Granted, the part
The globally recommended app by privacy and security experts, Signal, is now being downloaded massively and tops the Danish Google Play Store
is a little ironic, but you gotta push this winning tide and then work from that.
The people that are orchestrating the takeover of Greenland literally owns that fucking platform you fucking idiots.
Does no one in the west have a fucking brain?
Perfect is the enemy of the good.
Just see it as a first step. Signal is still better than WhatsApp being owned by Meta. If we get more people of WhatsApp, in the future there might be more European alternatives.
There are no big European alternatives the majority of people are willing to switch.
I got rid of WhatsApp last year myself and could only convince 8 people to use Signal. I tried Threema and Matrix, but most normal people are not willing to do this and don’t care they give up their data and so on…
Thank you for contributing to the critical mass o7
I joined Signal for the very few people in my contact list that use it, but I am holding out for the further establishment / gaining traction of a non-walled-garden solution before I start evangelizing Signal… So that I don’t get more people to switch, and then after a few months/years have to try to get them to switch again e.g. to a Matrix solution (and once again losing my chat history in the process).
From one american service to another american service? Good job m’Danes, that’ll show’em.
Less flippantly though, Signal is a better american service, and incremental improvements are good too.
Meshtastic. Let’s get some critical mass. Get single points of trust out of the equation.
Or simplex!
Sadly Meshtastic is limited to the number of nodes it’ll go through (think it was 7) so pretty limited. MeshCore goes up to something like 64 so is better but still both have huge limitations right now besides the ‘no nodes around me’ issue.
still, I have some MeshCore nodes and hopefully get 1 fairly high up when I can afford the £100 to buy it but its a lot to waste when no-one around here is interested.
Or briar, tox…
Tox is not really great for multi-device, is it?
Yeah, a network based on the principle of flooding ain’t gonna work across that many people.
I’ll get a node, but the bandwidth is too low. I’m looking into WiFi meshing now.
I am from Denmark. I have spent the last 10 years fighting to get schools and government institutions to switch away from American software.
What a waste of time, when all it takes is the threat of an imperialist take-over of Greenland to actually get my fellow countrymen to finally listen and act.
Italian in Denmark here.
I thank you so much for this! I am amazed at the dependence of all facets of social life and information on Meta and Google’s properties.
I am cut out of my building’s initiatives because I don’t have a Facebook account. There are no events (such as dance events, protests, etc) published anywhere else than on Facebook’s Events.
When I propose to be contacted on Signal people look at me as if I was an alien.
You are doing God’s work, as a Christian would say.
Signal is still centralized US software.
It is the least evil for the ignorant technology end user.
Ignorant feels harsh, technically accurate but harsh. Yes technology permiates our lives but its such a broad term that no one can be fluent in all its aspects and most of us have to have in depth knowledge of at least one part of it to do our day jobs. We can’t expect everyone to have the time to learn about the inner workings of communications infastructure.
Concerning the usability, yes. Otherwise Matrix would be the best option, it can be hosted locally.
Why do you think that? The owner of it is alt right and the fascists are using it. Why feel safe on it? Doesn’t make sense.
Problem is if they change to Signal now they are less likely to change again to something “better”.
There’s no better. When that hopeful better comes we will all think about it.
pretty big fan of http://delta.chat/ secure and decentralised
They are supreme denialists and try to gaslight people into believing that Foward Security is a thing you don’t need. I may have it installed and the ui is cute enough, but I can’t even consider it hitting close to the level of security Signal employs. It’s basically a toy experiment.
bummer, i had not realised that forward security was not there :/
sounds like its a while off.
Is that not just chat over email? I thought it used to be, and some of the language on the site is still kind of suggestive of it, but it does sound kinda different. Maybe I’m confusing it with something else. If it’s still just fancy email, I’m not sure I like that idea since email has so many privacy issues baked in deep.
i dont know much sorry, think you would want to start with https://chatmail.at/
Telegram is still better, while not being ideal, of course. But at least its servers aren’t located in the USA.
