• fubarx@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    As long as they stay away from public ‘channels.’

    There lie dragons.

  • Twinklebreeze @lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    I love the idea of signal, and want to use it and invite friends to it. But then I remember I don’t really want to message anyone, and don’t really have friends because I have no interest in messaging people.

  • graphene@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    Wasn’t there some controversy about Signal’s creation being supported by the US government to provide private communications for anti-us-enemy organisation or something? I’m sure I remember it correctly…

      • BassTurd@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        I think yours is the first comment I’ve read that has Proton hesitancy. I’m curious what your reservations are.

        • ElectroLisa@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          Not OP, I’ve heard criticism of their recent Duo subscription and their bitcoin wallet.

          I use Proton services and my biggest gripe is their mediocre Linux VPN app. No binaries to download/Flatpak, advertised port-forwarding isn’t fully implemented and requires playing around in a terminal, and UI feels less polished than it’s Windows counterpart.

          There’s a community made Flatpak of ProtonVPN though, in case it helps anyone

        • Zetta@mander.xyz
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          I actually don’t know what people’s hesitancy is, but I’ve seen numerous people say proton is not good, we’ll see if anybody chimes in with a reason.

          • Bakersfield@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            3 months ago

            The email service says it was unable to appeal a Swiss court’s demand to log the IP address of a French climate advocate.

            This weekend, news broke that the anonymous email service ProtonMail turned over a French climate activist’s IP address and browser fingerprint to Swiss authorities. The move seemed to contradict the company’s own privacy-focused policies, which as recently as last week stated, “By default, we do not keep any IP logs which can be linked to your anonymous email account.”

            Edit: formatting

          • Frozyre@kbin.melroy.org
            link
            fedilink
            arrow-up
            0
            ·
            3 months ago

            The one and only critique I’ll give to Proton is how they have it where you can have Google e-mails forwarded to you to your Proton address.

            And it’s like…why? The entire reason you’re going to ProtonMail is to escape Google. Why the hell would you want Google to try and pry into your Proton usage when all you want is to distance yourself from them?

            • dubyakay@lemmy.ca
              link
              fedilink
              English
              arrow-up
              0
              ·
              3 months ago

              You set up the forwarding in google, not proton. You mark the forwarded emails in your proton mailbox. You forward the emails to your proton account until you changed all the sources that you care about from your google to your proton mailbox. Then you turn off forwarding.

              Google never gets any more data from you except your protonmail address.

          • forgotaboutlaye@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            3 months ago

            I’ve seen doubt of it’s push to pack products into it’s offering ala Google - however I don’t see that as enough to call it not good.

            It’s also very easy (and suspicious imo) for anyone to call a service not good without any reason to back it up.

            • ElegantBiscuit@lemm.ee
              link
              fedilink
              English
              arrow-up
              0
              ·
              3 months ago

              I see that as offering services that people clearly use and value, and that the bills have to be paid somehow. So as long as proton can deliver the privacy and security features it promises, I personally don’t see anything wrong with providing an alternative when the only other options are built on monetizing your data.

          • vulgarcynic@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            0
            ·
            3 months ago

            I often figure it’s google bias and / or people trying to impose their threat models on other people.

            Been using proton for quite a while with a few custom domains and am impressed with the service to price of their offerings.

            We can one off use cases with any vendor, but at the end of the day, they offer a more secure out of the box experience than just about any other platform out there. If someone is doing illicit shit and gets popped, it’s not on the service provider to provide air cover for them. Improve your opsec or self host.

  • Summzashi@lemmy.one
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    Nobody is going to use Signal when it lacks so many features. Feels like MSN messenger compared to it’s peers.

    • Varyk@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      3 months ago

      what do you mean? i use it a lot and it works great, photos, videos, phone calls, optional temporary location sharing with friends, and encryption.

      what features do you want it to have that it’s lacking?

    • Frozyre@kbin.melroy.org
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      That’s not a bad thing. Maybe some of us don’t want to be cluttered with a lot of things we don’t really care for on using. God forbid we go back to simpler days of communication whereas now we’ve got things like Discord trying to charge people to pay actual money to have fancy little animations for your profile picture.

