Granted, the part
The globally recommended app by privacy and security experts, Signal, is now being downloaded massively and tops the Danish Google Play Store
is a little ironic, but you gotta push this winning tide and then work from that.
Are they switching in the hope they’ll get added to a group chat planning the invasion?
deleted by creator
It was though, to be fair, that’s definitely not what’s the bit to blame for government officials adding the incorrect people to their own group chats.
Nope, signal.
Kinda ironic that if the danish representatives in the EU got their way with chat control, danish people wouldn’t even be able to install signal (officially at least), since Signal said they would leave the EU in such a case.
I’m pretty sure this isn’t irony, but rather a reaction from the population that is realizing the shit their government is doing.
That is one fucked up looking flag
deleted by creator
greenland officially adopted it 3 hours ago (10000% real)
What’s she flag equivalent of blasphemy? This is what it would look like.
Mushing two nation flags plus an app logo plus some sort of pattern overlay into a headline image is just so wrong.
Unfortunately Threema the European alternative that’s at least as secure as Signal costs money - and that one time fee is enough to send everyone to Signal.
It’s also not open source.
The Threema client is open-source. Which is about the same as with Signal, who release partial open-source code of their server, but it is impossible to actually use.
But as far as I understand, for e2e programs that doesnt matter as long as the client is open-source, isn’t it?
As much as I praise Threema… it frankly sucks compared to the alternatives. Delayed message delivery, sometimes no notifications, somehow dated looking Ui…
Especially as there are open source alternatives such as matrix
Imagine EU sponsoring a messaging app as part of public infrastructure.
Great Idea. It will probably be called ChatControlsEU and every message is archived and data mined at the Bavarian police departments Palantir instance.
Several of good free peer to peer options. We need to completely move away from centralized servers. This list is dated, as there’s many new excellent options out there. It would be cool to see a multi client protocol.
deleted by creator
Threema and Telegram are the same app?
Oops, misread, and didn’t even notice when quoting, lol
If only the threat didn’t (also) come from inside the house when it comes to privacy. I don’t want my national police to have full access to my chats at all times any more than I want the USians to have that access, possibly even less. FBI or CIA isn’t going to personally bust down my front door, arrest me and seize all my computing devices because I called a local politician a dick.
Meshtastic. Let’s get some critical mass. Get single points of trust out of the equation.
Or briar, tox…
Tox is not really great for multi-device, is it?
no. But if you mean independent access with various devices, neither signal is since you need always the phone to access the desktop version.
Thats why I personally prefer Matrix.
However, the solution that Signal offers is the easiest for most people. Also it is not true that you always need the phone. The desktop version works fine alone unlike Whatsapp it doesn’t request you to connect the devices all 2 weeks. It does need a first installation on a Mobile or Android device in order to get the PC version running.
The difficulty is when you need to exchange the encryption keys between different clients. This is where it gets complicated with Tox and Jabber/OTR. And to be honest the solution of Matrix is easier but also can get confusing for people who are just used to having a phone as their main device.
It does need a first installation on a Mobile or Android device in order to get the PC version running.
I stand correct.
And to be honest the solution of Matrix is easier
What is the matrix solution for that? Keys will always have to be exchanged between devices
I stand correct.
Yes, but fact is, that this is the easiest way for most users. And also most users don’t care if you can use it stand alone on a PC or not, and if it is linked to a phone number or not.
What is the matrix solution for that? Keys will always have to be exchanged between devices
You can use devices to cross-sign each other or use a passphrase.
You can use devices to cross-sign each other or use a passphrase.
nice
Yeah, a network based on the principle of flooding ain’t gonna work across that many people.
Sadly Meshtastic is limited to the number of nodes it’ll go through (think it was 7) so pretty limited. MeshCore goes up to something like 64 so is better but still both have huge limitations right now besides the ‘no nodes around me’ issue.
still, I have some MeshCore nodes and hopefully get 1 fairly high up when I can afford the £100 to buy it but its a lot to waste when no-one around here is interested.
I’ll get a node, but the bandwidth is too low. I’m looking into WiFi meshing now.
Or simplex!
IIRC, I looked into Meshtastic a while back, and it was known to be unreliable. Is that still the case? It seems like a really cool concept
Like one of the main things Signal is really terrible at given that it is based in the US and hosted on AWS servers 🤦
Besides being hosted in the AWS servers, there’s no way to check if what’s running there is the same as the published code. That’s why i don’t use signal.
When the signal foundation is losing money every year, i can just wonder what will happen when the money runs out. Even the good guys need to eat.
Or what will happen when trump will decide to seize the AWS servers running the signal application server.
You don’t need to care about the server code since the secure bits and encryption that matters is all on the client side and verifiable.
i do care about metadata.
as in phone number, IP and timestamps? If I were worried about that I wouldn’t have a phone in the first place but if private messaging (content is private) I think signal works fine
If you care about it then just use Signal since it’s the one with least amount of metadata fying around. A big central server with many normies using it also ensures that it’s very hard to correlate traffic.
