• Humanius@lemmy.world
    link
    fedilink
    English
    arrow-up
    147
    arrow-down
    4
    ·
    edit-2
    1 month ago

    After Trump was elected and inaugurated, Signal has finally been gaining some steam here in the Netherlands.

    It’s still an American company, so it’s not ideal. But it’s still significantly better better than letting a tech giant like Facebook have control over the most commonly used chat app.

    WhatsApp needs to go and Signal is the most likely way in which we can achieve that. We can worry about the American elephant in the room later.

    • Kualdir@piefed.social
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 month ago

      Sadly many still don’t want to switch. My most active chats are in signal now but the large majority of chats are still on whatsapp

        • Humanius@lemmy.world
          link
          fedilink
          English
          arrow-up
          12
          ·
          1 month ago

          Not all of them.

          I have a non-official chat group with some colleagues, and a chat group for the neighbourhood that are not likely moving just because I am refusing to use Whatsapp. It would just result in me missing out on those chat groups.

          Currently I just have both installed, and that is also how I try to convince people to install and try out Signal.

    • ZMoney@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      America is not a monolith. Signal’s developers are very much aware of the risks of operating there and probably already have several escape plans given recent developments. I also think five-eyes probably has access but getting it might be computationally expensive.

    • viking@piefed.ca
      link
      fedilink
      English
      arrow-up
      41
      arrow-down
      4
      ·
      1 month ago

      There is threema, a Swiss messenger that gained some popularity earlier since they had end to end encryption before whatsapp.

      Unfortunately the source code is not open (even though they do get annual audits with public reports), and the client costs 3 EUR or something (once).

      • Humanius@lemmy.world
        link
        fedilink
        English
        arrow-up
        51
        arrow-down
        2
        ·
        1 month ago

        Yeah, but Threema has basically no momentum behind it at all at this point.
        I’m putting my social capital behind the option that currently stands the most chance of beating out Whatsapp

          • Humanius@lemmy.world
            link
            fedilink
            English
            arrow-up
            32
            ·
            edit-2
            1 month ago

            Then by all means keep that momentum going.
            I’m just looking at this from a Dutch perspective, where Signal is seeing by far the most growth.

            • rhabarba@feddit.org
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              10
              ·
              1 month ago

              You can help making it stronger. That’s what I did in Germany: if people want to contact me, I usually give them my Threema ID first, everything else comes later.

              • Humanius@lemmy.world
                link
                fedilink
                English
                arrow-up
                20
                ·
                edit-2
                1 month ago

                But my goal is not to move to Threema, my goal is to move away from Whatsapp.
                Signal fits the bill while expending far less social capital convincing people to use it.

      • philpo@feddit.org
        link
        fedilink
        English
        arrow-up
        28
        arrow-down
        3
        ·
        1 month ago

        And Switzerlands records in terms of privacy sadly is far worse than most people think - even with the last attack being repelled.

        Matrix (preferably on a non-matrix.org instance) currently is the preferable non US and privacy friendly way.

        • rhabarba@feddit.org
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          4
          ·
          1 month ago

          I don’t know - this hype about Matrix reminds me of XMPP which was similarly popular a decade ago. Today, nobody even remembers it anymore.

          • philpo@feddit.org
            link
            fedilink
            English
            arrow-up
            9
            ·
            1 month ago

            Which hype? Matrix as a protocol is used for a decade now, especially by various big governments (French, Luxembourg and German governmental messenger, various German states, German and Polish armed forces, German healthcare messenger, various smaller projects in Latin America), is bridgeable (I currently have it bridged to Whatsapp and Signal amongst others) but I really don’t see a hype - on the contrary I only see people predicting me the immediate apocalypse of Matrix for 5 years now, currently due to matrix.org (one of a hundred instances) introducing a premium account model for the most cost intensive (heavily media sharing)users. (See below for that).

        • viking@piefed.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          That’s just the client, the server architecture is what really matters.

        • ornery_chemist@mander.xyz
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 month ago

          FYI, while Threema front-end clients (apps) are open-source (and offer reproducible builds, which is surprisingly uncommon in open-source land), the server component, though supposedly audited, remains closed-source.

          EDIT: for comparison, the Signal server code is mostly open source, but things like the spam filter are closed.

          • sqgl@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 month ago

            Thanks.

            And I didn’t know Signal had spam filters. It makes sense to not make that open source.

            In my circle of 20 there has only been one instance of spam over several years. 3 of us got the same message.

      • Humanius@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        1 month ago

        But being based in the United States it is still subject to American laws, and that comes with the risk of potential American spying and embargoes. Software from any American entity (be it coorporation or non-profit) comes with that risk.