      Is that what you think is missing? Stupid pointless things that make you feel special because you paid money for it when the true attraction should be focused on how much communicating can be efficient and caring about your privacy and security?

        • Frozyre@kbin.melroy.org
          link
          fedilink
          arrow-up
          0
          ·
          3 months ago

          You should probably off yourself, it’d do the world a lot of use. We’ve got 8 billion people on the planet, don’t worry, we’d do so much better without you that you’re expendable. You may want to think you’re significant and everything but really, you aren’t.

      • Summzashi@lemmy.one
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        Is that what you think is missing?

        No.

        The rest of your incoherent essay is now useless.

        • Frozyre@kbin.melroy.org
          link
          fedilink
          arrow-up
          0
          ·
          3 months ago

          Oh please, stop trying to cover your own ass. You’re embarrassing yourself. Look at the chain of comments. You’re trash through and through. Nobody will miss you. All that you seem to live for is just bitch at others and when it happens to you, you cry like a little bitch yourself.

  • 𝕸𝖔𝖘𝖘@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    My only gripe with signal, is the use of phone numbers as usernames. Not everyone with whom I want to communicate via signal has a phone number. I understand why they went this route, but wish there was an alternative way.

    • ikidd@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      It creeps me the fuck out. I do not get why a service that bills itself as secure needs to know something that can be traced back to my credit card and name. I won’t use Telegram or Signal because of this.

      • UnderpantsWeevil@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        The Signal pitch is that you don’t need identity security so long as the encryption is strong enough.

        That is, incidentally, the same pitch Botcoiner make.

      • 𝕸𝖔𝖘𝖘@infosec.pub
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        It’s about your posture. Most people who use signal use it to have privacy from governments. They’re not hiding that they use signal, they’re hiding what they write on signal. In this case, using your phone number isn’t a big deal.

        Some people, have a tighter posture, which could translate to your position. In that case, something like Briar could fit the bill.

        Lastly, security and privacy are not the same thing. Google products are secure, but they are not private. Self hosted sftp, for example, is private, but may not be secure. Signal is definitely secure, at least enough for general and governmental use. So, it seems, is telegram. Signal is more private than telegram in many ways, but it is not the gold standard for privacy (because of its use of phone numbers as usernames), but it is “good enough” for the masses. The balance between good for everyone and zero-knowledge private for everyone is delicate, potentially impossible. Honestly, I don’t know if signal was able to strike that balance perfectly, but they did a much better job than many other services, certainly than those others that are accepted by the masses.

        • ikidd@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          But putting a phone number in immediately exposes protesters to association. Sure, Signal can’t give out the contents of messages, but it still has the chain of contact. So if a government gets hold of this record, legally or otherwise, now you have everyone associated to a suspect phone number/person and can start rounding them up.

          It’s the complete antithesis of freedom of association when there’s a record of everyone that you’ve contacted. The contents don’t enter into that problem, and I can’t see why they feel the need to keep this as part of their system. It purposely makes it impossible to use this for something like peaceful protest. So, no, it doesn’t give you privacy from governments, because governments that don’t respect freedom of association will use that information to punish dissidents.

          I can’t imagine any reason to use phone numbers except to purposefully keep this chain of association for governments to use. Even Facebook doesn’t require this sort of personal proof, and it’s suspicious as hell.

          • noodlejetski@lemm.ee
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            3 months ago

            Sure, Signal can’t give out the contents of messages, but it still has the chain of contact.

            it doesn’t. they’ve been ordered to hand over data multiple times, and the only thing tied to the phone number they have is 1. time the account has been created and 2. last time the account connected to the server: https://signal.org/bigbrother/

            • sunzu2@thebrainbin.org
              link
              fedilink
              arrow-up
              0
              ·
              3 months ago

              FISA order could require them to collect the data and turn it over, US courts won’t be able to to do shit about it.

              This is purely I trust signal bro type argument

          • 𝕸𝖔𝖘𝖘@infosec.pub
            link
            fedilink
            English
            arrow-up
            0
            ·
            3 months ago

            You’re mistaken on the basis of your beliefs here. Signal only had two pieces of data around your phone number (joined datestamp, last online datestamp). This means that governments can’t petition signal for any more information, since signal simply doesn’t have it to give (by design).

