“Signal is being blocked in Venezuela and Russia. The app is a popular choice for encrypted messaging and people trying to avoid government censorship, and the blocks appear to be part of a crackdown on internal dissent in both countries…”

    • Dessalines@lemmy.ml
      link
      fedilink
      arrow-up
      21
      arrow-down
      3
      ·
      4 months ago

      I wrote this, but I’d also like to add Drew Devault - Why I don’t trust signal. There’s a huge disconnect between what privacy advocates are saying about signal, and what reddit “privacy” communities think about it. If you read the article I linked, you’ll see its because the Open Technology Fund (a US state-run entity), actively pushes signal in privacy spaces.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        9
        ·
        3 months ago

        Signal is secure and anyone who says it isn’t needs to have very strong evidence. It has been audited by hundreds of people at this point.

        • Dessalines@lemmy.ml
          link
          fedilink
          arrow-up
          11
          arrow-down
          3
          ·
          edit-2
          3 months ago

          Source: trust me bro.

          Seriously tho, that’s been most of the defense of signal advocates, with zero backup other than signal’s own claims. Signal is not self-hostable, and all the data lives on a centralized, US-domiciled server, subject to NSL requests (the US issues ~ 60 of them per day).

          Unfortunately you can’t verify what their server stores, nor the metadata that they are legally required to share with the US government (which includes phone numbers, and your name and address).

          BTW if signal is secure, can you give us your phone number, so we can use it with you?

          • Possibly linux@lemmy.zip
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            3 months ago

            Signal is end to end encrypted. Everything related to encryption happens inside the app. It doesn’t matter if the server is in mainland China it would still be secure. However, that doesn’t mean it is anonymous. Signal is pretty bad from that perspective.

          • ivn@jlai.lu
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            3 months ago

            You don’t need the phone number to contact someone with Signal.

              • ivn@jlai.lu
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                2
                ·
                edit-2
                3 months ago

                Yes, to create an account, but not to contact someone. You have an habit of being off the mark.

                Also there is a difference between giving your phone number to some service and giving it to some random on the internet.

                • Dessalines@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  5
                  ·
                  edit-2
                  3 months ago

                  They must’ve added that recently then, but still doesn’t get around the fact that they’re required, which means signal (and likely the US government) knows exactly who you talk to and when.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      3
      ·
      3 months ago

      Signal might be one of the most audited pieces of software in existence. Any criticism is likely either coming from or is supported by countries that fear encryption such as China, Russia and Iran.

      The big downsides of Signal are that it requires a phone number and that is depends on Signals servers. That is it. You messages are completely safe as all messagers use the same underlying cryptography.

      • Dessalines@lemmy.ml
        link
        fedilink
        arrow-up
        8
        arrow-down
        1
        ·
        3 months ago

        The audits mean nothing for a server domiciled in a Five-Eyes country. Signal has your phone number, and the other phone numbers you talk to (social connection graphs), and it is 100% illegal for them to tell you that they’ve been issued a national security letter divulging that information.

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          3
          ·
          3 months ago

          You shouldn’t trust a server to do your computing for you. Assume any data the server has about you to be available to all.

        • fira959@lemmy.ml
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          3 months ago

          The entire protocol is build under the assumption that you do not need to trust the servers. Let the NSA have then, it doesnt matter. On the other hand 95% of Matrix users are hosted on Matrix.org which was not only hacked several times, but would be an ideal target for any agency to compromise. Its naiive to belive the big Matrix hosts arent compromised. The only effective defense is to build your system around the assumption that the server is compromised, which is what Signal did.

      • ivn@jlai.lu
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 months ago

        Metadata is data. While we can be pretty sure that message contents are secure we have to rely on trust for the metadata.

        I use Signal and trust it way more than most other apps but still, one have to be careful, a state actor could still find ways.