You just gotta love the narcissism these people have.

Nope, sealed sender does not address the problem because the phone number is collected at sign up time. The whole sealed sender concept is just another trust me bro mechanic because, once again, nobody aside from people who are actually operating the server know what it’s doing. Signal is proof that vast majority of people don’t understand the basics of privacy and security, and they don’t actually care.

I’m not misrepresenting anything you said. Meanwhile, it’s very telling how you’ve pivoted to making personal attacks instead of actually addressing the problem I’ve now repeatedly explained. You’re not fooling anyone here bud.

Yes, but those are basically separate platforms like Session. Signal does not federate, and there’s only a single server in the US that requires your phone number to sign up.

Idk what misinformation and conspiracy theories you’re referring to here are. Yes, food is literally being poisoned, and there’s an ongoing class action about it in the US right now.

Maybe actually read the thread before commenting? I’ve literally addressed this here https://lemmy.ml/post/43791761/24225658

I don’t believe I ever asked you to sealion into my threads in the first place. It’s some great loss that I don’t have to see your drivel anymore. 🤣

Ah yes clutching them pearls, when called out on outright lying.

Bye!

I’m not advocating for using Session specifically, I just listed it as a viable alternative to Signal. Given that it’s forked from Signal presumably it’s an easier switch for people who like the general mechanics of Signal and its encryption system.

I even took the time to quote that, because it’s important.

What’s important is that you’re quoting me out of context, and that makes all the difference. The actual statement you’re replying to is:

You don’t have to trust anybody when you run your own server, or you use a server that doesn’t collect information it has no business collecting.

The fact that you proceed to quote me out of context and then accuse me of being wrong shows that you lack even a modicum of intellectual integrity. Then you proceed to make a straw man arguing against something I never claimed.

Just becuase it’s less likely to find nefarious code in open source doesn’t mean it doesn’t exist.

So yes, this is very clearly a discussion in bad faith, where you’re arguing against a straw man while ignoring what I actually wrote. It’s especially incredible since I even followed up with a more detailed explanation which you just ignored:

There’s a big difference between having confidence in open source code that has been audited by many people, and knowing for a fact that the service collects specific information. In the former case, you can never be absolutely sure that the code is not malicious so there is always a risk, but in the latter case you know for a fact that the service is collecting inappropriate information and you have to trust that people operating the service are not using it in adversarial ways. These two scenarios are in no way equivalent.

Do better.

No, we don’t all know this. What we actually know that people like you say this and expect the rest of us to trust you blindly, which is itself concerning.

Your link is broken.

Your browser plugins are broken, the link is fine. That said, here’s non archived version https://www.washingtonpost.com/technology/2021/06/15/faq-data-subpoena-investigation/

100M people is not a filter…

Given world population and modern data analysis capabilities it absolutely is.

No one said anything about that? That is not the model.

That’s literally the model. Signal asks you for your phone number when you register, what happens with that information after that is only known to people operating the server. Let me know what part of that you’re still struggling to understand.

The business is connecting users. It’s one of the reasons it is the most viable private and secure chat platform. It’s why I have a dozen connections on Signal and literally 0 on every other platform. Because you actually know who’s using it.

That word salad has fuck all to do with the point I made, which once again, is that you have to trust people who operate the server in how they handle this information.

You can have the most private and secure messaging system in the world but if you can’t use it to actually chat with anyone, then what good is it?

Ah yes, because there’s absolutely no conceivable way to verify whom you’re connecting with aside from sharing your phone number with an American company. You couldn’t possibly use any out of band channel to verify who the person you’re communicating with is.

My original comment that you replied to was explaining the defects. People are free to decide whether they want to accept them or not. Your comment is saying that it’s harmful to discuss these defects which implies that we should just ignore them.

Session actually does implement a form of forward secrecy through the Session Protocol. https://getsession.org/blog/session-protocol-v2

Money is not fake, it’s arbitrary.

While distinction between fictitious and arbitrary is technically correct, it’s just pedantry which misses the actual point of the colloquialism. It’s not that it doesn’t serve an exchange function, or that the dollars in your account are somehow illusory. It’s an expression of frustration with how we have chosen as a society to treat economic institutions being treated as laws of nature, rather than as social construct which we ourselves have invented and therefore can revise at any time. As in much public discourse, the statement is a rebuke to the widespread habit of treating financial constraints as absolute barriers, beyond which no serious thought need be expended, and as an excuse for avoiding responsibility to address the underlying human issues. Correcting their metaphors ignores their argument. If the rules that govern human wealth are entirely of our own making, they can also be systematically changed whenever those rules no longer serve our common good.

Food is not being poisoned, what a crock of shit.

Meanwhile in the real world, there’s literally a lawsuit against companies knowingly designing, marketing, and selling food products that are harmful and addictive.

• https://www.olshanlaw.com/Advertising-Law-Blog/food-manufacturers-to-suffer-increasing-legal-pressure
• https://sfcityattorney.org/san-francisco-city-attorney-chiu-sues-largest-manufacturers-of-ultra-processed-foods/
• https://www.venable.com/insights/publications/2025/09/emerging-litigation-over-ultra-processed-foods
• https://hls.harvard.edu/today/the-new-case-against-ultraprocessed-food

Going on about how it’s being poisoned makes you sound anti-science or like someone trying to scare people into watching their paid content.

Again back in the real world, the history of US water pollution is unfortunately marked by numerous instances where industrial discharge, coupled with weak or failed regulation, has poisoned water supplies. Just a few examples which you could’ve trivially googled yourself

• https://environmentamerica.org/michigan/media-center/campbell-soup-admits-to-more-than-5000-days-of-clean-water-act-violations/
• https://www.hbsslaw.com/press/oregon-groundwater-contamination/oregon-lawsuit-alleging-nitrate-polluted-groundwater-filed-against-power-company-and-dairy-manufacturer
• https://www.selc.org/news/the-city-contaminating-almost-900000-north-carolinians-drinking-water/

You have to trust the people that wrote the code.

There’s a big difference between having confidence in open source code that has been audited by many people, and knowing for a fact that the service collects specific information. In the former case, you can never be absolutely sure that the code is not malicious so there is always a risk, but in the latter case you know for a fact that the service is collecting inappropriate information and you have to trust that people operating the service are not using it in adversarial ways. These two scenarios are in no way equivalent.

Which is fine, but it’s a choice to trust them.

It’s a choice to trust the entire open source community around the project and all the security researchers who have been looking at the code.

Frankly, I have trouble believing that you don’t understand the difference here and are making your argument in good faith.

oh here https://www.washingtonpost.com/technology/2021/06/15/faq-data-subpoena-investigation/

There are plenty of good enough options like SimpleX Chat out there that don’t have this problem. The whole argument that people should just ignore the obvious issue with Signal is frankly weird.

You don’t have to trust anybody when you run your own server, or you use a server that doesn’t collect information it has no business collecting.

There’s no such social graph to speak of. Signal does not know who is speaking to whom.

The only people who know this are people operating the server. Period.

Three-letter agencies have served them legal subpoenas many many times and they never turn over anything more than the above information.

See the link I provided above.

Filter for…what, exactly? The hundreds of millions of people who value private and secure communications?

Yup, that’s precisely what it’s a filter for.

We do, because they publish them publicly.

Trust me bro is not a viable model for anybody who actually gives a shit about their privacy.

The reality of the situation is that Signal asks users for information it has no business collecting during the sign up process, and this information can be used in adversarial ways against the users. People using Signal are making a faith based judgment to trust the operators of this server.