I currently use Telegram for my friends and family, but have reluctantly come to the conclusion that the UK Government is either reaching agreement for backdoors with messaging services, or is trying its hardest to.
I’m also on Element/Matrix. Before I try to get my contacts to join me on there, should I be aware of any privacy issues or is that a good place to head?
You must log in or register to comment.
The biggest issue with Matrix is that the server collects ALL the metadata. If that’s your server, that’s fine. If thats the default matrix.org server that almost everyone uses, you might as well be using WhatsApp. Same thing goes if any of those people are conversing with people on your server, as they will store all redundant metadata on their server as well.
Signal is easier to use, more private, and faster.
Signal is easier to use, more private, and faster.
Unfortunately, it’s also effectively tied to Google services, and (as a centralised service) vulnerable to shutdown or network-level metadata monitoring by anyone with sufficient access, like a government who doesn’t like encrypted messaging.
Uhhhh yeah, no literally none of that is true
It’s been recently added to FDroid.
No, it has not. A third party published it in an f-droid compatible repository. That might be convenient for someone who happens to trust that third party and manually add it to their F-Droid client, but it is not at all like it being added it to F-Droid.
You can use NTFY with Molly (which has been on FDroid for some time).
This does not refute what I wrote. Unless you only communicate with people who get their Signal app from some non-Google source and they all rig up alternative push notification channels, or every one of them uses Signal exclusively on iOS, your conversations are still tied to Google. Perhaps you have so few contacts that you could achieve that, but most people are not in that position.
network-level metadata monitoring by anyone with sufficient access/influence at Signal or their data center provider (such as a government who doesn’t like encrypted messaging).
This one is just a straight-up lie. Everything on the server is encrypted and no one has the keys except the participants.
Encryption doesn’t hide network traffic. Signal’s centralised design means there is a single point where that traffic can be monitored and traced to reveal which endpoints are talking to each other, and where, and when.
What I wrote is not a lie, which you would know if you actually understood these issues. Please stop making baseless accusations. You are wrong, and you are being very rude.
If you’re interested in correcting your ignorance, I suggest starting with this paper, which touches on some of the issues:
https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/
If the paper is too much for you, the linked video does a pretty good job of explaining.
your conversations are still tied to Google
That’s simply false. Signal Notifications never include the content of the message or any metadata, no matter if they’re sent over FCM, APN, WebSockets or UnifiedPush (via mollysocket). That wouldn’t even be possible, since the Signal server sending out the notification doesn’t even have the key to decrypt the message. Only the users involved in the conversation have the keys, that’s how end-to-end encryption works. Signal simply sends an empty message via FCM (or any other push system), and the Signal app on your device then receives and decrypts the encrypted message and shows you a preview of the message content as a notification on your operating system.
And every build of the Signal client for WhatsApp also supports WebSockets as a fallback push notification system, in case Play services aren’t installed or can’t be reached. The only reason why FCM is used by default is that it saves some battery, because it only maintains one background network connection for all apps, instead of each app handling notifications themselves.
It’s not false.
Signal’s default, well-supported installations use Google services, so unless you’re an extremely atypical user, those services are present on most of your contacts’ devices. You might have the knowledge, skill, and motivation to remove those services from your own device, but since they’re still present at the other end of most chats, you haven’t escaped them.
Let’s also remember that E2EE doesn’t protect the endpionts, and that Google Play Services run with system-level privileges.
or every one of them uses Signal exclusively on iOS, your conversations are still tied to Google
Just because someone else uses Google on the other end does not make it dependent on Google on your end.
you are being very rude.
I’m being rude because you’re spreading FUD and misinformation and actively making people unsafe. If you have evidence to prove that Signal has access to all of that information, feel free to share with the class. Otherwise, shut it.
If Signal had access to any of that information they would have been legally compelled to provide it when they were served with warrants but they did not, which proves that you’re incorrect.
Their github releases have the apk available so you can manually download it and install it or use obtainium.
It’s also available on their website btw: https://signal.org/android/apk/
Indeed. Tucked away in a corner of their web site, where it isn’t easy to find unless someone else guides you to it, below a large bold warning that discourages people from actually using it:
Danger zone
Advanced users with special needs can download the Signal APK directly. Most users should not do this under normal circumstances.
This ensures that nearly nobody uses that build. Consequently, almost all chats on Signal will have an app store build running on at least one endpoint.
I would be more concerned about how phone-oriented it is. A phone’s default OS is such spyware that I am not sure just what is safe from from being uploaded. And even if the person wants a more private alternative, most phones have locked bootloaders. On the other hand, Linux would run on damn near anything… But using Signal on it without a smartphone is very annoying. No way my mom would understand an Android VM or a command-line client, because the desktop client isn’t feature-full and doesn’t even allow registration.
