Humans are too stupid to switch from convenience to slightly less convenience even if they get privacy for free. Any amount of discomfort is too much and changing an app is basically death.
They see no value in it. They don’t see that privacy is proactive measure that can protect you.
On Facebook, especially in my family, accounts get lost and hacked. One fine day, it might be someone with more influence in the family who’s attacker might make off with stolen bank information or passwords.
but “that’ll never happen”, right?
After Trump was elected and inaugurated, Signal has finally been gaining some steam here in the Netherlands.
It’s still an American company, so it’s not ideal. But it’s still significantly better better than letting a tech giant like Facebook have control over the most commonly used chat app.
WhatsApp needs to go and Signal is the most likely way in which we can achieve that. We can worry about the American elephant in the room later.
There is threema, a Swiss messenger that gained some popularity earlier since they had end to end encryption before whatsapp.
Unfortunately the source code is not open (even though they do get annual audits with public reports), and the client costs 3 EUR or something (once).
Yeah, but Threema has basically no momentum behind it at all at this point.
I’m putting my social capital behind the option that currently stands the most chance of beating out WhatsappThreema has a pretty big momentum in some countries.
Then by all means keep that momentum going.
I’m just looking at this from a Dutch perspective, where Signal is seeing by far the most growth.You can help making it stronger. That’s what I did in Germany: if people want to contact me, I usually give them my Threema ID first, everything else comes later.
But my goal is not to move to Threema, my goal is to move away from Whatsapp.
Signal fits the bill while expending far less social capital convincing people to use it.
And Switzerlands records in terms of privacy sadly is far worse than most people think - even with the last attack being repelled.
Matrix (preferably on a non-matrix.org instance) currently is the preferable non US and privacy friendly way.
I don’t know - this hype about Matrix reminds me of XMPP which was similarly popular a decade ago. Today, nobody even remembers it anymore.
Pepperidge farm remembers, and so do I. Lots of people I know use XMPP (Cheogram, Dino, etc).
Until Facebook buys them like they did with WhatsApp…?
FYI, while Threema front-end clients (apps) are open-source (and offer reproducible builds, which is surprisingly uncommon in open-source land), the server component, though supposedly audited, remains closed-source.
EDIT: for comparison, the Signal server code is mostly open source, but things like the spam filter are closed.
Thanks.
And I didn’t know Signal had spam filters. It makes sense to not make that open source.
In my circle of 20 there has only been one instance of spam over several years. 3 of us got the same message.
That’s just the client, the server architecture is what really matters.
Thanks, yeah someone else said similar here.
Signal is based in America but it’s a non profit organization, not a company. Important difference
But being based in the United States it is still subject to American laws, and that comes with the risk of potential American spying and embargoes. Software from any American entity (be it coorporation or non-profit) comes with that risk.
America is not a monolith. Signal’s developers are very much aware of the risks of operating there and probably already have several escape plans given recent developments. I also think five-eyes probably has access but getting it might be computationally expensive.
Sadly many still don’t want to switch. My most active chats are in signal now but the large majority of chats are still on whatsapp
If you leave WhatsApp, your chats will usually follow.
I will use the opportunity to remind that Signal is operated by a non-profit in the jurisdiction called “the US”. This could have implications.
A somewhat more anarchist option might be TOX. There is no single client, TOX is a protocol, you can choose from half a dozen clients. I personally use qTox.
Upside: no phone number required. No questions asked.
Downside: no servers to store and forward messages. You can talk if both parties are online.
You can use Signal with a different client. Signal being operated within the US has no effect. As of now the jurisdictions that I know of to be worried about are:
Sweden, where a law is proposed to add an encryption backdoor
The EU, where leadership is pushing for an encryption backdoor
France arrested the founder of Telegram for using end to end encryption in Telegram
Australia in 2018 passed a law that enabled the government to require communications platforms add a backdoor for government decryption. The Director of the Australian Security Intelligence Organisation (ASIO) said that “privacy is important but not absolute”. Which has the same vibes as “this is not about human rights, this is about human life.”
WhatsApp was previously suspended in Brazil for refusing to hand over decrypted messages.