            Your point on fb is hilarious, because they do require it. They just don’t require you to input it, because (1) they already have it and (2) you freely provide the missing pieces without them even asking. But, like I said earlier, if this goes against your posture, use something like Briar or Matrix or whatever. Choice exists, because everyone is different and has different postures.

            • sunzu2@thebrainbin.org
              link
              fedilink
              arrow-up
              0
              ·
              3 months ago

              FISA order could be in place and signal disclosed what they were told.

              This argument about them producing only two data points is good but it is not a slam dunk arguement everyone makes it to be.

              Signal has technical capabilities to time stamp every ineteration you have with another person if it goes through their server. This is internet 101.

              So we relying that they don’t do this but if US government said do it. They would and Jack shit anyone can do about it.

              • pressanykeynow@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                ·
                3 months ago

                That is my concern with any US based company. With all the information we have how their government agencies used both legal and illegal means to access data how can you ever think those companies can protect your privacy even if they sincerely want to?

    • foremanguy@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      For me, today the best messaging app is SimpleX, it is a bit in early development but it’s already really nice.

  • Noble Shift@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    3 months ago

    BTW, Moxie has a home made documentary kinda movie out called Hold Fast. It’s about sailing and uh stuff … It’s pretty keen, you should watch it.

    Hold Fast

  • sunzu2@thebrainbin.org
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    How much signal and she spend onnthis shameless self promotion.

    JFC, if anything she is taking signal the wrong way and going the way of mozilla IMHO

    Signal is a good product but there is a lot areas where it can do better… Have gotten any new features over last 5 years? Besides aliases?

    What are they working on?

    Seen interesting discussions about how signal is farming our meta data to the feds, I was clowned a few years back on this hot take. I am very regarded though. Can anyone pitch on this tinfoil?

    Main looking to understand if that is even technically feasible?

    • helenslunch@feddit.nl
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      3 months ago

      Wow, this is truly a hot take.

      How much signal and she spend onnthis shameless self promotion.

      Why would she/they do that? Did you realize they’re a nonprofit?

      if anything she is taking signal the wrong way and going the way of mozilla IMHO

      Oh no, not that awful non-profit Mozilla…?

      Signal is a good product but there is a lot areas where it can do better…

      The same could be said for literally every product.

      Have gotten any new features over last 5 years? Besides aliases?

      Aliases is kind of a big deal. They also added stories which, despite what the internet might have you believe, was one of the most popular feature requests on the Signal message boards for many years. They created the first and only private and secure social media platform in existence.

      Keep in mind everything they do is 10x harder because it has to meet stringent safety and security requirements.

      Check out the handle @SignalUpdateInfo@mastodon.world to see a detailed breakdown of added features.

      Seen interesting discussions about how signal is farming our meta data to the feds.

      That’s a bold claim that I assume has some sort of evidence?

      • sunzu2@thebrainbin.org
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        Does signal meta data allow for signal to time stamp witu who you communicate using their app and servers?

        Side note, PR like that costs about 15k fyi

        • helenslunch@feddit.nl
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          3 months ago

          Does signal meta data allow for signal to time stamp witu who you communicate using their app and servers?

          No. They use your phone number as your identifier (unfortunately, probably for spam evasion) and the only piece of metadata they keep is the last time that # connected to the server.

          We know this because Signal has disclosed subpoenas publicly.

          Side note

          No its not.

          PR like that costs about 15k fyi

          …and? My question remains.

          • sunzu2@thebrainbin.org
            link
            fedilink
            arrow-up
            0
            ·
            3 months ago
            1. @yogthos@lemmy.ml what you got to say for this one?

            2. Verge doesn’t run flulf for free. This is PR 101. But I trust you bro

            • helenslunch@feddit.nl
              link
              fedilink
              English
              arrow-up
              0
              ·
              3 months ago

              Verge doesn’t run flulf for free.

              The Verge makes money the same way almost every modern media publication does; advertising to their readers.

      • edric@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        They also added stories which, despite what the internet might have you believe, was one of the most popular feature requests on the Signal message boards for many years

        This was weird for me personally. I consider Signal a messaging tool which in my mind is separate from an actual social media app, so it was a bit of a head scratcher for me to see stories as a very popular feature request. I don’t really care about sharing “stories” in that format to my contacts or seeing theirs, but then again that’s just me.

