- cross-posted to:
- privacy@lemmy.dbzer0.com
- cross-posted to:
- privacy@lemmy.dbzer0.com
After Trump was elected and inaugurated, Signal has finally been gaining some steam here in the Netherlands.
It’s still an American company, so it’s not ideal. But it’s still significantly better better than letting a tech giant like Facebook have control over the most commonly used chat app.
WhatsApp needs to go and Signal is the most likely way in which we can achieve that. We can worry about the American elephant in the room later.
Sadly many still don’t want to switch. My most active chats are in signal now but the large majority of chats are still on whatsapp
If you leave WhatsApp, your chats will usually follow.
Not all of them.
I have a non-official chat group with some colleagues, and a chat group for the neighbourhood that are not likely moving just because I am refusing to use Whatsapp. It would just result in me missing out on those chat groups.
Currently I just have both installed, and that is also how I try to convince people to install and try out Signal.
America is not a monolith. Signal’s developers are very much aware of the risks of operating there and probably already have several escape plans given recent developments. I also think five-eyes probably has access but getting it might be computationally expensive.
There is threema, a Swiss messenger that gained some popularity earlier since they had end to end encryption before whatsapp.
Unfortunately the source code is not open (even though they do get annual audits with public reports), and the client costs 3 EUR or something (once).
Yeah, but Threema has basically no momentum behind it at all at this point.
I’m putting my social capital behind the option that currently stands the most chance of beating out WhatsappThreema has a pretty big momentum in some countries.
Which?
Switzerland. ;-)
Then by all means keep that momentum going.
I’m just looking at this from a Dutch perspective, where Signal is seeing by far the most growth.You can help making it stronger. That’s what I did in Germany: if people want to contact me, I usually give them my Threema ID first, everything else comes later.
But my goal is not to move to Threema, my goal is to move away from Whatsapp.
Signal fits the bill while expending far less social capital convincing people to use it.
And Switzerlands records in terms of privacy sadly is far worse than most people think - even with the last attack being repelled.
Matrix (preferably on a non-matrix.org instance) currently is the preferable non US and privacy friendly way.
I don’t know - this hype about Matrix reminds me of XMPP which was similarly popular a decade ago. Today, nobody even remembers it anymore.
Pepperidge farm remembers, and so do I. Lots of people I know use XMPP (Cheogram, Dino, etc).
Which hype? Matrix as a protocol is used for a decade now, especially by various big governments (French, Luxembourg and German governmental messenger, various German states, German and Polish armed forces, German healthcare messenger, various smaller projects in Latin America), is bridgeable (I currently have it bridged to Whatsapp and Signal amongst others) but I really don’t see a hype - on the contrary I only see people predicting me the immediate apocalypse of Matrix for 5 years now, currently due to matrix.org (one of a hundred instances) introducing a premium account model for the most cost intensive (heavily media sharing)users. (See below for that).
Until Facebook buys them like they did with WhatsApp…?
That’s just the client, the server architecture is what really matters.
Thanks, yeah someone else said similar here.
FYI, while Threema front-end clients (apps) are open-source (and offer reproducible builds, which is surprisingly uncommon in open-source land), the server component, though supposedly audited, remains closed-source.
EDIT: for comparison, the Signal server code is mostly open source, but things like the spam filter are closed.
Thanks.
And I didn’t know Signal had spam filters. It makes sense to not make that open source.
In my circle of 20 there has only been one instance of spam over several years. 3 of us got the same message.
They also offer Threema Libre on F-Droid for all us folks who degoogled their phone
Signal is based in America but it’s a non profit organization, not a company. Important difference
But being based in the United States it is still subject to American laws, and that comes with the risk of potential American spying and embargoes. Software from any American entity (be it coorporation or non-profit) comes with that risk.
deleted by creator
Signal used to be the best answer to this conundrum, since it would use its own internal protocols if it could or fall back to SMS if it couldn’t, unfortunately they decided to drop SMS support a few years ago, citing users that sent sensitive information not realizing they were using SMS (that always felt kinda flimsy). I really disliked this change, because it raised the difficulty of adoption, from just getting people to replace their default app with Signal to making them manage multiple apps.
Now though, you basically need to advocate socially for the change you want to see in the world. Anecdotally, I started using Signal when they still supported SMS to talk with 1 friend group, and eventually convinced most of my closest family groups to also use it, many after SMS support was dropped. Apart from 1 tech illiterate elderly couple and 1 extended family member, I haven’t received any personal (non-company related) text messages in like 5 months.
The sad truth is that the majority of people are treating WhatsApp exactly as a social network. It is there to send memes and stickers. See what others are up to without having to interact. Then mindlessly scroll through reels. Ocassionally purchase something via chat with a corporate bot.
