My dad just said in the WhatsApp group, why not move to signal. I tried moving friends and family before, but now that there has been anti meta media reports in some news sources. But especially reports on signal in almost every major newspaper and news source.
It seems not only a push because of privacy, but even more a anti big tech(especially us tech) and buy/use eu stuff push.
I don’t mind the push I’m just curious if people stay on signal. Previous time there was a push to signal (during whatsapp technical difficulties and privacy push) people quickly want back to whatsapp.
Now my volunteer work, 1 friend and a family chat already moved to signal. The only thing I did was some explaining that you can just send images and so on. (That it’s not something scary)
What are the major differences between what you can do on Whatsapp vs Signal?
Whatsapp let’s you donate your contact list and social network to meta for them to resell.
Source?
It requires access to your contacts to work on Android. That is, you cannot type in a phone number. That’s an intentional choice.
Let’s hope they’ll be able to continue to use it. It (and all other messengers with proper E2EE) is already on track to be outlawed in Sweden and France, and the new government in Germany will be pro mass-surveillance, too.
Moral of the story? Use
selfhostabledecentralized messaging instead.No way in hell my relatives are going to use a messenger I selfhosted. My brother doesn’t even use Signal for whatever reason, even though even my grandmother has it.
That is the problem of getting another person to change something… A very valid problem but not inherent to decentralization.
Kinda is, though - regular people have a lot more trust in centralized services, and Signal has a very large userbase compared to anything selfhostable. And IME they really, really hate installing new messengers.
Plus, selfhosted E2EE would still be just as illegal as Signal. Many people won’t be willing to participate in illegal activity, and if you just don’t use E2EE on your selfhosted solution the usefulness seems rather dubious.
I don’t think any ban on such selfhostable servers is enforceable at all.
well in the end it’s just HTTPS traffic… police has to search your phone to know if you are a user.
but if you federate (on clearnet), that could give away that you host it
Well, technically, they could MITM the traffic similarly to how they did to jabber . ru. But a) there are mitigations for this and b) more importantly - they would need to bother. No one’s going to bother doing it to a random family server that has attracted no previous attention.
Milk is getting more expensive. Moral of the story: Buy a cow.
I really wish people would stop being so delusional about the average person’s technological abilities. jUsT TeLL grAn To sPin Up a mATrIx SErvEr… stfu
“Everyone should be hosting a server” was NOT my point, sorry if I got misunderstood. My mother could in no way host an XMPP server on her own - but I could register her an account on mine.
Rather, I meant: a) if you can host it, suggest your friends and family to use your server; b) if you can’t - that is still better: with multiple public servers available, there is no single point of failure, you can choose a server in whatever jurisdiction you want, or even an onion/i2p one.
Sorry for being harsh at the end. I just see this notion too often.
But still, your option b) is not self hosted. Maybe a better word to use would be decentralized then?
Selfhost able. But yeah, “decentralized” would be indeed a more fitting term.
That’s just pedantry. ‘Selfhosted’ never meant that every single user has to host it themselves.
It’s not pedantry, it’s using the right terminology.
And yes, self hosted means hosted by yourself. It’s in the name. https://en.wikipedia.org/wiki/Self-hosting_(web_services)
The promise of self hosting is that you own your data which may be better for privacy/security if you know what you are doing. The same doesn’t apply if you have to trust a third party, even if it is a friend/family member who provides you with a service they host. They become a service provider to you.
self hosted means hosted by yourself
A lot of selfhosters share with family. I’m not gonna make my wife spin up her own servers when she can use mine.
true but this is not yet easy enough for normal humans. selfhosting anything is not yet easy enough
And is potentially even less secure if someone who has no idea about managing a server at all tries to spin up an online service.
I would have rather seen Element but hey, it’s a step in the right direction.
Why? Matrix sucks as an instant messenger app, it’s better as a Slack/Discord alternative.
Only because I’m not aware of other decentralised Signal alternatives. That’s on me.
SimpleX is pretty rad.
Not yet, it lacks a lot of the features Signal has and does not even have a proper ipad ui yet, nor proper profile syncing between devices.
If it ever has these it might be useable by the masses, until then it’ll be only the interest of privacy nerds.
Though really the most important thing is its lack of audits and a transparency report like Signal has. How can we be sure that its encryption/other security is up to standards or they don’t hand over anything to cops/courts without these two things? These are what most messengers fail at, especially open source decentralised ones to be fair.
Yeah, it’s a cool toy, but when I was picking a messenger to sell my SO on, Simplex failed my basic requirements:
- works on phone, desktop and laptop (messages arrive everywhere reliably)
Signal passed, so we went with that.
Simplex is still rad though, and I want to try building something on top of the protocol. I’m working on a P2P Reddit/Lemmy, and Simplex could be rad for DMs or something.
Why? Because the Dutch national broadcasters keep plugging it as an alternative to Whatsapp.
Aside… Two apps keep getting mentioned as alternatives, Signal and Element/Matrix, but in MHRO both are not viable as replacements.