China and Russia are very obvious problems. Here’s an easy one of many examples
The White House both in Trump’s first term and in Biden’s presidency were pro-encryption. Signal and Tor were US government funded projects. That’s not to say the US is great on encryption, and there have been laws in the past that did/were proposed to limit it. But, as of now, it seems that the US is (edit: one of) the most hospitable jurisdictions for encrypted messaging non-profits.
BTW, I’m not saying using Tox is bad, or that Signal is good, I’m just talking about the US jurisdiction part.
You can use Signal with a different client.
Can you advise, which one would be a good one? Because I actually use Signal too, it’s just misbehaving a lot recently.
I have had endless difficulties with Signal forcing upgrades on me and requiring to sign in on the phone, under threat of deactivating my account (I use it on a PC).
I’ve never used any, but Molly seems well liked
Well yeah we could also use Briar or whatever… but would your grandma?
i’ve only managed to get some of my fam to move over to signal. the other half full on refused
deleted by creator
Not sure if you’re actually sincere or are sarcastically making fun of Tox’s onboarding. That’s a long key.
deleted by creator
They’re probably not joking, TOX IDs are like that. :) Mine is:
CA9A4C1968AA38CC93CB32F31F3682AB897ABA42C90E6F0EA5E1FB541930FD64138B4CC09AD*
(*the number opposite to the first is the number that comes after one, to hinder any spam bots)
deleted by creator
It’s ethical because it runs on donations and has a non-profit business model.
Meta likely spends at least $1 billion a year running WhatsApp.
Please donate to Signal if you use it.
TIL I have no family I care to keep in touch with and I have no friends.
How do we know signal isn’t also run by a techbro who just wants our data?
I don’t think that the founders are bad people. If you look at their history of work, they have done enormous amounts of work in the computer security sector. The founder, however, did run a cloud based WPA cracking service.
Meredith Whitaker, who is the president, used to work at Google doing research for “issues related to net neutrality measurement, privacy, security, and the social consequences of artificial intelligence”.
In 2018 she then staged walkouts at Google over concerns of sexual misconduct and citizen surveillance.
The people on Signal’s board seem to be trustworthy people with a pretty airtight background. You have to worry more about the mobile operating system compromising you than do you about Signal.
Does it really matter who made it if you can see the source code? You don’t have to trust them.
That’s kind of a core tenet of libre/open software, innit? Independently verifiable software that you can change at your pleasure.
Can you though? Can I build the apk myself and use their services?
Yes, you can use their exact build environment straight from GitHub. You can also use Molly.im which is another app that i think is a fork? Im still investigating it.
I like Signal. I even got all my close friends and family on it, specifically to message me because I won’t use whatsapp. The PIN reminders are annoying it enough to be legitimately holding it back from mass appeal imho
Turn them off
The fact that it’s opt-out is already a reason to push people away from the app
I think it was meant as a security feature in case someone picked up your unlocked phone. It perhaps someone cracked your front screen passcode. I know if you forget your password and have to reset it you lose all previous conversations. It’s very secure this way. Bit of a pain… but secure.
That’s not even what it is lol.
And as the other commenter alluded to, defaults matter. You’re not replacing the thing everyone is already using by pitching “here’s an alternative that is better in ways which don’t affect your usage at all, and also you have to dig into the settings to turn off the optional daily popups”
Yeah someone who cares enough about security to switch to Signal in the first place will be willing to go into the settings to get everything just the way they like it, but everybody else will only keep the app if it doesn’t bug them.
They are monthly not daily popups. They are daily at the start kust to make sure you memorize your PIN, then they peter off.
However if you ignore a monthly one then it doesn’t disturb you until the next monthly reminder. What is the point of a PIN if it can be ignored?
Don’t ask me for a phone number and I’ll use it.
When did WhatsApp start allowing signups without a phone number?
No clue. Never even tried to use it since it’s a Meta product. I was referring to Signal’s phone # requirement being a non-starter.
So what do you use now?
I use Element.
I use both and have been happy with both, but note that Element / Matrix have recently announced the intent to add paid service tiers.