The ideal options are decentralized/p2p, but for now they have very few users (not many less than Signal, to be fair).
The software with encryption disabled by default, no security audits, and rampant spam is better?
E2E encryption it’s not the only feature that matters. By the way, I am not promoting Telegram, I only mean that relying on US-centric infrastructure is bad because you can be disconnected away at any moment.
Telegram is worse. There’s only pedos and russians on it, not to mention the french government having full access to the servers.
telegram is the absolute wirst when it comes to constant spam from scams and bullshit group chats… it’s an utter cesspool.
Elaborate please.
But at least the US government can’t listen in on your conversations, and if they don’t know your phone number, can’t block your specific communications either.
That you know of.
This is from 2020 after the news discovered that yeah actually, the US gov could read your encrypted messages. https://www.forbes.com/sites/daveywinder/2020/02/12/cia-secretly-bought-global-encryption-provider-built-backdoors-spied-on-100-foreign-governments/
Edit: how fascinating! I’ve been downvoted. Really makes you wonder who is pushing for this adoption of this.
Well yeah, but if you take into account theoretical vulnerabilities, then nothing is safe, including your self-hosted decentralised server (let alone your conversation partner’s).
You were downvoted because what you posted is completely irrelevant to Signal. The only way to read the messages is to install spyware on your phone.
It’s the fediverse, signal is sacred and will not be questioned nor criticiced, anyone else who wishes to have a non-US instant messenger gets downvoted to hell.
Wish I was joking but just look at the other guy who dared to like Telegram.
It’s basically signal or matrix in here.I personally don’t use it, it’s much more suspicious that other messengers get so much flak and signal is defended so fiercely… And it’s also USA based.
It’s the fediverse, signal is sacred and will not be questioned nor criticiced
you can question signal just as much as you want, but you’d better come with actual arguments rather than just conspiracy, because signal has counters to pretty much every claim that non-experts try to make
signal was built and is run by one of the worlds foremost security researchers and privacy activists
it uses standard encryption that is used in huge numbers of things. if there were a problem with any part of that, the world would have a much bigger problem than individual communications. the US government does not behave in a way that suggests these algorithms are compromised
it has been repeatedly audited by 3rd parties
the fact that it’s US-based is barely worth mentioning… why is that a problem? are you sure it’s not solely a knee-jerk reaction?
it’s free (so you’re not supporting the US economy), the client - and server, though that’s not important because E2EE - is FOSS (so it’s auditable and extendable by anyone: AFAIK they also ensure repeatable builds), the encryption is basically as good as it gets (they even have various protections for quantum computing), their architecture means they can’t even see metadata like senders… so, again, in this case what are you giving up by having it US-based? perhaps a little bit of soft power, perhaps an acknowledgment that in this 1 case the US produced a good product counter to their governments interests
the other guy who dared to like Telegram
because telegram is not for security or privacy conscious people, despite their marketing: they actively muddy the waters and make people less safe
their encryption is custom, written by mathematicians not cryptographers so doesn’t include features like perfect forward secrecy, replay protection, etc
and their default chat mode isn’t even e2ee - only secret chats use their custom encryption, and nobody actually uses them!
there are numerous sources documenting these problems, and plenty more
it’s okay to like telegram: i like it as a chat app, and i use it for the features it provides… but it’s not okay to say in a privacy and security context that they’re even remotely comparable
Weren’t it Signal devs who made e2e for WhatsApp? So what’s the point of switching?
