- cross-posted to:
- signal@lemmy.ml
- cross-posted to:
- signal@lemmy.ml
You must log in or register to comment.
deleted by creator
to really fight surveillance capitalsim
Because somehow FLOSS E2EE (both client and server) run by a non-profit is still surveillance capitalism.
Tox has never had a third party audit, and I wasn’t able to find any info on Matrix. Signal on the other hand has passed several and is praised by most security experts. Sure, the use of a phone number makes it a bad tool to communicate with people you don’t trust, but it is still the best for communicating with friends/family that already have your phone number anyway.
deleted by creator
Have you been able to run your own Signal server and use it with other people ?
I never had a reason to, but the fact that Signal is Floss would make it possible (though not necessarily easy) and that’s enough for me The openness of Signal as already proven super useful, for example the Signal protocol is now the golden standard for asynchronous message E2EE, and has been implemented in other apps. There are already forks of Signal that exists too (session).
centralization of communication and the capture of users
Given that most people already have multiple messaging apps installed, I don’t feel like it’s that much of an issue when the organisation behind it is a non-profit. You should read Moxie’s blog post and conference talk “the ecosystem is moving”, it makes some really good points IMO.
interoperability is a prerequisite
I disagree. To me, the n°1 prerequisite is that it is accessible to the point where even my grandma can use it. Signal reaches that goal perfectly. Federation has advantages, but an app that first asks someone which instance are they a member of is terrible for that.
Signal doesn’t want third party clients connecting to their servers, potentially leading to weird UX, even for those that use the official client, and that’s fine. It’s not like they really have any kind of DRMs to forbid that. And they didn’t want someone using their name. TBH, I think that trademarks are the only part of intellectual property that make some sense.
When it comes to US sanctions, Signal works in Iran, and they are working hard to keep it available despite the country’s own ban.
I know what Matrix is, I was saying that I couldn’t find any info on Element passing any third party security audit.
deleted by creator
I think that we don’t have the same use cases.
I do agree, I don’t use really use direct messaging as a way to communicate with people I don’t know, it’s for friends and family, so people I already know IRL. Signal wasn’t designed with the goal of communicating with people you don’t know (because you are exposing your phone number). They are working on it though.
From what I understood, signal e2ee protocol doesn’t scale with multiple device per user as they rely on a single source of truth.
What? You can have multiple devices for Signal (Phones + Desktop client) for the same account. Matrix uses the Signal protocol for its own encryption (as I said it is now the golden standard) so I don’t really get what your are talking about.
but I think that it should aim at providing a way to quickly deploy the service with minimal technical knowledge
Good point, but Signal uses a lot of security measures that can’t be deployed trivially, I guess that their use of Intel’s SGX enclaves are a pain to set up. Matrix doesn’t use theses security features. And even then, Synapse’s (Matrix’s official server) is known to be quite resource intensive. Also, relying on non-professional to run instances can be a security risks, as instances are more likely to get hacked than Signal’s servers. For organisations, options like Matter/Rocket chat and Twake are cheaper to host and will be more en user friendly.
When it comes to authoritarian regimes, I’m not sure that decentralisation is actually the solution. Instances can be shut down, and how can you know which other instances are trustworthy? Decentralised protocols often leak a lot more metadata (at least that is the case for Signal vs Matrix vs Tox), so trusting your instance is important. Also, if you are using Matrix’s webclient, you have to trust that the server is sending you the right JavaScript, otherwise it could completely bypass the E2EE.
When Encrypted client hello becomes standard, centralisation will be an advantage, as any website’s traffic hosted on a major cloud vendor will be indistinguishable from the rest of the traffic hosted by the same cloud provider, which will make it pretty much impossible to block. I’m pretty sure that Signal will be quick to deploy ECH when it is standardised, while many Matrix instances won’t.
Both approaches have their merits and downsides, and both have talked about it:
I suggest you read/watch both, as they make really good points. But for now, only one of those solution reaches the goals of being usable by the masses, and does so while being praised by nearly every security researcher out there. Signal is FLOSS, is backed by a non profit and a billionaire (Brian Acton, co-founder of What’sApp) as well as donations. This lead me to believe that it’s won’t go to shit any time soon, unlike proprietary apps, so my choice is made. Sure, Signal doesn’t fit every use cases, but it fits all the ones I need, and is evolving to fit the ones it doesn’t fit yet.
do you know of any anarchist matrix chats?
Xmpp is another option. The hosting of a server is lightier and there’s a lot of servers for free use.
deleted by creator
there are many
I agree but if comrades are doing this I am going to support them, because, is open and is stll secure, maybe not anonymous. two diff things, so yes I use matrix. but I am not going to ditch the reasons of comrades, this is the problem we have in our anarchist communities… The first thing it ocurred to me is that maybe they though that for regular whatsapp people is easier to find that middle ground… again I use matrix everyone knows this.
Session is the best yet for simple click install, takes all the best from signal in terms of usability/ease of use but not centralized https://get session.org if you haven’t tried it:)
wtf. why is session promoted here? they worked together with alt-right shitheads.
and then the capitalist gamification that they aruge brings stronger protection then how Tor does it.
how is this fighting surv cap if need to go through the playstore to use it ???
RTFM - you can download the apk from their site, or compile it yourself is libre software. do you need to be handspoon by the playstore? people use f-droid and custom apk builds for everything, with custom ROMs with no google apps. never use playstore. Now if regular people is going to install signal, is much better to get them off whatsapps/facebook/instagram as a first step. so yes is a win win situation for normies. I rather see normies using the playstore to download signal, fediverse, matrix etc apps than fellow so called anarchist using facebook/instagram/whatsapp …
I am a new android user, people told me to use f-droid instead of the play store, but signal is not on the f-droid listing. telling people to compile their own software is just bad user experience and it excludes people.
also, why RTFM people? it is elitist behavior and it ignores the plurality of realities(ie not everyone has the time, resources and knowledge to do it), is elitist behavior tolerated in this space?
peoplesayRTFM for then a simple duckduckgo/google/startpage search will yield what you need, it takes longer to write about what you dont know instead of knowing what you talking about first… https://signal.org/android/apk/ <----- do you need to compile? nooo. also I said if you read well that for normies is ok to use the google play. heck I dont even use signal but I know because I search before I speak shit on forums and claim non-true statements… this is when the RTFM comes in handy. is not elitist is what some people need so they learn to learn and to not spread rumours.
congratulations, are you trying to prove that you are better than me ? because it fails when you jsut ignore all the points I present and just focus on the fact that i am noob. great praxis.
deleted by creator
DO NOT USE Signal.
