People overlook its privacy concerns for the same reason they do with apple: it has a shiny interface and is easy to use, and makes people very attached to it. Behind all that, is a surveillance network that its creators have explicitly said they do not want it to be able to run in a decentralized, private manner.
It has a long history of privacy offenses below (such as refusing to publish its server’s source code for years, its reliance on other US tech services (amazon, google), US-government funding, and a US-defense-tank friendly administration) which get ignored or shouted down by many of those above. See the article below.
Pretty much any alternative is better, as long as its not hosted in a five-eyes country, and especially if it doesn’t require phone numbers or real identities like signal does.
I personally have been using SimpleX for friends and real life contacts, and Matrix for larger more anonymous group chats.
has social networking graphs of everyone you talk to
Source?
US government funding does not mean it’s immediately bad… The internet, thr flu vaccine, closed captioning, and wheather radar were all funded by the US government. A truly secure messaging encryption is beneficial to the United States, and is evem good enough for the president apparently.
Since their messages are truly secure, it wouldn’t matter where you store them. Just store them in the cheapest places possible. It being centralized makes it far more usable to the average person, making it much more likely for them to use.
This is my comment to the other person, I just don’t want to type the same ideas out a second time:
I read it. They also have no source or evidence.
Signals database, which we must assume is compromised due to its centralized and US domiciled nature, has a few important pieces of data;
You can’t simply say “we must assume” as evidence. In fact, they implemented “Sealed sender” in 2018 where they are not able to see who the message is being sent to.
They are also legally required to provide all information they have on users for warrants and subpoenas. Any time they do that, they post the (slightly redacted) document they provided to the courts. See the list here: https://signal.org/bigbrother/ This confirms they did not have any metadata on those users. The only info they have is what they openly state (phone number, date of registration, and last time a message was sent).
While there may be other US government requests they are not alllwed to disclose, they were legally required to provide the same information to the courts, and we can see what they provided.
And sure, while the US government funds Signal, you know who else endorses it? Edward fucking Snowden. If anyone knows about secure messaging, it’s the man that physically removes the microphone and camera from his phones before using them.
Signals database, which we must assume is compromised due to its centralized and US domiciled nature, has a few important pieces of data;
You can’t simply say “we must assume” as evidence. In fact, they implemented “Sealed sender” in 2018 where they are not able to see who the message is being sent to.
They are also legally required to provide all information they have on users for warrants and subpoenas. Any time they do that, they post the (slightly redacted) document they provided to the courts. See the list here: https://signal.org/bigbrother/ This confirms they did not have any metadata on those users. The only info they have is what they openly state (phone number, date of registration, and last time a message was sent).
While there may be other US government requests they are not alllwed to disclose, they were legally required to provide the same information to the courts, and we can see what they provided.
And sure, while the US government funds Signal, you know who else endorses it? Edward fucking Snowden. If anyone knows about secure messaging, it’s the man that physically removes the microphone and camera from his phones before using them.
You can’t simply say “we must assume” as evidence.
Okay yeah you definitely didn’t read it. Large sections in that doc just before that are on phone number identifiers, NSLs, and 5-eyes countries, the US goverment pushing signal in privacy spaces… literally the reasons why signal isn’t trustworthy. Unless you can tell me what an NSL is, then I’ll assume you didn’t read it.
While there may be other US government requests they are not alllwed to disclose, they were legally required to provide the same information to the courts, and we can see what they provided.
Did you ignore the large section on NSLs? These come with a gag order, meaning its illegal for signal to notify their users about them being spied on.
In fact, they implemented “Sealed sender” in 2018 where they are not able to see who the message is being sent to.
This is a “just trust me” from signal, since neither of us have access to their centralized DB, but you also ignored two paragraphs down, where it showed that with message timestamps and recipient information, this would be trivial to find the real sender of a message, regardless of sealed sender. Again, actually open source software can’t say “just trust me” like signal can, we actually have to show code to prove it, and let people run that code in a private manner.
And sure, while the US government funds Signal, you know who else endorses it? Edward fucking Snowden. If anyone knows about secure messaging, it’s the man that physically removes the microphone and camera from his phones before using them.
Elon musk and jack dorsey also endorse signal. An endorsement means nothing, especially for centralized software based in a 5-eyes country.