Signal punished their spec and WhatsApp re-implemented it, yes but critically only the messaging parts rather than all the other privacy parts
the reasons to switch basically start with WhatsApp is owned by Meta, and given that these things become more important:
- WhatsApp is closed source so it’s difficult to confirm if their implement is “correct”
- they may have the ability to extract your keys from your device somehow
- i’m not sure who is the ultimate key-holder for whatsapp: if it’s like apple, they hold your private keys and thus can decrypt anything they like (different to signal where devices transfer your keys between each other via qr codes etc)
- on that last point, i can confirm that to login with whatsapp on the browser just now my process was: enter phone number, type an 8-digit code from my phone… this could be an temporary key of some kind used to e2ee between the devices to transfer my master key or something, but i’m very suspect on this being anything more than plain text verification that meta could man in the middle
- whatsapp stores your contacts, and message metadata… that’s all i personally need to avoid it: meta doesn’t need to know who and how often i message people to add to their profile on me
meta says whatsapp is secure exactly for this reason: people think “why switch?” when it’s really about the metadata for them… they are experts and building a profile with scraps of metadata
writing a secure application is about more than technically rock-solid encryption and protocol
signal was built and is run by one of the worlds foremost security researchers and privacy activists
Small sidenote, but Moxie is no longer running Signal. (He’s doing Confer now.)
Or, or…hear me out in this… Just maybe
You’re fucking wrong and there is no conspiracy to make you look bad
Crazy, I know
True. I was more referring to the fact that nobody has wanted to move away from Meta, Google and Microsoft solutions because of convenience (until now).
Kinda ironic that if the danish representatives in the EU got their way with chat control, danish people wouldn’t even be able to install signal (officially at least), since Signal said they would leave the EU in such a case.
I’m pretty sure this isn’t irony, but rather a reaction from the population that is realizing the shit their government is doing.
Are they switching in the hope they’ll get added to a group chat planning the invasion?
deleted by creator
Nope, signal.
It was though, to be fair, that’s definitely not what’s the bit to blame for government officials adding the incorrect people to their own group chats.
That is one fucked up looking flag
deleted by creator
greenland officially adopted it 3 hours ago (10000% real)
What’s she flag equivalent of blasphemy? This is what it would look like.
Mushing two nation flags plus an app logo plus some sort of pattern overlay into a headline image is just so wrong.
Unfortunately Threema the European alternative that’s at least as secure as Signal costs money - and that one time fee is enough to send everyone to Signal.
Imagine EU sponsoring a messaging app as part of public infrastructure.
Great Idea. It will probably be called ChatControlsEU and every message is archived and data mined at the Bavarian police departments Palantir instance.
Several of good free peer to peer options. We need to completely move away from centralized servers. This list is dated, as there’s many new excellent options out there. It would be cool to see a multi client protocol.
The article dedicated a paragraph to Threema. Just noting and quoting it for context, not necessarily agree.
Another well-known messaging app, Telegram, is not considered a private alternative, as chats are not end-to-end encrypted by default. Only Secret Chats offer optional end-to-end encryption, while group chats have none. Telegram also falls short in other privacy and security areas, such as metadata protection and contact privacy.
Threema and Telegram are the same app?
It’s also not open source.
The Threema client is open-source. Which is about the same as with Signal, who release partial open-source code of their server, but it is impossible to actually use.
But as far as I understand, for e2e programs that doesnt matter as long as the client is open-source, isn’t it?
Especially as there are open source alternatives such as matrix
As much as I praise Threema… it frankly sucks compared to the alternatives. Delayed message delivery, sometimes no notifications, somehow dated looking Ui…
If only the threat didn’t (also) come from inside the house when it comes to privacy. I don’t want my national police to have full access to my chats at all times any more than I want the USians to have that access, possibly even less. FBI or CIA isn’t going to personally bust down my front door, arrest me and seize all my computing devices because I called a local politician a dick.
Is it about the geopolitics or did SaveSocial’s marketing campaign “digital independence day” last weekend (look for #DIday and #DIDit) also contribute? I’m not sure how visible that was internationally or if it was just a German campaign.
DID stemms from a Talk AG the CCC this year. It is a month old and was held in german. I think this isnt DIDs work here
Like one of the main things Signal is really terrible at given that it is based in the US and hosted on AWS servers 🤦
Besides being hosted in the AWS servers, there’s no way to check if what’s running there is the same as the published code. That’s why i don’t use signal.
When the signal foundation is losing money every year, i can just wonder what will happen when the money runs out. Even the good guys need to eat.
Or what will happen when trump will decide to seize the AWS servers running the signal application server.
You don’t need to care about the server code since the secure bits and encryption that matters is all on the client side and verifiable.
i do care about metadata.
