• @teri@discuss.tchncs.de
    link
    fedilink
    English
    299 months ago

    I support the cause in general but: Signal is not federated at all. It may seem like a decent alternative to WhatsApp but is it really? It still falls under the same US jurisdiction. Let’s say the US gov starts agressively prosecuting dissidents and certain minorities (they already do): can and should we still use signal in this case? I don’t think so. Sadly i can’t name a much better alternative. Maybe matrix. But it has other issues.

    • @Bazoogle@lemmy.world
      link
      fedilink
      English
      249 months ago

      Signal is open source. They absolutely do always comply with US warrants. They have never provided any information to US law enforcement, because they can’t access it. They literally have no way of accessing the information contained inside the texts. The most they could provide is metadata, but they currently aren’t collecting that. I also think if they started, it would not work well for their user base. You can see all their requests for information, and the responses they gave, here: https://signal.org/bigbrother/

      • @teri@discuss.tchncs.de
        link
        fedilink
        English
        39 months ago

        I really hope they stand strong. We need some influential entities standing up to the shit going on. Sadly, given the current situation in the US I have to assume that the Trump gang will sooner or later try to crack down on Signal. Who knows, forcing them to give out meta data to identify dissidents etc.

        At least the open-source app makes me hope that there’s a little less nasty things they can do than Facebook/Whatsapp.

    • @teri@discuss.tchncs.de
      link
      fedilink
      English
      39 months ago

      We should stop being naive. Immersing ourselves as a society into facebook and twitter significantly contributed to the shit situation we are in now. Going to Signal seems like a short term solution. We should have some idea where to go on the long term.

      • @Bazoogle@lemmy.world
        link
        fedilink
        English
        99 months ago

        Facebook and twitter are not the same as signal. The signal protocol is a free open source project, that WhatsApp, Signal, and many other use. It secures the data so that whatever servers they are stored on, the company storing it does not know what the texts say. Facebook and Twitter are all about getting as much data as possible. Even though WhatsApp uses the signal protocol, they still collect all metadata with the texts (which is really what they want anyway). Moving to open source project is absolutely the long term goal to get out of this shit hole.

    • @drathvedro@lemm.ee
      link
      fedilink
      English
      39 months ago

      Let’s say the US gov starts agressively prosecuting dissidents and certain minorities (they already do): can and should we still use signal in this case?

      Definitely no. Russian government already is aggressively prosecuting dissidents and you can’t join Signal there. I don’t know whether it’s due to sanctions or if the government is blocking 2FA SMS messages. In either case, it is impossible to join without a phone number confirmation. At least I wasn’t able to. I don’t see the USA being that far off with all the recent TikTok drama.

      • @nyamlae@lemmy.world
        link
        fedilink
        English
        19 months ago

        you can’t join Signal there. I don’t know whether it’s due to sanctions or if the government is blocking 2FA SMS messages. In either case, it is impossible to join without a phone number confirmation.

        What do you mean? You need a phone number to join Signal in any country.

        • @drathvedro@lemm.ee
          link
          fedilink
          English
          19 months ago

          And that’s the problem. The whole privacy thing goes out the window because it relies on an insecure and state-controlled method for authentication. What’s the use of it if it can be killed off in any country at a whim of its, or USA’s government?

    • @JigglySackles@lemmy.world
      link
      fedilink
      English
      3
      edit-2
      9 months ago

      Is Threema still a good option? Anyone know? I know it’s not a fediverse instance just a secure messaging platform. On that note though, can any federated platform really be used as secure messaging? Or is it too open?

      • @teri@discuss.tchncs.de
        link
        fedilink
        English
        29 months ago

        My personal opinion is that Threema is still a viable alternative to WhatsApp. The app is open-source, there’s even a ‘libre’ variant on F-Droid. The service is proprietary though. The jurisdiction (Switzerland) seems more trustworthy currently. I don’t really understand the business model of Threema: It seems like they have some revenue from a commercial service “Threema Work”. The initial cost for purchasing an app license does not really contribute to sustainability I guess. I suspect it is more for making scams more expensive. I hope they can be sustainable from that and don’t need to start doing shit.

    • @EuroNutellaMan@lemmy.world
      link
      fedilink
      English
      1
      edit-2
      9 months ago

      Jurisdiction is not that important. Even if it was in Switzerland it’d have to comply with international law enforcement and warrants. The key is that sure Signal is obliged to give out whatever data it has, but the point is that it doesn’t have much useful data to give. It’s the same as Mullvad, and a far smarter approach than “lol we just gonna ignore the warrant huhuhu look at us we host somewhere in Shitzerfuck” (oh btw “We are in X country which is not in N eyes” is just marketing).

      Oh and btw the same goes for instances of the fediverse (which are ran by volunteers you need to trust), and if they don’t comply and the US government really wants to break into them they probably will find a way. Doesn’t even need some complicated backdoors or anything it just needs to find an OPSEC slip-up, do some social engineering, arrest someone or at worst find a bug to exploit, and I can guarantee that unless you have some serious security wizards running your instance you’re not beating the FBI there and if the FBI is really persistent and focused on you for some reason then the wizards won’t be enough you need state actors.

      If your threat model actually includes the US government (aka you’re actually in danger and not some paranoia or just-in-case situation, be realistic with yourself) and there’s credible threats you may be targeted by it or other governments then you’re probably going to be using tor, briar, all that jazz, and wouldn’t be on lemmy. If you’re just some guy who just needs to message your family and shit Signal is perfectly fine, I can tell you that unless you’re a serious threat to the government they won’t waste resources cracking down ways to capture you via signal or whatever you use that is even somewhat secure (so no telegram, no WhatsApp, no messenger, etc), even if you’re a minority or activist, if not because you’re not important enough then because they have other easier ways to do it.

      Edit: oh and btw Signal was banned in Ruzzia (a country way more authoritarian than the US currently is) because the FSB couldn’t crack it so that goes to show it is pretty secure.

      • @nyamlae@lemmy.world
        link
        fedilink
        English
        29 months ago

        (oh btw “We are in X country which is not in N eyes” is just marketing)

        Why do you say this? There are real data-sharing agreements between the Eyes.

        Doesn’t even need some complicated backdoors or anything it just needs to find an OPSEC slip-up

        This already happened with kolektiva, unfortunately, but from what I hear they’ve since strengthened their security.

        • @EuroNutellaMan@lemmy.world
          link
          fedilink
          English
          19 months ago
          1. There’s data-sharing agreements with more than just the N eyes countries
          2. If there’s an international warrant for that data the company is obliged to comply regardless

          The only countries in which n° 2 doesn’t apply for the US are countries you really don’t want your data in either.

          In short, however: if a government really wants your data it will find a way to get it no matter where you store that data, so the best thing is to simply not store that data at all, Mullvad and Signal don’t do that.