Signal has been a good option because you can get “normal” people to use it, which hasn’t been true for many of the alternatives (except Telegram, but that’s a mess).
The problem is that it was easier to get people to move to Telegram since it had an abundance of features compared to WhatsApp which was compelling for the average person that doesn’t care about encryption. Signal doesn’t have any of these features that make it enticing for the person.
deleted by creator
If you quickly uninstall it because you don’t know anyone using it it sounds like you’re part of the problem. If someone you know installs it to try it out that’s one less person they see as well. Personally I got the vast majority of my friend group to move to it years ago by just saying like “hey Facebook sucks we should move to signal”. If you don’t want to do that should at least leave it installed it’s not like it’s taking up much space
deleted by creator
A truly ethical replacement would not need a phone number
Removed by mod
Matrix still has it’s problems. All the meta data is still saved on every server permanently.
There is still space to improve from there.
And it would have as much spam as email.
Humans are too stupid to switch from convenience to slightly less convenience even if they get privacy for free. Any amount of discomfort is too much and changing an app is basically death.
They see no value in it. They don’t see that privacy is proactive measure that can protect you.
On Facebook, especially in my family, accounts get lost and hacked. One fine day, it might be someone with more influence in the family who’s attacker might make off with stolen bank information or passwords.
but “that’ll never happen”, right?
How do we know signal isn’t also run by a techbro who just wants our data?
Does it really matter who made it if you can see the source code? You don’t have to trust them.
That’s kind of a core tenet of libre/open software, innit? Independently verifiable software that you can change at your pleasure.
Can you though? Can I build the apk myself and use their services?
Yes, you can use their exact build environment straight from GitHub. You can also use Molly.im which is another app that i think is a fork? Im still investigating it.
I don’t think that the founders are bad people. If you look at their history of work, they have done enormous amounts of work in the computer security sector. The founder, however, did run a cloud based WPA cracking service.
Meredith Whitaker, who is the president, used to work at Google doing research for “issues related to net neutrality measurement, privacy, security, and the social consequences of artificial intelligence”.
In 2018 she then staged walkouts at Google over concerns of sexual misconduct and citizen surveillance.
The people on Signal’s board seem to be trustworthy people with a pretty airtight background. You have to worry more about the mobile operating system compromising you than do you about Signal.
No. XMPP would be the best choice.
Tell me you don’t know anything about security without telling me you don’t know anything about security.
I guess that sucks because I make a living working in cyber security. What do I know, amirite? 🤷
Could you explain a bit? I see main issue with Signal (though I’m not an expert, and they’re not strictly related to security): it’s centralized (and the server isn’t even open-source).
The question is also a lot about your threat model right?
The encryption being crap really does not depend on the threat model. Sure, in some threat models you may not need e2ee at all but in that case, what’s wrong with WhatsApp?
The issue with XMPP is that security really was an afterthought. Not only is e2ee an optional extension, but there are actually 2 incompatible extensions, each with multiple versions. Then you have some clients not implementing either, some clients implementing the older, less secure one. Some implement the newer one but older version of the spec with known issues. And of course, the few clients that implement it well become incompatible with other clients that don’t if you enable e2ee, so it is disabled by default.
That is all before you start looking into security audits or metadata harvesting.
Your reasoning would hold up if 80% of xmpp wasn’t running on Conversations or forks of it, that all support OMEMO and OpenPGP.
Your criticisms are too broad with few serious negatives. What makes extensions powerful is that they can easily change the rules without breaking the underlying system. If your client sucks, get another?
You have choices, but if your problem is metadata, whoooo boy.
https://news.ycombinator.com/item?id=32780665
https://github.com/matrix-org/synapse/issues/9133
https://www.reddit.com/r/PrivacyGuides/comments/q7qsty/is_matrix_still_a_metadata_disaster/
So much cope you didn’t even notice no one mentioned matrix. We are comparing XMPP with Signal.
Your reasoning would hold up if 80% of xmpp wasn’t running on Conversations or forks of it
Also, you really think saying only 20% of your chats are insecure is somehow making it better?
That’s their problem. If their messages aren’t encrypted, it isn’t like you won’t be aware of it. Request that they use a modern client and get with the times. None of this is an actual problem without easy solutions.
Then let us know when they are solved. Until then, I have a lot more hope in matrix than XMPP. They at least seems to be making progress in the right direction, although they are not there yet either.
Signal remains the best option for now.