Fair enough, servers cost, you can self host it too…
Remeber, If it’s “free”, you are the product.
Matrix
The irony of you posting this on lemmy, which won’t allow posting from a VPN or masked email addresses is not lost on me.
The amount of hoops I had to jump through to make this comment and maintain some semblance of privacy is infuriating but at least it’s not reddit I guess?
But do go on about your security standards…
Edit: BTW, you can set signal to hide your number completely. Combined with FOSS-based encryption keys on-device makes signal the only choice for trying to maintain freedom of expression globally.
Nothing will protect anyone from messaging with a snitch who knows how to screenshot though. Food for thought… get to know your neighbors now.
If you’re reading this comment, I posted it from proton vpn
Thanks, appreciated. I installed Nord on my linux box as well, then set that to openvpn technology and obfuscated servers which worked. I’d prefer to use their quantum-proof encryption but there’s no way to bypass VPN checks if one sets that. I think it’s a mistake on lemmy’s part to even put that hurdle up, but it is what it is. Having one’s real world identity tied to social media is a risk going forward. Data is the enemy.
Data is 100% the enemy and you’re right, lemmy would be moronic to put that roadblock in place
They DID put that roadblock in place. That’s kinda my point. You have to loosen a VPN’s security to post here (as I’ve had to do to reply). It says “no posting from VPN” in the lower left if one uses more advanced/secure encryption. They also don’t allow account creation from masked email platforms like fastmail.
You’re using the wrong lemmy server then, no problem with mine
It doesn’t matter if you hide the number; at some point they deanonymized you when you signed up.
Want to be a dick about “hoops”? Get a number that isn’t traceable. It can be done, but it’s tough. I doubt its possible in the countries that really need anonymity of association.
Deanonymized isn’t a risk with end-to-end FOSS-governed encryption (as compared to Meta’s mysterious backend that manages keypairs for whatsapp and messenger). Sealed Sender can even obfuscate the metadata of the recipient for further snooping hurdles. Nothing is perfect, and any participant can silently ex-filtrate conversation data with another camera.
Duck duck Go VPN connection here
I would like nothing more, but so few of my contact group are willing to switch away… despite all of Meta’s bullshit. I resent being made to use it whilst their AI/ads encroach further and further.
My wishlist is an app which is not linked to a phone number, is multi platform and has a web app. It should be none US and open source. That isn’t too many requirements and yet nothing seems to full fit the bill? Anyway good luck trying to get school parent’s groups to use something other than WhatsApp.
Matrix fits the bill.
Unless you don’t like the federated nature.
XMPP/Jabber via a web client like movim.eu sounds like it ought to work!
You can also look into Snikket as a host for small groups like friends or family, but can continue to use the Movim web client even if you’re hosting with Snikket rather than Movim itself.
Matrix and Element. Run your own server if you want or use a server that’s not in the US.
Wish more of my contact list would switch over to Signal. It’s nearly the same. I don’t see why it’s so hard for some people to just start using Signal instead of WhatsApp.
Oh well.
Because people are beyond stupid. “i dont want to download another app” - while having an app for almost every other store and bullshit game and whatever
I think what they really mean is “I don’t want another account”.
Hell I’ve been getting rid of accounts lately. Feels good.
It’s super cathartic, I agree. Feels extra good when it’s big tech and fascist-owned as well.
“But why, everyone is on WhatsApp”, and also a lot of businesses. “Privacy? I’ve got nothing to hide, what are they gonna do eith my info?”
deleted by creator
groups/channels?
When they dropped sms support I was no longer able to convince people to migrate to signal.
Before I could make the argument that you need one sms app anyway so that app might just as well be Signal instead of the one that comes preloaded with your phone. That way people would gradually get more and more secure messaging as time went on. When sms support was dropped, Signal could not replace an existing app and adding another messing app is much less appealing than replacing one.
How about Delta Chat? At least as secure as Signal, open source, and decentralized.