        • helenslunch@feddit.nl
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          3 months ago

          And I don’t care about what you think about it. If you don’t like it, disable it, and it’ll be like it was never there. Simple as that.

          Like I said before, they created the first and only private and secure social platform. Nothing else like it exists or has existed. Personally I find that super valuable.

          • edric@lemm.ee
            link
            fedilink
            English
            arrow-up
            0
            ·
            3 months ago

            Lol calm down, no one’s trying to fight you over Signal being the best private messaging platform. I was just sharing that it was weird to me how stories was one of the most sought out features from users.

            • helenslunch@feddit.nl
              link
              fedilink
              English
              arrow-up
              0
              ·
              3 months ago

              And I just don’t understand why so many people feel compelled to share their feelings about it any time it is mentioned.

    • ABCDE@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      I was clowned a few years back on this hot take. I am very regarded though. Can anyone pitch on this tinfoil?

      ?

      • underwire212@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        Yeah idk I’ve read it like 4 times and still struggle to find a coherent thought here.

      • jollyrogue@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        Signal uses Google Cloud Platform for their servers, for one.

        Then I think it’s something to do with metadata.

      • deranger@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        3 months ago

        Poster was made fun of in the past for saying Signal gave metadata to the feds. He has a learning disability (regarded = deliberately misspelled R slur). They’re looking for someone else to corroborate the metadata claim.

        That’s my interpretation at least.

        • Lost_My_Mind@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          “Retarded” is not a slur. It’s a medical term. “Idiot” is a slur that roughly means the same thing, though not nearly as far.

          • noodlejetski@lemm.ee
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            3 months ago

            “Idiot” is a slur that roughly means the same thing

            “idiot”, “moron”, “cretin” and “imbecile” were all medical terms once and described different levels of intellectual disability, but they fell out of use and are now considered offensive. language changes, and context is important.

        • CosmicTurtle0@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          They did a blog post about how the feds had made a second attempt to get metadata from them and they could only provide two fields of information: the date the account was created and the last time it connected to the service.

          It’s in the public record as well if I’m not mistaken.

          • sunzu2@thebrainbin.org
            link
            fedilink
            arrow-up
            0
            ·
            3 months ago

            The issue that if they were under FISA order or some other such shit, legally they would have to say what feds tell them, ie they would not be able to say and we give feds your logs.

            Question is whether they can technically collect the logs which is tinfoil i am following up on.

            Basic opsec thinking, if it is technically feasible, you must assume it is happening. This is game 101.

            So here we are trying to prove a negative but nobody also is able to provide anything beyond, trust signal bro.

    • Im_old@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      (almost) anything is possible with a CIA black fund budget. I’ve moved to Simplex chat and not looked back.

      • sunzu2@thebrainbin.org
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        I feel that but people can’t just move since we need somebody to talk on these super duper 69 layer quantum resistant protocols.

        Looks simolex is gunning for the crown nowadays tho but there other viable contenders baking.

        Once new leader arrives, going to need to tell my group we migrating again 🤕

        • Zoot@reddthat.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          Why? Just stay on Signal. For the time being it is one of the leaders in private communication.

          Though, if you truly need secure private conversations, you would want to move around a lot anyway.

          • sunzu2@thebrainbin.org
            link
            fedilink
            arrow-up
            0
            ·
            3 months ago

            For now it is the gold standard but I don’t trust the leadership and their PR approach.

            I won’t move until I can justify moving my friends over and right now there is no alternative

  • kbal@fedia.io
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    I wish Signal was developed more openly, more like the linux kernel for a “critical infrastructure” example. I wish it had more features, so it could take the place of something like Slack. I wish it supported interoperability like fedi.

    But it’s good for what it is and I sure am glad it’s around. People who disrespect it don’t know what they’re talking about.

    • pressanykeynow@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      I wish it wasn’t located in the US where you know even though it’s e2ee they send all the data they get(and that’s a lot) to the government or whoever wants it. But e2ee is cool, right. Nobody from the government cares about it though, but it’s cool.