You can use Molly, a fork of Signal for android. It offers an alternative for push notifications.
Yep, I run my own mollysocket + ntfy server.
Essentially, molly socket functions as another device, when it recieves a notif, it pings your specified unified push server, which then queues up a notification for the ntfy app on your device.
You don’t need to run your own unified push server, and can just use one of the main ones, but I figured I might as well.
I personally have them hosted on fly.io for free via the legacy hobby plan.
Now all I need to do is get more of my friends to message me on it 🤣
I personally have them hosted on fly.io for free via the legacy hobby plan
Here’s the link for anyone who’s interested: https://github.com/pcrockett/mollysocket-fly
Huh I didn’t know this existed. Will compare it to mine later
Oh that’s the only one I know of. I thought that this is what you’re referring to.
Nah I rolled my own and didn’t publish it so that’s probably why haha.
Have you been using this one?
On my app I don’t get rich notifications only “you may have a new message”. Havent looked into it at all though, only set this up like last weekLol there is a setting in molly itself for rich notifs
Signal requires a phone number on setup.
Also, matrix has bridges, which alone make it worthwhile for me. They, of course, don’t help privacy, but they are so so nice for convenience.
Matrix is definitely slow though, and a grand majority of the clients are heavy terrible buggy electron apps. There are a few good ones ( nheko and the new beeper clients ), but even they have some rough edges.
I still use matrix all the time and love it.
If max privacy was the goal I think simplex looks wonderful. No required info for sign up, no way for them to possibly collect any metadata ( because there are no identifiers sent over internet for anyone at all ), E2EE, and decentralized.
I’ve been trying SimpleX a little this week. It hasn’t been great, unfortunately. It could be an iOS issue, but notifications aren’t coming through. Maybe Android will be better.
On iOS, I had best experience using element X, so far
I absolutely love Element X. Synapse has been low maintenance to self-host, as well. Win-win.
Signal requires a phone number on setup.
It is dumb and annoying and inconvenient but doesn’t affect its use or privacy.
I do agree that SimpleX seems like the best chat option.
It affects its use for me definitely. I don’t want to have a phone number. At all.
I have to wonder if you could use a burner number and just disable it after setting up your username
I have created a telegram account like that. No username. The number does not exist anymore. It’s been working as intended for the past 6 years or so.
How do you even exist without a phone number. How do you get cellular data? Does the government not require you to have one? Your employer? What about all the services that require one?
To be clear, I have a phone number, but I do not WANT to have one. Most aspects of my life I have removed my phone number from. There are still a few services ( like signal! ) which requires one, and I cope. Cellular data is also something worth avoiding, from a privacy perspective. It is very possible to live a life where you’re never very far from wifi, especially in a city. I do not currently do this, but would love to one day.
How is public wifi more secure than mobile internet?
For both, you need minimum a VPN connection outha there (to your home ideally, where you are in control of filters etc.) to get some privacy.
Mobile data you pay a service provider for and link all of your information to ( address, name, etc ), and can be used by one company to track your location at any time with very high accuracy as long as you are near 3 cell towers. Public wifi gets no information about you other than your MAC address and that you’re currently within it’s range. There is no central body that can track all your movements. You could, theoretically, buy prepaid data plans to minimize the info they know about you, but then you have to buy a new one each month, and there’s STILL one company tracking all your movements each month, though they don’t really know who YOU are. They could still do traffic analysis to figure that out.
It’s not that it’s less secure, it’s that it’s worse for privacy.
Also, messaging over SMS / MMS is awful for security, which I lump in with the rest of this conversation. https://youtu.be/wVyu7NB7W6Y
It creates a cost for spammers. They have to have an account with a Telco, which isn’t free, which in a lot of countries comes with some sort of National ID to register. That’s the reason.
No they don’t, you can sign up with a VoIP provider.
Lol, let me introduce you to http://smspva.com/
Sure but it allows VOIP numbers. I’m using a jmp.chat number with it just fine.
Good to know!
Is the phone number required for 2fa codes or anything like that at any point ?
I got an initial verification code and haven’t heard from signal since. Signal doesn’t support totp or SMS 2fa. But has a pin code set along with your password. A new device that is added doesn’t have access to old messages unless you have the correct seed key iirc
Telegram is the worst kind of “secure” messaging in that it gives you a false sense of security while not really being secure.
No proprietary software can truley provide secure messaging
I currently use Telegram for my friends and family, but have reluctantly come to the conclusion that the UK Government is either reaching agreement for backdoors with messaging services, or is trying its hardest to.
Unless you start an encrypted chat, Telegram chats are not E2E.