If you care about it then just use Signal
No, because of:
When the signal foundation is losing money every year, i can just wonder what will happen when the money runs out. Even the good guys need to eat.
I have seen this film so many times…
It shouldn’t matter because you can verify that your data is encrypted and thus not accessible to the server, but also, IIUC, they use secure enclaves so that you can verify that their server is running the published source code.
when trump will decide to seize the AWS servers running the signal application server.
How do we know he hasn’t already?
No need to size them. AWS is deeply embedded into the intelligence apparatus of the NSA as one of their prioritized suppliers.
I believe the fact that Signal is hosted on Apple or Google clients is worse than its server host. (I still use and recommend it though)
Convincing people to use an open Android build is much harder than installing another messenger.
It’s e2e encrypted. Although, as I noticed, the key is just a short pin, unless you use password, but the recipient might not use it and your messages are just as secure as your recipient.
The PIN isn’t actually the encryption key, it’s just a display lock for the local client. But if whoever wants to read your messages has physical access to your phone and already bypassed the normal android lockscreen, you’re fucked anyway.
The other party is always the weakest link.
But also signal’s pins are a little more complicated than that, but you’re right, switch to a passphrase.
Plus side, even if signal themselves edited the secure enclave, the world would need a new client pushed and probably notice something was off.
The way signal’s encryption works is really an art in paranoia.
the world would need a new client pushed and probably notice something was off.
Not if the US have the support of Google.
Totally not how the APK teardown community works, but ok.
How does APK teardown help if Google can replace the app unnoticed?
Because there will always people running Signal from a different source, and only one of them is sufficient to notice the server has been tampered with.
(And I’m not sure if they have reproducible builds yet, but if they do, people can also verify that even the Google Play-provided APK does or doesn’t match the published source code.)
notice the server has been tampered with.
Which server?
doesn’t match the published source code
People don’t control their phone. There is no way of knowing if the installed app is the one that is running.
Facebook Messenger also claims to be end-to-end encrypted… There’s literally no way of knowing if they can decrypt your messages.
The only way to know is to host it yourself and preferably use post-quantum secure encryption.
And? That doesn’t help at all if the US government decides to force Signal to stop servicing Denmark.
It helps in that they still can’t read your messages. The EU is likely to make e2e messaging illegal before the USA cuts access.
You can’t really make e2ee messaging illegal, at least it is impossible to enforce with decentralized open-source messengers.
It is much more likely that the US will mess with Signal, than that you will stop being able to use an e2ee messenger like XMPP, which is just as secure as Signal regarding the e2e encryption.
The issue is that it’s already pretty hard to convince people to use something easy like Signal, most people just don’t care enough for something “complicated” like XMPP-based messengers, especially if mainstream app stores had to stop letting EU-based users install messengers with these features.
Well, yes. But when it comes to digital independence Signal isn’t better than WhatsApp. At least recommend something like Threema if you think the much better alternatives are too hard.
Except Meta fully owns the WhatsApp metadata, and frankly Signal is a lot more trustworthy about its e2e implementation being actually, in practice, secure.
at least it is impossible to enforce with decentralized open-source messengers.
All you need is a central registry where licensed messengers register their e2ee connections. Then network providers only have to report all ip addresses with connections that are not on that list.
Impossible with VPNs, but politicians have already announced their desire to make them illegal.
What? You are not making much sense. What is a “e2ee connection”?
An encrypted connection between two endpoints.That’s required for “decentralized open-source messengers”.
Currently it’s impossible to prevent because of all the encrypted video calls of the Meta messengers and similar connections between endpoints.
If those video streams are marked then it is known which endpoints use software that evades surveillance.
Oh that’s another consideration indeed.
Is it about the geopolitics or did SaveSocial’s marketing campaign “digital independence day” last weekend (look for #DIday and #DIDit) also contribute? I’m not sure how visible that was internationally or if it was just a German campaign.
DID stemms from a Talk AG the CCC this year. It is a month old and was held in german. I think this isnt DIDs work here
Welcome to the club!
The people that are orchestrating the takeover of Greenland literally owns that fucking platform you fucking idiots.
Does no one in the west have a fucking brain?
Perfect is the enemy of the good.
Just see it as a first step. Signal is still better than WhatsApp being owned by Meta. If we get more people of WhatsApp, in the future there might be more European alternatives.
There are no big European alternatives the majority of people are willing to switch.
I got rid of WhatsApp last year myself and could only convince 8 people to use Signal. I tried Threema and Matrix, but most normal people are not willing to do this and don’t care they give up their data and so on…
Thank you for contributing to the critical mass o7
I joined Signal for the very few people in my contact list that use it, but I am holding out for the further establishment / gaining traction of a non-walled-garden solution before I start evangelizing Signal… So that I don’t get more people to switch, and then after a few months/years have to try to get them to switch again e.g. to a Matrix solution (and once again losing my chat history in the process).
From one american service to another american service? Good job m’Danes, that’ll show’em.
Less flippantly though, Signal is a better american service, and incremental improvements are good too.
