• [deleted]

zkz

zkz I feel similarly. If people are not willing to put in a little, a little, effort to connect with me over something I feel comfortable using, then I guess I don't need to talk to them.

Does it work in reverse too? If the only app they're on is Viber or Messenger, would you be willing to accommodate them?

    • [deleted]

    [deleted] fair point there and let"s not forget to add that as much as you try not to leak your phone number or what have you, all your acquaintances on regular devices WILL

      • [deleted]

      • Edited

      [deleted] Absolutely, your number might as well be public record, just based off how cavalier most people are about granting access to their address book to just about anything that asks. Best one can do is to make sure their number being out there doesn't hurt them, subject to personal threat model.

      [deleted] not usually. It depends if its privacy respecting enough. Like if someone said "I only use Threema", and I felt I actually wanted to stay in contact, I probably would sign up for it. I guess it isn't really a two-way street.

      Though I do have instacrap to accommodate for the friends I mentioned earlier.

        Javcek
        I’ve known one of these guys for 50+ years, and he’s been under treatment for metastatic melanoma for a few years.
        The second one 40+ years, so I’m not going to tell either of these folks to pound sand because they won’t do it my way.

        I just try to keep it to a minimum.

        • [deleted]

        zkz It depends if its privacy respecting enough

        How convenient of you. If Signal and Threema were my only two options I'd have no social life.

          AlanZ hCaptcha has nothing to do with Google. As Signal has grown (massively when Elon Musk Tweeted "Use Signal") they are getting hit up with tons of spam and bots.

          "hCaptcha processes data close to the user in more than 250 locations and has always focused on de-identifying, discarding and aggregating all data as rapidly as possible, ensuring maximum compliance with privacy laws via our privacy-first design."

          https://www.hcaptcha.com/post/protecting-user-privacy-is-not-optional

          • [deleted]

          MoonshineMidnight Plus, not only can Signal not see your phone number, they can't see your IP like the e2e email providers can.

          An Phone number is required to use Signal. IP address is very basic info used to identify a device, So Signal servers will obviously have your IP address.

            I'm using both Molly-FOSS and Briar.
            I can use Molly in conjunction with Orbot, you can enable the TOR function within the Molly settings. (I am not sure it is very useful because the phone number is still an identifyer, even through TOR)
            I wonder if client-side scanning (if being implemented) is going to affect Molly due to it being based on Signal, even though PGP-based messages are still possible (it is great for whistleblowers dissidents, etc.) or even PGP-based solutions like the app Kryptey is offering.
            Briar (no phone number) can work through a mesh-network (offline) and it has a TOR connection build in for online usage.
            I do have to login every time I reboot my phone, that is however a security feature of Briar, I am just not sure if my contacts are willing to login every time though.
            Briar is also good during disasters for close-range communications. (Unless there are enough Briar-users around in the local area between you and the recipient, then longer range communications can also be established, albeit it possibly being slow)
            The Briar APK-file can be shared from within Briar itself, and Briar supports a local forum and weblog of sorts. (Haven't tried that out myself as of yet)
            Just don't forget to enable split-tunneling for both Molly, Orbot and Briar within the VPN (if supported) if you don't want to route your TOR connection through a VPN. (Also turn off "block connections without a VPN" within the GrapheneOS VPN settings when using split-tunneling)

            [deleted] Signal processes your IP address to make connections (even with a VPN), but it never touches disk and and is deleted immediately after use by the Signal Protocol. That's why they can't see your IP address.

            Note in the below subpoena, the guv asks for everything - including IP address. Note Signal responds with only date app downloaded and last used. That's all Signal can see. Signal does not provide an IP address. Subpoena and Signal's response at bottom of page. As for the phone numbers, the guv provided them to Signal. If you give them a specific phone number, their system allows them (only) to see when that phone number downloaded the app and last used it.

            https://signal.org/bigbrother/cd-california-grand-jury/

              • [deleted]

              • Edited

              MoonshineMidnight Signal processes your IP address to make connections (even with a VPN)

              Wait, do you mean that Signal sends your actual IP Address byassing the VPN, or just the IP address provided by the VPN?

              MoonshineMidnight but it never touches disk and and is deleted immediately after use by the Signal Protocol.

              But Signal servers still do have the ability to log the IP address right?

                [deleted] Signal uses an IP they themselves can't see or access as it is only on RAM and never hits a disk on an encrypted Signal server. If you are using a VPN they use your VPN IP to make connections. This is even better because even if Signal could see your IP (they can't) they just see a VPN IP. If you are using your real IP, they still still can't see or access it as I described.

                Signal servers as configured don't log your IP address (just like solid VPNs don't) as I described. It stays on RAM and never hits a server disk and then the IP is deleted. Signal did this with their own open source e2e Signal Protocol - which is the newer encryption they developed to solve the problems with older PGP which leaves a lot of metadata like IP and who you contacted and who contacted you.

                By the nature of browser based email, most of the e2e email providers use older PGP encryption. They have not been able to implement the more secure open source Signal Protocol. I'm hoping in the future some e2e email provider can develop a fork of open source Signal Protocol and get rid of the PGP metadata on e2e emails, but for now e2e emails are not high threat model and Signal is. Like I posted, you don't have to share the fact you are using Signal via phone number with contacts if you don't want to and your phone number remains a truncated hash on an encrypted Signal server. For this reason I don't see a big deal with Signal requiring a phone number as they do not have access to it or your contacts (or anything on the app). But hey, if a phone number bothers you, use Session with its small user base. Session works if you have a couple of people who also want to use it with you. If you make your phone number available to contacts on Signal, you can have e2e calls/texts to more people. And, Signal can not see your contacts and they can not see which ones use Signal. All calls/texts are e2e with the key on your phones, so Signal has no access to that. Again, Signal has no access to anything except date app download and date app last used if guv give them a specific phone number via subpoena.

                  • [deleted]

                  MoonshineMidnight Signal uses an IP they themselves can't see or access as it is only on RAM and never hits a disk on an encrypted Signal server.

                  Why should we assume that the Signal Foundation doesn't have access to the RAM?