    • pheonixdown@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      1
      ·
      1 month ago

      Signal used to be the best answer to this conundrum, since it would use its own internal protocols if it could or fall back to SMS if it couldn’t, unfortunately they decided to drop SMS support a few years ago, citing users that sent sensitive information not realizing they were using SMS (that always felt kinda flimsy). I really disliked this change, because it raised the difficulty of adoption, from just getting people to replace their default app with Signal to making them manage multiple apps.

      Now though, you basically need to advocate socially for the change you want to see in the world. Anecdotally, I started using Signal when they still supported SMS to talk with 1 friend group, and eventually convinced most of my closest family groups to also use it, many after SMS support was dropped. Apart from 1 tech illiterate elderly couple and 1 extended family member, I haven’t received any personal (non-company related) text messages in like 5 months.

      • dustyData@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        The sad truth is that the majority of people are treating WhatsApp exactly as a social network. It is there to send memes and stickers. See what others are up to without having to interact. Then mindlessly scroll through reels. Ocassionally purchase something via chat with a corporate bot.

    • vividspecter@lemm.ee
      link
      fedilink
      English
      arrow-up
      24
      arrow-down
      1
      ·
      1 month ago

      Signal has been a good option because you can get “normal” people to use it, which hasn’t been true for many of the alternatives (except Telegram, but that’s a mess).

      • pycorax@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        1 month ago

        The problem is that it was easier to get people to move to Telegram since it had an abundance of features compared to WhatsApp which was compelling for the average person that doesn’t care about encryption. Signal doesn’t have any of these features that make it enticing for the person.

    • Chronographs@lemmy.zip
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      5
      ·
      edit-2
      1 month ago

      If you quickly uninstall it because you don’t know anyone using it it sounds like you’re part of the problem. If someone you know installs it to try it out that’s one less person they see as well. Personally I got the vast majority of my friend group to move to it years ago by just saying like “hey Facebook sucks we should move to signal”. If you don’t want to do that should at least leave it installed it’s not like it’s taking up much space

  • arin@lemmy.world
    link
    fedilink
    English
    arrow-up
    34
    arrow-down
    18
    ·
    1 month ago

    A truly ethical replacement would not need a phone number

  • falynns@lemmy.world
    link
    fedilink
    English
    arrow-up
    28
    ·
    1 month ago

    Humans are too stupid to switch from convenience to slightly less convenience even if they get privacy for free. Any amount of discomfort is too much and changing an app is basically death.

    • Vanilla_PuddinFudge@infosec.pub
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 month ago

      They see no value in it. They don’t see that privacy is proactive measure that can protect you.

      On Facebook, especially in my family, accounts get lost and hacked. One fine day, it might be someone with more influence in the family who’s attacker might make off with stolen bank information or passwords.

      but “that’ll never happen”, right?

    • aidan@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 month ago

      Does it really matter who made it if you can see the source code? You don’t have to trust them.

      • ballgoat@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        That’s kind of a core tenet of libre/open software, innit? Independently verifiable software that you can change at your pleasure.

          • ballgoat@lemmy.zip
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 month ago

            Yes, you can use their exact build environment straight from GitHub. You can also use Molly.im which is another app that i think is a fork? Im still investigating it.

    • hackitfast@lemmy.world
      link
      fedilink
      English
      arrow-up
      30
      ·
      1 month ago

      I don’t think that the founders are bad people. If you look at their history of work, they have done enormous amounts of work in the computer security sector. The founder, however, did run a cloud based WPA cracking service.

      Meredith Whitaker, who is the president, used to work at Google doing research for “issues related to net neutrality measurement, privacy, security, and the social consequences of artificial intelligence”.

      In 2018 she then staged walkouts at Google over concerns of sexual misconduct and citizen surveillance.

      The people on Signal’s board seem to be trustworthy people with a pretty airtight background. You have to worry more about the mobile operating system compromising you than do you about Signal.

      • Alexander@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        3
        ·
        1 month ago

        I guess that sucks because I make a living working in cyber security. What do I know, amirite? 🤷

      • ewenak@jlai.lu
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        Could you explain a bit? I see main issue with Signal (though I’m not an expert, and they’re not strictly related to security): it’s centralized (and the server isn’t even open-source).

        The question is also a lot about your threat model right?

        • DreamlandLividity@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 month ago

          The encryption being crap really does not depend on the threat model. Sure, in some threat models you may not need e2ee at all but in that case, what’s wrong with WhatsApp?

          The issue with XMPP is that security really was an afterthought. Not only is e2ee an optional extension, but there are actually 2 incompatible extensions, each with multiple versions. Then you have some clients not implementing either, some clients implementing the older, less secure one. Some implement the newer one but older version of the spec with known issues. And of course, the few clients that implement it well become incompatible with other clients that don’t if you enable e2ee, so it is disabled by default.