Signal: still a US app, CIA funded, provides their encryption backbone to Whatsapp, recommended by governments & FBI. Matrix/Element: Developed in Israel, with ties to IDF, preferred by NATO (NI2CE)
you’re spreading lies lies lies FUD
IDGAF who funds it or who develops it.
- E2E encrypted
- security review by independent party I trust which says there are no holes or bugs
- open source
Those three things are all that matters.
Signal is funded by the CIA now ? And I thought Element is in the UK?
Signal does seem to have some ties to the CIA
There seems to be a completely different Israeli company called matrix. I can’t find any link between the two.
It’s old and convoluted, something like a precursor to element got funding from Israel or something
Maybe OP means that the Matrix protocol is created by an Israeli company.
Naw
Other than people you don’t like living in the world here with us, do you have any proof of anything actually nefarious done by signal or matrix?
Just FYI:
If you want to say “both are not”, you can instead use “neither”.
Yes you can, both are correct.
Fuck signal. No “privacy” focused messenger should need a phone number to register…at that point u basically handing the agencys meta data on a platter
Don’t let perfect be the enemy of good. Getting people off of proprietary stuff is the first step. Whatever else is the next step.
Why are you licensing your comment?
But why do you want to license it at all? It’s normally not licensed. When AI vendors break the law they don’t care about licenses. Fuck, look at meta.
Hmm, did you read the links I posted?
Sure, what meta did is fucked up, but they are being sued. Just because someone ignores the law, does that mean that we should just stop doing something?
Yes, it did not answer my question. Legally you don’t have to do anything to make it so corporations legally can’t use this for AI unless you signed away your rights and if you signed away your rights you can’t change the license back with a notice. So what’s it actually for?
I should probably write a blog post about it. Basically it’s there to possibly get commercial LLMs in trouble for scraping licensed stuff. LLMs have been tricked into revealing their training data and gotten in trouble for that. There are also ongoing lawsuits due to those revelations. Maybe the most notable is the one against
Github’sMicrosoft’s CoPilot for spitting out licensed (GPL and also copyrighted from private repos) code.Whether the lawsuits will be successful or not is yet to be determined (Japan already considers nearly everything fair game for training AIs and machine learning). Whether they will have an impact if they are successful is also unknown. It just costs me a key-stroke (and the occasional response to a friendly question like yours), so I do it 🤷 Once all my hope is lost, I might stop.
From another answer. I highlighted the important part, which explains why the explicit link to the license text instead of it being implicit.
You know that your phone number is never saved anywhere? Signal only uses a cryptographic hash of your phone number.
Jmp.chat is worth being aware of
Also you’re a wackadoo
Yeah lets use the phone number of a middle man to sign up…sure u wont forget to relock the number every week so they dont get the power for account take over since they manage your number.
So no disagreement on the wackadoo part.
Tbh I hope you’re doing something cool with this paranoia. Like I want to see news articles about you secretly fighting evil, not sitting at home playing pirated video games.
privacy != anonymity
nitpicking
No, that is an important distinction. People have different threat models. For most people, privacy without anonymity may suffice (i.e. I don’t mind that you know it’s me, I just don’t want you to see what I’m sending). For others (i.e. journalists, whistleblowers, more privacy-centric individuals), anonymity may be equally important.
I know it’s not the best, but it is great when you want someone to shift from other popular proprietary app like WhatsApp.
Replacing one phone number based system with another may not be a wise choise.
Wrong again. Please research before you start shouting.
WhatsApp uses the Signal protocol. The difference is, it being owned by Meta, it also logs all the metadata it can alongside your real phone number.
Signal messenger uses the Signal protocol. Contrary to WhatsApp, it does not store any metadata. Your phone number is used by the Signal protocol merely as a cryptographic hash. That means, it’s impossible to know who is communicating with whom.
It is not replacing “one system” with “another system”. It essence, signal is WhatsApp, but with all the added spying features stripped, none added.
Wise, maybe not. Pragmatic, yes.
Pragmatism got us here. Maybe its time for people to start giving fucks, or like just dont communicate with me.
I suspect most people will take the latter option. Enjoy your “victory”.
I use Telegram, like betamax have I backed the wrong horse?
Holy shit… Yes, yes you have.
Hah, thanks. I had no idea it was Russian backed. I dropped it over the weekend. The only issue is I’m now solely on WhatsApp as none of my friends/family are behind this movement.
All kidding aside from the other comments, Telegram is not secure or private. It’s not E2EE by default and getting it enabled is per-chat and convoluted. Frankly, I wouldn’t even trust it with cat pics I send to the bros let alone private messages… not to be fear mongering but do yourself a favor and get off Telegram.
Signal, despite some criticism that it’s “Not private enough etc.”, strikes a balance between usability, privacy and security. It’s also miles better than Telegram on all fronts.
A big issue we have in the privacy community is that it’s easy to have an “all or nothing mindset”. Even small steps in the right direction can be hugely beneficial. So, Signal is great. Use Signal.