Signal is a centralized, US-based service which requires your phone number (thus your real identity, IE name and address), has social networking graphs of everyone you talk to, and must forward that information to the US government when asked, as well as (by law) not tell you that they’ve been asked to do so. During the Obama era, 60 NSLs were issued for this private information every single day.
People overlook its privacy concerns for the same reason they do with apple: it has a shiny interface and is easy to use, and makes people very attached to it. Behind all that, is a surveillance network that its creators have explicitly said they do not want it to be able to run in a decentralized, private manner.
It has a long history of privacy offenses below (such as refusing to publish its server’s source code for years, its reliance on other US tech services (amazon, google), US-government funding, and a US-defense-tank friendly administration) which get ignored or shouted down by many of those above. See the article below.
Why not signal.
Pretty much any alternative is better, as long as its not hosted in a five-eyes country, and especially if it doesn’t require phone numbers or real identities like signal does.
I personally have been using SimpleX for friends and real life contacts, and Matrix for larger more anonymous group chats.
Source?
US government funding does not mean it’s immediately bad… The internet, thr flu vaccine, closed captioning, and wheather radar were all funded by the US government. A truly secure messaging encryption is beneficial to the United States, and is evem good enough for the president apparently.
Since their messages are truly secure, it wouldn’t matter where you store them. Just store them in the cheapest places possible. It being centralized makes it far more usable to the average person, making it much more likely for them to use.
Good question. I looked in the attached essay source, and he covers this there https://dessalines.github.io/essays/why_not_signal.html#social-network-graphs
This is my comment to the other person, I just don’t want to type the same ideas out a second time:
I read it. They also have no source or evidence.
You can’t simply say “we must assume” as evidence. In fact, they implemented “Sealed sender” in 2018 where they are not able to see who the message is being sent to.
They are also legally required to provide all information they have on users for warrants and subpoenas. Any time they do that, they post the (slightly redacted) document they provided to the courts. See the list here: https://signal.org/bigbrother/ This confirms they did not have any metadata on those users. The only info they have is what they openly state (phone number, date of registration, and last time a message was sent).
While there may be other US government requests they are not alllwed to disclose, they were legally required to provide the same information to the courts, and we can see what they provided.
And sure, while the US government funds Signal, you know who else endorses it? Edward fucking Snowden. If anyone knows about secure messaging, it’s the man that physically removes the microphone and camera from his phones before using them.
Read the linked doc, because it’s clear you didn’t.
I read it. They also have no source or evidence.
You can’t simply say “we must assume” as evidence. In fact, they implemented “Sealed sender” in 2018 where they are not able to see who the message is being sent to.
They are also legally required to provide all information they have on users for warrants and subpoenas. Any time they do that, they post the (slightly redacted) document they provided to the courts. See the list here: https://signal.org/bigbrother/ This confirms they did not have any metadata on those users. The only info they have is what they openly state (phone number, date of registration, and last time a message was sent).
While there may be other US government requests they are not alllwed to disclose, they were legally required to provide the same information to the courts, and we can see what they provided.
And sure, while the US government funds Signal, you know who else endorses it? Edward fucking Snowden. If anyone knows about secure messaging, it’s the man that physically removes the microphone and camera from his phones before using them.
Okay yeah you definitely didn’t read it. Large sections in that doc just before that are on phone number identifiers, NSLs, and 5-eyes countries, the US goverment pushing signal in privacy spaces… literally the reasons why signal isn’t trustworthy. Unless you can tell me what an NSL is, then I’ll assume you didn’t read it.
Did you ignore the large section on NSLs? These come with a gag order, meaning its illegal for signal to notify their users about them being spied on.
This is a “just trust me” from signal, since neither of us have access to their centralized DB, but you also ignored two paragraphs down, where it showed that with message timestamps and recipient information, this would be trivial to find the real sender of a message, regardless of sealed sender. Again, actually open source software can’t say “just trust me” like signal can, we actually have to show code to prove it, and let people run that code in a private manner.
Elon musk and jack dorsey also endorse signal. An endorsement means nothing, especially for centralized software based in a 5-eyes country.
Insightful! Thanks. I agree and I’ll give SimpleX a try as others suggested.