blah3166

joined 3 weeks ago
[–] blah3166@piefed.social 8 points 1 week ago

My brother in christ, lemmy is not the world. Please go touch grass

[–] blah3166@piefed.social 85 points 1 week ago* (last edited 1 week ago) (17 children)

Because its always appropriate to remind the world what these cretins look like without filters:

[–] blah3166@piefed.social 3 points 1 week ago

their servers are in the usa.

Their "home office" is in the US. That doesn't necessarily mean they don't have servers distributed globally.

So the usa government has the same level of access as compared to whatsapp?

No, the US government does not have the same level of access to Signal as they do with Whatsapp. The only reason the US has so much access to Whatsapp is because Whatsapp only bothered to implement End-to-end encryption (E2EE). Unfortunately, in 2205, E2EE is the bare minimum. E2EE via the Signal protocol has been a "solved issue" since 2013 and Whatsapp implemented it 3 years later (great!) but they have not improved privacy since. Whatsapp still collects a metric-fuck-ton of metadata like:

  • Who you communicate with
  • When you communicate
  • How long your calls last
  • The frequency of communication
  • When you're "active" on the platform
  • Group memberships and group titles
  • Your profile information (this is E2EE on Signal)
  • Your contacts get uploaded in a way that's visible to Whatsapp. Signal does contact discovery in a privacy preserving way.

Then they correlate this data with everything else they have about you to "fill in the gaps". Signal doesn't collect any metadata.

It's non profit now, but so was openai...

The difference here is there's nothing of value for Signal to "sell" since they don't collect metadata and have engineered it to work without being able to see anything. The Signal server and client are already open source, there's no "secret sauce". Lastly, because they collect zero data they can't even sell it for ad-serving purposes. Who would buy Signal?

switching to another app is difficult, it's hard to get people ingrained in an ecosystem switch once let alone twice

100% agree. The best way I've found is to drop the offending platform (whatsapp) and move to Signal. Let others know you accept text/SMS or Signal messages. Over the years the people on Signal (at least in my group) has steadily grown.

I would like to close by saying that Signal is not shy about complying with the law, they will not go to prison for anyone's potential crimes. That said, they publish the data they provide when compelled by law and the only data they collect is the day + time you signed up with their service and the last day (not time) one of your clients pinged their servers, source: https://signal.org/bigbrother/

[–] blah3166@piefed.social 6 points 1 week ago

Seriously, apparently its difficult for some to call it as it is, but its no longer a legitimate war when you're starving and bombing those seeking refuge. Shame on Nature, should be treated as propaganda.

[–] blah3166@piefed.social 14 points 1 week ago (4 children)

Here's a list of reasons why you should consider moving to Signal , if you haven't already:

  • End-to-End Encryption (E2EE) by Default : Signal uses the Signal Protocol, which is considered the gold standard for E2EE. This means that all your messages, calls (voice and video), and file sharing are encrypted on your device before they leave and can only be decrypted by the intended recipient's device. Not even Signal can read your communications. This is a crucial differentiator from many other apps (like Telegram, which doesn't encrypt all chats by default, or WhatsApp, which collects metadata).
  • Zero Data Collection (No Metadata) : Signal is designed to collect as little user data as possible. They don't store information about who you talk to, when you talk, your contacts, group memberships, or even your profile ID. This means even if subpoenaed, Signal has almost no user data to provide, in fact all they can provide is the date + time you registered with the service and the last day (not time) one of your clients pinged their servers. Other apps, including WhatsApp, collect significant metadata, which can reveal patterns about your communication even if the content is encrypted.
  • Open Source and Audited : Signal's code is completely open-source, allowing security experts and the public to inspect it for vulnerabilities and ensure its integrity. This transparency fosters trust and makes it highly resistant to hidden backdoors or malicious features.
  • Non-Profit Organization : Signal is run by the Signal Foundation, a non-profit organization funded by donations. This means there are no commercial interests, no ads, and no pressure to sell user data for revenue, unlike many commercially driven messaging apps.
  • Phone Number Privacy (Usernames) : While Signal historically required a phone number for registration, it now offers the option to communicate via usernames, allowing you to connect with people without revealing your phone number.
  • Relay Calls : For voice and video calls, you can opt to "relay" your calls through Signal's servers, which helps hide your IP address from the other party.
  • Standard Messaging Features: Signal offers all the core features you'd expect from a modern messaging app, including text messaging, group chats, voice and video calls (both individual and group), file sharing, and voice messages.
  • Cross-Platform Availability : Signal is available on Android, iOS, Windows, macOS, and Linux.
  • User-Friendly Interface : Despite its strong focus on security, Signal maintains an intuitive experience, removing the barrier to entry for anyone who isn't technically inclined.
[–] blah3166@piefed.social 1 points 1 week ago

good article! thanks for that

[–] blah3166@piefed.social 37 points 1 week ago

Don't let perfect be the enemy of good

[–] blah3166@piefed.social 2 points 1 week ago* (last edited 1 week ago)

Bitcoin is not anonymous, it's pseudonymous.

Pseudonymous: the semi-anonymous nature of transactions and wallet addresses.

I believe Monero is supposed to be anonymous. not sure what other crypto out there has this property.

[–] blah3166@piefed.social 9 points 1 week ago (2 children)

Check out the gemini protocol: https://geminiprotocol.net/

It kinda fills that niche of the "old web".

[–] blah3166@piefed.social 5 points 2 weeks ago (1 children)

Your profile, like everything else on Signal, is also end-to-end encrypted. Your name and profile picture do get shared with whoever you chat with, groups or individuals. If you don't want your name and profile picture shared with randos, either don't set them or don't chat with randos.

[–] blah3166@piefed.social 1 points 2 weeks ago

So, its all done by the user client?

Yes. The client uses what's called "remote attestation" to verify its talking to, not just official servers, but official server code published on github. Read more about it here: https://signal.org/blog/building-faster-oram/

To put it simply, they're using the same technology that allows DRM protected videos to play back on your computer/phone/tablet, but against their own servers, to ensure its not a rogue host or code.

[–] blah3166@piefed.social 3 points 2 weeks ago

Signal still centrally collects metadata

Signal doesn't collect any useful data; they've been compelled by court to present all data they have on users and all they know are two time stamps. The date + time your phone number registered and the last day (not time) one of your apps (linked desktop app or tablet) pinged their server.

Source: https://signal.org/bigbrother/

... and requires a phone number to participate.

Because it originated as an overlay of the SMS/MMS network, a text messaging replacement, before everyone was "always online". But that's beside the point as you can now hide your phone number from others.

If you're serious about privacy, ESPECIALLY if you're part of a group looking to organize in a clandestine fashion, you should look into the vastly superior SimpleX Chat.

I wouldn't recommend SimpleX chat, its developed by a Trump-supporting Antivaxxer who believes in wild conspiracy theories, not the kind of person I would put my trust in. Source: https://social.tchncs.de/@pixelcode/114633102552691724

If you're serious abut privacy, ESPECIALLY if you're part of a group looking to organize in a clandestine fashion, you should fund the development of your own secure channels. Don't outsource the important stuff. For everyone else, there's Signal.

view more: ‹ prev next ›