I wish I could do this, but trying to convince people to ditch an app they’ve never had problems with and where they all have their family, friends, work groups and school groups already mashed together, how do you convince them? Its not even about me convincing my friends or family, its about everyone else doing the same and when everyone has so many contacts in WhatsApp, that number starts to snowball real quick. Its just not feasible to try and explain this to someone who literally doesn’t care. I mean even though I myself know what Meta is and how Zuck is complete asshole, I still can’t switch off of WhatsApp because nobody I know is on Signal and I’d just be alone there. What’s the point? WhatsApp is pretty much the first app anyone installs on their phone (regardless of platform), they’re not gonna switch now.
WhatsApp is pretty much the first app anyone installs on their phone
Is this really the case?
Maybe it’s a regional thing. I’m in the northeast US, and nearly everyone I know uses Facebook Messenger as their main form of communication, even people who don’t touch Facebook at all. I hate Messenger for the same reasons that people hate WhatsApp, but I still have to use it because my entire social circle does. If I want to message someone outside Messenger without giving my phone number out, I use my Google Voice number.
I’ve only ever used WhatsApp to talk to work contacts overseas, and I’ve only ever used Signal to talk to paranoid drug dealers, which is a use case that’s mostly been replaced by Telegram now.
In my region in Europe, it really is. EVERYONE uses WhatsApp. I’m not sure the last time I saw someone use SMS, its all WhatsApp. iOS, Android, its all there.
Outside of North America, most other countries’ use WhatsApp as a choice for personal and business uses is WhatsApp. Rest are mostly dominated by Facebook messenger. Excluding China which has WeChat domestically.
How Meta was ever allowed to buy WhatsApp without triggering anti-trust laws is beyond me.
Many of my European and South American friends are having a hard time because that’s where all their families and friends back home are, and it’s hard to get them to use something new, especially the older folks.
How Meta was ever allowed to buy WhatsApp without triggering anti-trust laws is beyond me
It was still called Facebook when they bought it.
Well, just an anecdote:
I simply deleted my WhatsApp and moved to signal. Just did it.
People installed the app, at least the ones that cared about staying in touch. Which was most everyone I cared about staying in touch with. A few of my friend groups also moved the group chat to signal, though all of them do have other ones with the people who didn’t care enough to move too, but I hear it isn’t that big a deal, they had multiple groups before and will have in future, doesn’t really feel like any extra hassle they say.
It’s been fine. No problems. I’ve had more trouble trying to explain to my extended family why I’m no longer posting on instagram. Those I never had in WhatsApp either back in the day, so they “stayed in touch” by watching my pictures I suppose. But I just consistently tell people they can reach me always via signal or plain old sms.
I guess the biggest thing to be scared about would be fomo for most, but I don’t really care enough, I’ve got so much going on already that it’s more of a blessing that I don’t have to be involved in every conversation or meme sharing or whatever.
It really gets so easy after simply switching. Just do it and that’s that. The people worth anything come with you, it’s just another app and another group chat or personal chat. Most already have discord and the meta messenger whatever its name is these days anyway. I know zero people with only one messenger/chat app and unsplintered groups across them. It’s not a big chore, and if it is, there’s always sms.
I guess the biggest thing to be scared about would be fomo for most
I don’t mind missing out on some things, but I would mind missing out on literally all of the things. Everyone is on WhatsApp and trying to convince people to switch to a different app when, from their perspective, their current app has over 99% uptime, their kids, their family, their extended family, their friends, all are on WhatsApp. Its the same for me, its everyone. Its just a different situation in Europe.
Just ditch WhatsApp. Don’t give in to social pressure to install malware on your phone
There’s nobody on Signal, that’s the problem. If I want to miss out on all of my group conversations, work conversations, messages between myself and others, then yeah, I can switch. But if I want to receive any messages at all, I have to keep WhatsApp installed.
The problem is there’s no one on signal that I want to talk to. So “just ditch the app” isn’t actually helpful.
Just need to move everyone. Not that hard honestly, if you are around smart people
" It’s not that hard really all you have to do is be around people who already want to move over". Yeah thanks for that advice.
I have a very similar strategy to being rich, step one is to be rich already. Simplicity itself.
Why are you friend with stupid people?
Why are you being intentionally disingenuous?
I will say it again just so it’s stated.
People are not going to move to another service unless they can obviously see the benefit in moving to that service. People who are not technically inclined (that doesn’t mean stupid) are not going to see the benefit.Don’t be rude about people you don’t know anything about. Don’t insult their intelligence just because they’re not as interested in a very niche area of technology as you are.
spoiler
Why are you friend with stupid people?
Also note that if you are going to be rude about people you know nothing about, you had better check your grammar
What I said is that smart people can be convinced to move to another platform. Most of my friends are not technically inclined, but it was easy to make them use it, at least to chat with me.