I’m also on Element/Matrix. Before I try to get my contacts to join me on there, should I be aware of any privacy issues or is that a good place to head?
Host your own Matrix node, and then you don’t have to worry about prying eyes. Realistically, instead of worrying about the protocol, worry about the content of the text. Use PGP to encrypt your own text and send it over clearnet. Who cares at that point.
Definitely host your own node! It’s trivial for a server admin to add a hidden bot to every chat and while it’s still E2EE, an unknown party could still have a copy and key to read it.
Really good talk from DEFCON 32 about the service “Anom” by Joseph Cox (sorry for the lack of a link, at lunch, on mobile and about to get back to work).
I think at this point it would be funnier to just use something obviously unsecure like discord but share your public key with the other user and then send encrypted text.
We went full circle to the early 2000s, slapping PGP on top of public messaging platforms!
I guess a vencord plugin for that wouldn’t be that difficult to do
I’ve honestly found signal better than matrix.
Matrix is just not there yet in terms of features UI etc and is less private than signal because it collects way more metadata and stuff. I know the idea of federation is cool, but Signal works better for the privacy aspect.
I’m using simplex :3
The downside of Signal is that it’s centralized, and thus at the whim of those who run it. Structurally, it’s not really different from Whatsapp or Telegram except for who owns it.
it’s not really different from Whatsapp or Telegram
That’s not true. WhatsApp is fully proprietary and Telegram doesn’t use E2EE by default. And even if you enable it, they use a weak encryption protocol.
I don’t think that’s a fair comparison, simply because their structures are quite different. Signal is FOSS run by a 501©3 non-profit, whereas Whatsapp is obviously run by Meta and data mines its users; Telegram is also a nonprofit, but privacy was never their goal or mission.
They’re all centralized, which I agree is a negative, but if something must be centralized, being run by a nonprofit foundation whose mission is privacy and E2EE is about the best option you could hope for in that scenario.
There should be a difference between using Whatsapp while in a county with good privacy laws (like one of the EU member) or one without.
As far as I know Meta only collects and abuses data it get’s from people where there are now laws in place to prevent it (so why wouldn’t they do it).
We should normalise the audits on security and privacy that are done by proper accountants. It doesn’t help that a lot of people call bookkeepers accountants which isn’t correct, but a signature from an accountant (CPA/AA/RA or whatever) should have some impact to prove the services are secure or private.
As far as I know Meta only collects and abuses data it get’s from people where there are now laws in place to prevent it (so why wouldn’t they do it).
Unfortunately, in practice, the laws don’t seem to mean much to the wealthy.
Like other gigantic companies that have billions of dollars, it’s easier and more profitable to ask forgiveness than permission; paying legal fines that are 0.01% of their overall profits is just the cost of doing business. Zuck has been caught on multiple occasions skirting the law (see the most recent revelation of them surreptitiously leeching scores of books from Anna’s Archive and a previous one of partnering with Cambridge Analytica, for example).
I’m all good with having companies submit to hostile financial audits, but I’m not sure how a CPA would be qualified to validate security or privacy. Code security audits should be done by cryptographic experts, and I think you would need both.
Perhaps one day, we’ll have Certified Public Cryptographers that have a fiduciary duty to ensure people are secure or private.
A CPA is required to higher other professionals when their knowledge doesnt reach to the subject in question, so yeah they would get a security or privacy specialist to help them. The upside of using a CPA is that they would look at the entire process. The rapport of a CPA is going to be a lot more expensive though.
In the US people defend that companies don’t publish their annual reports, plus some people also defend these companies regardless of what they do. It’s almost religion. But if you would require companies to at least publish some figures and require bigger companies to have a statement signet by a CPA then more of these companies would have issues. Since a CPA can generally get in a lot of trouble if they mess up (at least here in NL)
They don’t need to be hostile audit’s, heck that’s probably the worst way of doing it. Work together with the company and help them to pass the audit and they will be more transparent .
Sounds like we want the same thing, except I think it’s perhaps too high of an expectation to have a CPA that can do both financial accounting and cryptography.
Like openai and proton?
We are still in a trust me bro situation… We just trust signal bro more than meta bro.
We are still in a trust me bro situation
No we’re not. You don’t have to trust Signal, everything is open source, you can actually verify it.
Iirc Proton has been audited for security and for privacy as well.
We have systems in place to help with it
Sorta like those. Anybody that thought OpenAI was trustworthy just by virtue of being a nonprofit gets what they deserve for being so credulous, and Proton isn’t directly comparable, because it’s a stack of software, not just one. You would have to compare the analog of Signal, and Proton doesn’t have one.
If what you really want to say is that we don’t know with 100% certainty that the Signal Foundation is operating in good faith, then I agree, though they seem to have a pretty decent track record thus far.