          That is all before you start looking into security audits or metadata harvesting.

  • Kevnyon@lemmy.world
    link
    fedilink
    English
    arrow-up
    22
    ·
    1 month ago

    I wish I could do this, but trying to convince people to ditch an app they’ve never had problems with and where they all have their family, friends, work groups and school groups already mashed together, how do you convince them? Its not even about me convincing my friends or family, its about everyone else doing the same and when everyone has so many contacts in WhatsApp, that number starts to snowball real quick. Its just not feasible to try and explain this to someone who literally doesn’t care. I mean even though I myself know what Meta is and how Zuck is complete asshole, I still can’t switch off of WhatsApp because nobody I know is on Signal and I’d just be alone there. What’s the point? WhatsApp is pretty much the first app anyone installs on their phone (regardless of platform), they’re not gonna switch now.

    • ElcidBarrett@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      WhatsApp is pretty much the first app anyone installs on their phone

      Is this really the case?

      Maybe it’s a regional thing. I’m in the northeast US, and nearly everyone I know uses Facebook Messenger as their main form of communication, even people who don’t touch Facebook at all. I hate Messenger for the same reasons that people hate WhatsApp, but I still have to use it because my entire social circle does. If I want to message someone outside Messenger without giving my phone number out, I use my Google Voice number.

      I’ve only ever used WhatsApp to talk to work contacts overseas, and I’ve only ever used Signal to talk to paranoid drug dealers, which is a use case that’s mostly been replaced by Telegram now.

      • Kevnyon@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        In my region in Europe, it really is. EVERYONE uses WhatsApp. I’m not sure the last time I saw someone use SMS, its all WhatsApp. iOS, Android, its all there.

      • bystander@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 month ago

        Outside of North America, most other countries’ use WhatsApp as a choice for personal and business uses is WhatsApp. Rest are mostly dominated by Facebook messenger. Excluding China which has WeChat domestically.

        How Meta was ever allowed to buy WhatsApp without triggering anti-trust laws is beyond me.

        Some numbers

        Many of my European and South American friends are having a hard time because that’s where all their families and friends back home are, and it’s hard to get them to use something new, especially the older folks.

        • Kevnyon@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          How Meta was ever allowed to buy WhatsApp without triggering anti-trust laws is beyond me

          It was still called Facebook when they bought it.

    • orgrinrt@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      ·
      1 month ago

      Well, just an anecdote:

      I simply deleted my WhatsApp and moved to signal. Just did it.

      People installed the app, at least the ones that cared about staying in touch. Which was most everyone I cared about staying in touch with. A few of my friend groups also moved the group chat to signal, though all of them do have other ones with the people who didn’t care enough to move too, but I hear it isn’t that big a deal, they had multiple groups before and will have in future, doesn’t really feel like any extra hassle they say.

      It’s been fine. No problems. I’ve had more trouble trying to explain to my extended family why I’m no longer posting on instagram. Those I never had in WhatsApp either back in the day, so they “stayed in touch” by watching my pictures I suppose. But I just consistently tell people they can reach me always via signal or plain old sms.

      I guess the biggest thing to be scared about would be fomo for most, but I don’t really care enough, I’ve got so much going on already that it’s more of a blessing that I don’t have to be involved in every conversation or meme sharing or whatever.

      It really gets so easy after simply switching. Just do it and that’s that. The people worth anything come with you, it’s just another app and another group chat or personal chat. Most already have discord and the meta messenger whatever its name is these days anyway. I know zero people with only one messenger/chat app and unsplintered groups across them. It’s not a big chore, and if it is, there’s always sms.

      • Kevnyon@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        I guess the biggest thing to be scared about would be fomo for most

        I don’t mind missing out on some things, but I would mind missing out on literally all of the things. Everyone is on WhatsApp and trying to convince people to switch to a different app when, from their perspective, their current app has over 99% uptime, their kids, their family, their extended family, their friends, all are on WhatsApp. Its the same for me, its everyone. Its just a different situation in Europe.

    • oakward@feddit.org
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      3
      ·
      1 month ago

      Just ditch WhatsApp. Don’t give in to social pressure to install malware on your phone

      • Kevnyon@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        There’s nobody on Signal, that’s the problem. If I want to miss out on all of my group conversations, work conversations, messages between myself and others, then yeah, I can switch. But if I want to receive any messages at all, I have to keep WhatsApp installed.

      • Echo Dot@feddit.uk
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 month ago

        The problem is there’s no one on signal that I want to talk to. So “just ditch the app” isn’t actually helpful.

          • Echo Dot@feddit.uk
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 month ago

            " It’s not that hard really all you have to do is be around people who already want to move over". Yeah thanks for that advice.

