Post A3bG5pppxIlz0MFwEC by xiu@social.bim.land
(DIR) More posts by xiu@social.bim.land
(DIR) Post #A3b9Q86z0vhtnj0RqC by kev@fosstodon.org
2021-01-25T14:08:46Z
1 likes, 2 repeats
Lots of naysayers bout #Signal lately. Saw this post from @xiu and I couldn't agree more.https://xiu.io/posts/20-the-case-against-signal/
(DIR) Post #A3b9r6nK1F2zXDfrxw by sotolf@fosstodon.org
2021-01-25T14:13:49Z
0 likes, 0 repeats
@kev @xiu Yeah, I agree with all of that, another big problem is that all of it's servers are in the US, a country known for having really bad privacy protection laws.
(DIR) Post #A3bAUny3R6uojAcgro by hund@fosstodon.org
2021-01-25T14:20:16Z
0 likes, 0 repeats
@kev @xiu I just read it and I couldn't agree less. That's just a bunch of stupid. :/
(DIR) Post #A3bBObRlAwxE6y7ktk by jamesvasile@fosstodon.org
2021-01-25T14:30:44Z
0 likes, 0 repeats
@kev @xiu It doesn't look like open source to you because Signal takes the Rocket Ship approach to open source. That model suits Signal's strategy but is less satisfying to an open source public that wants a more Wide Open model. https://opentechstrategies.com/archetypes-files/open-source-archetypes-v2.pdf#section*.10
(DIR) Post #A3bFbVExxgDURaXwkS by lx@tooting.ch
2021-01-25T15:18:07Z
0 likes, 1 repeats
@kev @xiu The only reason to consider using #Signal over #WhatsApp is that they found a way to match people without giving out the whole address book. However, since phone numbers are inherently limited in the number of possibilities, it's not terribly difficult to brute force every number.I still feel like that's a big downside compared to something like #Threema, where you don't need a phone number.
(DIR) Post #A3bFlIB3NukupENtQG by kev@fosstodon.org
2021-01-25T15:20:00Z
0 likes, 0 repeats
@lx @xiu not sure I agree with this. The whole sharing data with Facebook thing is a pretty big reason to use Signal over WhatsApp.
(DIR) Post #A3bG5pppxIlz0MFwEC by xiu@social.bim.land
2021-01-25T15:23:34Z
0 likes, 0 repeats
@kev @lx In addition, they are working at removing the phone number requirement. https://signal.org/blog/secure-value-recovery/ being one of the steps to get there.
(DIR) Post #A3bGI29pxxyOhJQaMS by lx@tooting.ch
2021-01-25T15:25:37Z
0 likes, 0 repeats
@kev @xiu Yes of course, but I think if WhatsApp had the same measures in place that Signal uses to hide the address book, the data would be much less interesting for Facebook. In the end, you are still sending the same metadata to some centralized service in the US.Maybe sealed sender (if activated) is another benefit though.
(DIR) Post #A3bHUJbN2FCwEEj66y by cos@fosstodon.org
2021-01-25T15:37:51Z
0 likes, 0 repeats
@kev @xiu Matrix exists, why would anyone use Signal except because of vendor lock-in? It's more free than WhatsApp but still a centralized dead end.
(DIR) Post #A3bHXV7meNBmpoPGU4 by sotolf@fosstodon.org
2021-01-25T15:38:40Z
0 likes, 0 repeats
@kev @lx @xiu well I'm kind of not sure if they didn't share the data in the first place, and just are being more explicit about it now, still I'm not able to move the people that I need to keep in contact with over, anyway, and I don't see signal as a good point, even telegram with it's homebrew encryption is starting to look like a better bet to me.
(DIR) Post #A3bHvl0hEtAd3MeqFE by kev@fosstodon.org
2021-01-25T15:44:17Z
0 likes, 0 repeats
@cos because Matrix is a pain to setup - to use an analogy, my Grandma couldn't use Matrix. I have no interest in using these kind of tools - they're usually more of a headache than anything else in my experience. @xiu
(DIR) Post #A3bJU73lrjHBEs2eR6 by mwt@mathstodon.xyz
2021-01-25T16:01:15Z
0 likes, 0 repeats
@sotolf @kev @xiu does it matter where the servers are? It's E2EE.