If you care about it then just use Signal since it’s the one with least amount of metadata fying around. A big central server with many normies using it also ensures that it’s very hard to correlate traffic.
If you care about it then just use Signal
No, because of:
When the signal foundation is losing money every year, i can just wonder what will happen when the money runs out. Even the good guys need to eat.
I have seen this film so many times…
as in phone number, IP and timestamps? If I were worried about that I wouldn’t have a phone in the first place but if private messaging (content is private) I think signal works fine
It shouldn’t matter because you can verify that your data is encrypted and thus not accessible to the server, but also, IIUC, they use secure enclaves so that you can verify that their server is running the published source code.
when trump will decide to seize the AWS servers running the signal application server.
How do we know he hasn’t already?
No need to size them. AWS is deeply embedded into the intelligence apparatus of the NSA as one of their prioritized suppliers.
I believe the fact that Signal is hosted on Apple or Google clients is worse than its server host. (I still use and recommend it though)
Convincing people to use an open Android build is much harder than installing another messenger.
It’s e2e encrypted. Although, as I noticed, the key is just a short pin, unless you use password, but the recipient might not use it and your messages are just as secure as your recipient.
The PIN isn’t actually the encryption key, it’s just a display lock for the local client. But if whoever wants to read your messages has physical access to your phone and already bypassed the normal android lockscreen, you’re fucked anyway.
Facebook Messenger also claims to be end-to-end encrypted… There’s literally no way of knowing if they can decrypt your messages.
The only way to know is to host it yourself and preferably use post-quantum secure encryption.
The other party is always the weakest link.
But also signal’s pins are a little more complicated than that, but you’re right, switch to a passphrase.
Plus side, even if signal themselves edited the secure enclave, the world would need a new client pushed and probably notice something was off.
The way signal’s encryption works is really an art in paranoia.
the world would need a new client pushed and probably notice something was off.
Not if the US have the support of Google.
Totally not how the APK teardown community works, but ok.
How does APK teardown help if Google can replace the app unnoticed?
Because there will always people running Signal from a different source, and only one of them is sufficient to notice the server has been tampered with.
(And I’m not sure if they have reproducible builds yet, but if they do, people can also verify that even the Google Play-provided APK does or doesn’t match the published source code.)
notice the server has been tampered with.
Which server?
doesn’t match the published source code
People don’t control their phone. There is no way of knowing if the installed app is the one that is running.
And? That doesn’t help at all if the US government decides to force Signal to stop servicing Denmark.
It helps in that they still can’t read your messages. The EU is likely to make e2e messaging illegal before the USA cuts access.
You can’t really make e2ee messaging illegal, at least it is impossible to enforce with decentralized open-source messengers.
It is much more likely that the US will mess with Signal, than that you will stop being able to use an e2ee messenger like XMPP, which is just as secure as Signal regarding the e2e encryption.
The issue is that it’s already pretty hard to convince people to use something easy like Signal, most people just don’t care enough for something “complicated” like XMPP-based messengers, especially if mainstream app stores had to stop letting EU-based users install messengers with these features.
Well, yes. But when it comes to digital independence Signal isn’t better than WhatsApp. At least recommend something like Threema if you think the much better alternatives are too hard.
Except Meta fully owns the WhatsApp metadata, and frankly Signal is a lot more trustworthy about its e2e implementation being actually, in practice, secure.
at least it is impossible to enforce with decentralized open-source messengers.
All you need is a central registry where licensed messengers register their e2ee connections. Then network providers only have to report all ip addresses with connections that are not on that list.
Impossible with VPNs, but politicians have already announced their desire to make them illegal.
What? You are not making much sense. What is a “e2ee connection”?
An encrypted connection between two endpoints.That’s required for “decentralized open-source messengers”.
Currently it’s impossible to prevent because of all the encrypted video calls of the Meta messengers and similar connections between endpoints.
If those video streams are marked then it is known which endpoints use software that evades surveillance.
Oh that’s another consideration indeed.
Welcome to the club!