What you did is change “smart people” with “people who already want to move”, which is not the same. You then said it’s not something you can choose (as you cannot choose to be rich). But I answered that you can actually choose your friends.
Never did I say people who are not interested in niche technologies are not smart. My statement can be rephrased in an equivalent statement “people who cannot be convinced to change are not smart”, and I stand to it.
Yep. I know the details. I’m tech savvy enough, but I use what my contacts use, and I’m not leaving WhatsApp. Same goes for youtube. The content I consume is there. There is no suitable alternative until the content creators switch. It’s not really about the technology at all.
How about Delta Chat? At least as secure as Signal, open source, and decentralized.
Not saying that it’s necessarily a bad option, but my biggest issue with delta chat is that it does not offer forward secrecy (if a user’s private key is compromised, past messages can be revealed); Signal does. Delta no question beats signal in decentralization, though email is less decentralized than it seems–how many people do you know who still use gmail? Delta also inherently leaks metadata on whom you’re communicating with to the email host (that’s just imap/smtp). Signal can mitigate this somewhat with Sealed Sender (which gives one-way anonymity), though it can be broken with statistical analysis, and signal metadata is more identifying due to requiring a phone number.
I can’t call ethical an app that relies on Electron.
Weird goalpost but Ok
I think it is more of a hill than a goalpost.
Don’t ask me for a phone number and I’ll use it.
When did WhatsApp start allowing signups without a phone number?
No clue. Never even tried to use it since it’s a Meta product. I was referring to Signal’s phone # requirement being a non-starter.
So what do you use now?
Matrix
I use Element.
I use both and have been happy with both, but note that Element / Matrix have recently announced the intent to add paid service tiers.
Fair enough, servers cost, you can self host it too…
Remeber, If it’s “free”, you are the product.
The irony of you posting this on lemmy, which won’t allow posting from a VPN or masked email addresses is not lost on me.
The amount of hoops I had to jump through to make this comment and maintain some semblance of privacy is infuriating but at least it’s not reddit I guess?
But do go on about your security standards…
Edit: BTW, you can set signal to hide your number completely. Combined with FOSS-based encryption keys on-device makes signal the only choice for trying to maintain freedom of expression globally.
Nothing will protect anyone from messaging with a snitch who knows how to screenshot though. Food for thought… get to know your neighbors now.
You’re using the wrong lemmy server then, no problem with mine
Duck duck Go VPN connection here
If you’re reading this comment, I posted it from proton vpn
Thanks, appreciated. I installed Nord on my linux box as well, then set that to openvpn technology and obfuscated servers which worked. I’d prefer to use their quantum-proof encryption but there’s no way to bypass VPN checks if one sets that. I think it’s a mistake on lemmy’s part to even put that hurdle up, but it is what it is. Having one’s real world identity tied to social media is a risk going forward. Data is the enemy.
Data is 100% the enemy and you’re right, lemmy would be moronic to put that roadblock in place
They DID put that roadblock in place. That’s kinda my point. You have to loosen a VPN’s security to post here (as I’ve had to do to reply). It says “no posting from VPN” in the lower left if one uses more advanced/secure encryption. They also don’t allow account creation from masked email platforms like fastmail.
It doesn’t matter if you hide the number; at some point they deanonymized you when you signed up.
Want to be a dick about “hoops”? Get a number that isn’t traceable. It can be done, but it’s tough. I doubt its possible in the countries that really need anonymity of association.
Deanonymized isn’t a risk with end-to-end FOSS-governed encryption (as compared to Meta’s mysterious backend that manages keypairs for whatsapp and messenger). Sealed Sender can even obfuscate the metadata of the recipient for further snooping hurdles. Nothing is perfect, and any participant can silently ex-filtrate conversation data with another camera.
i dont use whatsapp that much anyways
Nah, that would be Matrix, XMPP, DeltaChat or SimpleX
Jami*
Matrix isn’t necessarily p2p
Oh yes that too
My wishlist is an app which is not linked to a phone number, is multi platform and has a web app. It should be none US and open source. That isn’t too many requirements and yet nothing seems to full fit the bill? Anyway good luck trying to get school parent’s groups to use something other than WhatsApp.
XMPP/Jabber via a web client like movim.eu sounds like it ought to work!
You can also look into Snikket as a host for small groups like friends or family, but can continue to use the Movim web client even if you’re hosting with Snikket rather than Movim itself.
Matrix and Element. Run your own server if you want or use a server that’s not in the US.
Matrix fits the bill.
Unless you don’t like the federated nature.
Removed by mod
I will switch to signal when I can avoid installing stuff on bunch of my devices. Until web version is available, sorry it hard for me to switch and for me to convince other people to switch.