• solo@slrpnk.net
    link
    fedilink
    English
    arrow-up
    9
    ·
    4 months ago

    Personally since I read this, I stopped recommending Signal. In this article among other things they say:

    To keep Signal a free global communication service without spam, we must depart from our totally-open posture and develop one piece of the server in private: a system for detecting and disrupting spam campaigns.

    I also saw a video where Moxie was a speaker defending centralization not only for Signal, in general, and I don’t agree with this approach. (I think it was this one 36c3 Moxie Marlinspike: The ecosystem is moving)

    • keepthepace@slrpnk.net
      link
      fedilink
      arrow-up
      2
      ·
      4 months ago

      I see where this is coming from and I personally prefer Matrix because of that but I must recognize that while I disagree with Moxie on some things he has a more pragmatic approach that has merits and probably has this position for good reasons that do not come from an evil/corporate plan. He wants people to use secure communication and he proposes compromises between security and ease of use (without which no one will switch, making general communication worse).

      I still recommend Signal. To my geekier friends I recommend Matrix. But all in all, I consider Signal is still fighting the good fight.

    • piracysails@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      4 months ago

      I agree with you but I think that signal was built as to not trust the server either way.

      • poVoq@slrpnk.netM
        link
        fedilink
        arrow-up
        3
        ·
        4 months ago

        That’s what they like you to think yes. But it is only the message content and not the various forms of metadata that is protected by their encryption scheme.

          • poVoq@slrpnk.netM
            link
            fedilink
            arrow-up
            1
            ·
            4 months ago

            Seal sender is a nice idea, but since you can easily run timing attacks on centralised infrastructure it is pointless for Signal, or rather you have to trust them that their infrastructure is not compromised.

            They also store device ids for push notifications via Google/Apple.