on that site are outright ridiculous.

First off, they quote the privacy officer of the German protestant church, who has no technical background according to his own bio:

"… when using Signal, data protection concerns remain, especially because this service processes personal data of its users outside the scope of the GDPR. The use of this messenger service can therefore not be recommended.”

Not sure what that's supposed to mean, because the GDPR applies based on user location and not company location. Although I'm going to grant that having servers in US jurisdictions may be a concern.

And he goes on to say that Threema (for profit, proprietary server code and (at the time) client code) and SIMSme (for profit, fully proprietary) are preferable over Signal because of the jurisdictions they're in. Not sure about anyone else, but I'm going to trust the open source software more, regardless of what jurisdiction the servers are in.

I do have to give him credit for recognising a "self-hosted messenger service based on established and freely available protocols on federated servers" as the best option, though.

negative: actual server software used does not have to match the version published on GitHub

Fair, but how many other messaging services publish server code at all?

negative: terms of use (external) as well as privacy policy in English only

I suspect there's very little overlap in the Venn diagram of people who use (or even know of) Signal and people who don't speak English.

negative: weaknesses in authentication for encryption

This boils down to users trusting Signal as a certificate authority and not verifying their contacts "security number". Fair point, but a user can still choose to use Signal in a way that removes those weaknesses.

Of course, since we're on a federated service, I expect people to jump on the chance to recommend Matrix/XMPP instead, but realistically, I've had much more success getting people to use Signal. And apart from federated messengers, I'm not aware of anything better than Signal.

[–] quaddo@lemmy.ca 2 points 1 year ago

I've been using Signal for what seems like years now.

I've got 4 contacts (5 if you include a martial arts school I no longer attend), and only char with 2 of them regularly: my brother and sister.

I've downloaded and installed Briar, Session, and Simplex, and keep meaning to test them out with the help of my wife ('s phone) to see what they're like.

[–] mathemachristian@lemm.ee 2 points 1 year ago (1 children)

The GDPR applies to companies looking to utilise the software. So the church or any other entity bound by the GDPR cannot use the software due to it's closed structure with servers in the US. This is absolutely a concern since business is conducted over messenge apps nowadays. I must've broken GDPR when communicating with my students about tutoring over WhatsApp. Our midwife must insist on threema with no alternatives. For the church this means they cannot communicate amongst themselves over Signal.

The site has a German audience in mind so the fact that the privacy policy not being accessible to non-English speakers is an obvious concern. I don't understand how "well only few non English speakers use it" is an excuse.

And lastly the fact that Signal is the only CA means that they can use a machine- in-the-middle attack on their own users and there is no way to protect against it.

[–] pchem@feddit.de 1 points 1 year ago (1 children)

And lastly the fact that Signal is the only CA means that they can use a machine- in-the-middle attack on their own users and there is no way to protect against it.

As I mentioned in my comment, it doesn't - if the users verify each other's "security number".

[–] mathemachristian@lemm.ee 1 points 1 year ago

The theory fails once it meets reality.

https://eprints.cs.univie.ac.at/4799/

All the other points stand as well.