(DIR) Post #A3bJU7VmBbg4dj915U by kev@fosstodon.org
2021-01-25T16:01:39Z
0 likes, 0 repeats
@mwt @sotolf @xiu exactamundo!
(DIR) Post #A3bL5enBVnIqWjkYTI by rain@melonbread.dev
2021-01-25T16:19:58.927169Z
0 likes, 0 repeats
@cos Exactly! This is how I feel when someone suggests Lbry as a YouTube replacement over something like PeerTube.
(DIR) Post #A3bLSWWCRMGdWgi0rg by sotolf@fosstodon.org
2021-01-25T16:02:50Z
0 likes, 0 repeats
@mwt @kev @xiu metadata, ip-addresses, and us goverment usually demands backdoors into software hosted in the us, which is why I see anything being hosted only in the us as a giant red flag.
(DIR) Post #A3bLSWvMvmOsmkU760 by kev@fosstodon.org
2021-01-25T16:23:49Z
0 likes, 0 repeats
@sotolf @mwt @xiu > US govt demands backdoorsI mean, that's conjecture right there. But aside from that, with this being E2EE there is no meta data for anyone to see.So the data is encrypted on the device **before** it's transmitted to the recipient. It's just packets of encrypted data traversing the internet.
(DIR) Post #A3bLbZQF0rpz8fEfxo by sotolf@fosstodon.org
2021-01-25T16:25:23Z
0 likes, 0 repeats
@kev @mwt @xiu metadata like ipadresses and timestamps can not be encrypted and still be brought through a centralised server.
(DIR) Post #A3bM5Y6KUPUljFDWWO by kev@fosstodon.org
2021-01-25T16:30:53Z
0 likes, 0 repeats
@sotolf @mwt @xiu sorry, maybe I wasn't clear...There's nothing in the packets that says "YO! THIS IS A SIGNAL MESSAGE! YOU NEED TO LOOK AT ME!" Yeah the TCP headers are still there, they have to be, but the content of those packets is useless to anyone but the recipient.If the US Govt recording you IP address and timestamps is a concern, you should probably stay off the Internet. 🙂
(DIR) Post #A3bMLuAIDxAOnAs0Tg by sotolf@fosstodon.org
2021-01-25T16:33:38Z
0 likes, 0 repeats
@kev @mwt @xiu Do we have a possibility to access the servers to see that they don't store ip-addresses and timestamps? I'd be less worried if it weren't going to us servers, and If I didn't expect it to be secure/encrypted, I have no problem with mastodon for example since I don't expect anything here to be private. I'm not saying nobody should trust them, just that for me personally that's a red flag.
(DIR) Post #A3bMbj0zRncOqP3vfs by kev@fosstodon.org
2021-01-25T16:36:41Z
0 likes, 0 repeats
@sotolf I get it. We all have our own measure of what we're prepared to put up with.@mwt @xiu
(DIR) Post #A3bMlZk6mC9yyyrZgm by sotolf@fosstodon.org
2021-01-25T16:38:16Z
0 likes, 0 repeats
@kevExactly that yeah :) I can't say much as I'm still using WA which for sure is worse, but well it's either that or talking to myself on some other service :p@mwt @xiu
(DIR) Post #A3bMnix9VGcW7wzMzA by kev@fosstodon.org
2021-01-25T16:38:51Z
0 likes, 0 repeats
@sotolf I hear Signal is really good! 😂 @mwt @xiu
(DIR) Post #A3bMw7rqkuwpiNVzYO by sotolf@fosstodon.org
2021-01-25T16:39:54Z
0 likes, 0 repeats
@kev 😣 😂 @mwt @xiu
(DIR) Post #A3bNwImUHOERW5edu4 by cos@fosstodon.org
2021-01-25T16:51:37Z
0 likes, 0 repeats
@kev @xiu the major difference is that you register using username + password instead of phone number (and maintain anonymity). I agree it's too difficult for grandma but maybe she can be helped. We who are skilled enough should register to other servers than matrix.org to help decentralize and reduce load on matrix.org.
(DIR) Post #A3coybiDky7yjKwVDE by hannsens@fosstodon.org
2021-01-26T09:28:25Z
0 likes, 0 repeats
interesting background reading. Thanks for the toot.
(DIR) Post #A3ffusS7G5dHNTR64O by AAMfP@fosstodon.org
2021-01-27T18:31:50Z
0 likes, 0 repeats
@kevWhat about @Jami ?@cos @xiu