Not saying that it’s necessarily a bad option, but my biggest issue with delta chat is that it does not offer forward secrecy (if a user’s private key is compromised, past messages can be revealed); Signal does. Delta no question beats signal in decentralization, though email is less decentralized than it seems–how many people do you know who still use gmail? Delta also inherently leaks metadata on whom you’re communicating with to the email host (that’s just imap/smtp). Signal can mitigate this somewhat with Sealed Sender (which gives one-way anonymity), though it can be broken with statistical analysis, and signal metadata is more identifying due to requiring a phone number.
Anyone know why the Signal app isn’t available on F-Droid? Isn’t it supposed to be open source?
I think it’s by request. the fdroid team build every single app in their repos which means that they are not always fully up to date, so signal argues that whenever they need to push a security release people on froid would take forever to update.
I think I’ve had this issue with simplex. I’ve had to wait over 2 weeks for an update. That’s why I’m using obtanium for it instead
Molly is in f-droid, though it’s technically third party. Looks identical though.
I was looking at Molly.im and it has its own f-droid repo. There are two options: with and without Google servicios.
You can install and update it through Obtainium directly from GitHub.
How about matrix?
Overdramatic blog post,sorry. I can’t stand the whole “fremmium” crybabies that then literally recommend the next freemium or “non transparent funding model” service… And don’t understand the fundamental difference between the Protocol and one of its implementations.
Matrix as a protocol is solid and is used far beyond the Matrix messenger. (e.g. the French and German governmental messenger, the German healthcare messenger,various armies,etc.) With a lot of commits coming from there - but not enough funding,that is definitely an issue.
The current issue with Freemium is solely limited to the matrix.org instance. There are hundreds of federated instances out there that aren’t Freemium and won’t have the need to go that way as they are funded differently.(e.g. the Lemmy Instance I am currently writing from, feddit - we are financed through other means) As they are federated it doesn’t matter - and honestly, I personally tend to see this as a good thing - it will lead users away from matrix.org towards other instances, making the whole network more reliable and decentralized.
There are two other issues that are relevant, though: The way the foundation is run is not ideal, definitely - there are and were issues and I am not happy with some management decisions, but at least they are getting somewhat better recently (government board). The whole protocol does not evolve as fast as it should be and this is an issue,especially as a it also affects bug fixing. As an executive for a (much smaller) company myself I see management issues and infighting due to lack of leadership within the foundation and I am not happy with that. The second issue is Element as a company that does things companies do - focus on making money. This in theory would be a good thing if Element would send enough money AND effort upstream to seriously bring the whole project forward. For a long time this seemed to be the case,but licensing issues and the “stale” development off Element X(Matrix 2.0) has me questioning that as well - but recent changes show us hope in that regard. We also need to carefully reconsider if element is keeping too much"closed" source code for monetized features and what influence VC really has. In conclusion: We need better leadership for Matrix,more transparency and more funding.
The good news is: It doesn’t mattter too much - if the current foundation fucks up and goes belly up it is not the end of Matrix - the protocol is decentralized enough and the licencing of the core components permissive enough for another (better?) foundation to start over. There are dozends of clients available and we have alternative servers available by now.
The funding part nevertheless is my major pet peeve here. All around Europe governments try to get rid of US tech - and use Matrix protocol based products. But they hardly if ever fund that. If Germany, France, Poland and Luxembourg (the big users) would give 5€ per year for each client they implement all issues with funding would be gone, Matrix 2.0 would be available in a few months, VC could be pushed out of elements AND they could mandate more transparency.
The issue with funding is relevant for all NGOs and especially in tech. Running servers costs a fuckton of money.
Signal has a respectable amount of backers but is a centralized protocol and when Trump does something shady moneywise their infrastructure,money and possibly even people will be gone within 24 hours.
Threema has a more sustainable business model but Switzerland is,well, difficult, in terms of privacy and intelligence services overreach, especially towards traffic pointing to foreign servers or hosts.
Revolt is a centralized service with no federation,limited selfhosting capabilities,with unclear funding(we are waiting for a financial transparency report for ages now).
Polyproto is still not quite there feature wise and funding, etc. is unclear.
Delta Chat is indeed an option but has massive technical limitations.
That leaves XMPP as the sole big competition if you want non-centralised, non-US based, privacy friendly, messaging.