            I have a very similar strategy to being rich, step one is to be rich already. Simplicity itself.

              • Echo Dot@feddit.uk
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                1 month ago

                Why are you being intentionally disingenuous?

                I will say it again just so it’s stated.
                People are not going to move to another service unless they can obviously see the benefit in moving to that service. People who are not technically inclined (that doesn’t mean stupid) are not going to see the benefit.

                Don’t be rude about people you don’t know anything about. Don’t insult their intelligence just because they’re not as interested in a very niche area of technology as you are.

                spoiler

                Why are you friend with stupid people?

                Also note that if you are going to be rude about people you know nothing about, you had better check your grammar

                • VintageGenious@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 month ago

                  What I said is that smart people can be convinced to move to another platform. Most of my friends are not technically inclined, but it was easy to make them use it, at least to chat with me.

                  What you did is change “smart people” with “people who already want to move”, which is not the same. You then said it’s not something you can choose (as you cannot choose to be rich). But I answered that you can actually choose your friends.

                  Never did I say people who are not interested in niche technologies are not smart. My statement can be rephrased in an equivalent statement “people who cannot be convinced to change are not smart”, and I stand to it.

    • iegod@lemmy.zip
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 month ago

      Yep. I know the details. I’m tech savvy enough, but I use what my contacts use, and I’m not leaving WhatsApp. Same goes for youtube. The content I consume is there. There is no suitable alternative until the content creators switch. It’s not really about the technology at all.

  • eodur@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    2
    ·
    1 month ago

    How about Delta Chat? At least as secure as Signal, open source, and decentralized.

    • ornery_chemist@mander.xyz
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      Not saying that it’s necessarily a bad option, but my biggest issue with delta chat is that it does not offer forward secrecy (if a user’s private key is compromised, past messages can be revealed); Signal does. Delta no question beats signal in decentralization, though email is less decentralized than it seems–how many people do you know who still use gmail? Delta also inherently leaks metadata on whom you’re communicating with to the email host (that’s just imap/smtp). Signal can mitigate this somewhat with Sealed Sender (which gives one-way anonymity), though it can be broken with statistical analysis, and signal metadata is more identifying due to requiring a phone number.

    • tym@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      3
      ·
      edit-2
      1 month ago

      The irony of you posting this on lemmy, which won’t allow posting from a VPN or masked email addresses is not lost on me.

      The amount of hoops I had to jump through to make this comment and maintain some semblance of privacy is infuriating but at least it’s not reddit I guess?

      But do go on about your security standards…

      Edit: BTW, you can set signal to hide your number completely. Combined with FOSS-based encryption keys on-device makes signal the only choice for trying to maintain freedom of expression globally.

      Nothing will protect anyone from messaging with a snitch who knows how to screenshot though. Food for thought… get to know your neighbors now.

        • tym@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          Thanks, appreciated. I installed Nord on my linux box as well, then set that to openvpn technology and obfuscated servers which worked. I’d prefer to use their quantum-proof encryption but there’s no way to bypass VPN checks if one sets that. I think it’s a mistake on lemmy’s part to even put that hurdle up, but it is what it is. Having one’s real world identity tied to social media is a risk going forward. Data is the enemy.

          • Toga65@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 month ago

            Data is 100% the enemy and you’re right, lemmy would be moronic to put that roadblock in place

            • tym@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 month ago

              They DID put that roadblock in place. That’s kinda my point. You have to loosen a VPN’s security to post here (as I’ve had to do to reply). It says “no posting from VPN” in the lower left if one uses more advanced/secure encryption. They also don’t allow account creation from masked email platforms like fastmail.

      • ikidd@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 month ago

        It doesn’t matter if you hide the number; at some point they deanonymized you when you signed up.

        Want to be a dick about “hoops”? Get a number that isn’t traceable. It can be done, but it’s tough. I doubt its possible in the countries that really need anonymity of association.

        • tym@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          Deanonymized isn’t a risk with end-to-end FOSS-governed encryption (as compared to Meta’s mysterious backend that manages keypairs for whatsapp and messenger). Sealed Sender can even obfuscate the metadata of the recipient for further snooping hurdles. Nothing is perfect, and any participant can silently ex-filtrate conversation data with another camera.

  • Jaberw0cky@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    1
    ·
    1 month ago

    My wishlist is an app which is not linked to a phone number, is multi platform and has a web app. It should be none US and open source. That isn’t too many requirements and yet nothing seems to full fit the bill? Anyway good luck trying to get school parent’s groups to use something other than WhatsApp.

  • maxo@feddit.org
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    4
    ·
    1 month ago

    I will switch to signal when I can avoid installing stuff on bunch of my devices. Until web version is available, sorry it hard for me to switch and for me to convince other people to switch.