However, that doesn’t mean their software doesn’t do what is expected (it’s FOSS, go inspect and build it yourself), and E2EE ensures that even if they suddenly wanted or were ordered to turn anything over, the data LEOs get would be limited, if it exists at all.
We are still in a trust me bro situation… We just trust signal bro more than meta bro.
I’m not sure what you think is especially noteworthy here. It’s always some level of a “trust me bro” situation. That’s how the internet works. If you want to avoid trust issues, stop using the internet.
Interesting—I feel like I see Matrix touted as more private than Signal b/c of Signal’s phone number requirement. What compromising metadata does Matrix require that Signal does not?
Sorry I’ll let someone more knowledgeable answer about metadata, but signal does allow you to set a username and hide your phone number (so people add you with username instead if f number)
The two encrypted messaging platforms I currently suggest are XMPP or Matrix. Both are usually fine and are decentralized. The main thing with them is to either self-host or choose a server you trust to set up an account — which applies to the Fediverse in general.
Out of curiosity, is there anything stopping you from suggesting SimpleX? How does SimpleX compare to XMPP or Matrix?
Mostly just that it’s still pretty new and thus hasn’t been as polished or scrutinized yet. Haven’t tried it myself. For the sake of the OP’s question, it may also be notable that it’s a UK company.
My response to the body of this post is https://www.privacyguides.org/en/real-time-communication/
This might address the URL of this post (I’ve never interacted with “iCloud” so I don’t necessarily know what would be a good replacement for it): https://www.privacyguides.org/en/document-collaboration/
There’s also Wire
E2EE and can be used as desktop or phone app interchangeably. No phone number required for signup.
Family has been using this for years now
telegram is not encrypted e2e
The most privacy focused messaging app I know is SimpleX Chat, it has no user IDs, is FOSS, e2e encrypted with an option to use TOR, give it a try!
+1 for SimpleX
Simplex was bubbling about implementing CSAM. Any client mentioning it is not safe, period… Child safety and hate speech is always an excuse for tolitarian regimes ( sittenpolizei ) never a true approach for solving the issue ( child safety )
I currently use Telegram for my friends and family
Telegram is probably the worst thing you could use, it doesn’t encrypt messages by default and they are stored on Telegram’s servers, so they can read them at any time.
I’m also on Element/Matrix. Before I try to get my contacts to join me on there, should I be aware of any privacy issues
Yes, Matrix leaks a bunch of metadata and doesn’t have post-quantum encryption.
The best option is to use Signal. It uses end-to-end encryption by default for everything: Normal chats, group chats, voice and video calls and even stories. Messages are only stored on their servers (in encrypted format, so they can’t access them) until you receive them, after which they are promptly deleted and only stored on your device. And Signal has much better metadata protection than Matrix. The UX is also much better and less confusing, making onboarding new users much easier.
Matrix is good for private general messaging. The fact that it’s decentralised means it can also withstand things like government-ordered shutdowns or back doors, since there is no central point that controls the whole network.
Two things to be aware of:
- Some non-message bits (e.g. room topic text and membership) have not yet been moved to the encrypted channel, so those could be read by the administrator of a homeserver that participates in your chat room. Since most people care primarily about keeping the message content private, this is an acceptable trade-off to get all the things that Matrix offers.
- The upcoming Matrix 2.0 features and design choices simplify the UI and fix some occasional errors. It might be worth waiting until this stuff officially lands in the client apps before bringing your contacts to Matrix, for a better experience all around.
As long as you onboard them with the ElementX/SchildichatNext(better fork of element) mobile client, their experience and setup should be fairly future proof. Its still changing and growing for sure but the most important stuff is finally working now and the new call systems is a huge improvement.
But yeah if you want zero metadata, your only choice is P2P stuff like Briar.
hello beautiful people of lemmy I’m excited to make my first comment in here
so I wanted to ask: considering that WhatsApp is a big threat to privacy and even worse because of google and iOS backups, how big of an improvement would it be not using it and using the secret chat option in telegram instead? That would solve the issue wouldn’t it? As far as I know the concern is with normal non encrypted conversations and the groups channels and all those.
I would love to use signal with everyone but where I live it seems that there is 0 worries about the topic so I only use it with my more “international” people. The most I can get is probably to use telegram E2EE.
Hello and welcome to the Fediverse.
Telegram’s secret chat’s encryption algorithm is made by Telegram themselves, which is already a red flag. You generally don’t want to roll out your own encryption algorithm if you aren’t cryptographers, which Telegram people aren’t. Their MTProto is also not proven, so you’d rather not want to use it.
Here’s a blog entry about their MTProto: https://web.archive.org/web/20180420061726/http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
I’ve heard good things about simplex give it a look
