this post was submitted on 09 Jan 2025
106 points (99.1% liked)

Privacy

32784 readers
1015 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] yogthos@lemmy.ml 19 points 1 week ago (2 children)

I don't really have any special hate for Telegram myself, and I never saw it as a secure communication platform. I have more problem with Signal because people treat it like it's paragon of privacy and security.

[–] Corgana@startrek.website 4 points 1 week ago (1 children)

I'd be curious to hear your criticisms of Signal! While I haven't seen anyone describing it as a "paragon of privacy and security" I do think it is a highly accessible SMS replacement that is also open source, end-to-end encrypted, and operated by a nonprofit.

[–] yogthos@lemmy.ml 8 points 1 week ago (1 children)

The most obvious one that has been explained to death here is that Signal collects vast amounts of metadata. It's also a centralized service that's operated in the US, and it doesn't even make reproducible builds for the Android client.

[–] Corgana@startrek.website 3 points 1 week ago (1 children)

Where did you read that they are collecting vast amounts of metadata? Not challenging your claim just that I have been trying to find more info and came up empty. Signal says "we don’t collect analytics or telemetry data" but that's about it.

[–] yogthos@lemmy.ml 10 points 1 week ago (2 children)

You need a phone number to sign up. Phone numbers are metadata that uniquely identifies people, and this data constitutes a network of connections. If this metadata is shared with the government, then it can be trivially correlated with all the other information collected about people.

[–] Corgana@startrek.website -1 points 1 week ago* (last edited 1 week ago) (1 children)

In my book a single data point (a phone number) is not "vast amounts of metadata". Again, I have never seen someone describing Signal as a “paragon of privacy and security”, Signal itself certainly does not say that (It's presented as an improvement over SMS).

[–] yogthos@lemmy.ml 7 points 1 week ago (2 children)

It's the volumes of phone numbers collected collectively that constitute vast amounts of metadata. Meanwhile, I've seen plenty of people advocate using Signal as the best option for privacy. And any time there is a criticism of Signal then then brigades of people inexplicably appear to vigorously defend it.

[–] Ulrich@feddit.org -4 points 1 week ago* (last edited 1 week ago) (1 children)

I've seen plenty of people advocate using Signal as the best option for privacy.

Because it is the gold standard, and recognized by many as much.

And any time there is a criticism of Signal then then brigades of people inexplicably appear to vigorously defend it.

Allow me to explain: by making people feel unsafe using it, you are actually making them less safe.

[–] yogthos@lemmy.ml 4 points 1 week ago (1 children)

thank you for providing a concrete example of the nonsense I'm referring to. The only ones who make people less safe are the ones who blindly advocate for a platform while ignoring real and tangible problems associated with it. Signal users are a cult.

[–] Ulrich@feddit.org -3 points 1 week ago (1 children)

Thank you for continuing to not put forward any sort of legitimate retort and responding only with insults instead. Super helpful.

[–] yogthos@lemmy.ml 3 points 1 week ago (1 children)

What possible legitimate retort is there to give to some body using ad populum fallacy as a form of argument.

[–] Ulrich@feddit.org -2 points 1 week ago (1 children)

How about literally any form of evidence?

[–] yogthos@lemmy.ml 3 points 1 week ago

Evidence of what?

[–] Imnebuddy@lemmy.ml 2 points 1 week ago (2 children)

Many Signal alternatives also have security issues of their own, often making them less secure than Signal. This includes Matrix and XMPP. In the blog post regarding XMPP+OMEMO, the author replies to a question about which would be better than Signal, Matrix, and XMPP with this suggestion:

Anyone who cares about metadata resistance should look at Cwtch, Ricochet, or any other Tor-based solution. Not a mobile app. Not XMPP. Not Matrix.

In regards to Ricochet, not having a mobile app version makes it difficult to recommend to less tech savvy people.

[–] yogthos@lemmy.ml 11 points 1 week ago (1 children)

Sure, every platform has its own set of problems, and it's fine to make an informed decision that you're willing to accept the deficiencies of a particular platform you're using. The issue I have is with people pretending that Signal doesn't have the problems that it has as we can see happening in this very thread.

[–] Imnebuddy@lemmy.ml 3 points 1 week ago* (last edited 1 week ago)

I'm with you there. This wasn't meant as an argument against your statement. I brought up the issues regarding Matrix and XMPP as they are often recommended as alternatives to Signal, and after learning about this blog in a previous conversation I had about this topic, I thought it would be a good resource to bring up so people can be informed about those platforms and some alternatives that may be better than Signal while being metadata resistant.

[–] Aria@lemmygrad.ml 4 points 1 week ago (2 children)

Matrix, even if it was a siv, would be better than Signal, because it doesn't know your phone and passport numbers.

[–] Imnebuddy@lemmy.ml 1 points 1 week ago

I'm not denying that major flaw of Signal, in which part, yes exposing your phone number tied to your Signal account basically negates Signal's security, as well as Signal's centralized server being proprietary. Nevertheless, when using Matrix, you need to ensure you and everyone you communicate with uses a client that isn't still using the deprecated libolm cryptography backend (and that it uses vodozemac).