Better than Signal?
[deleted]
- Edited
AlanZ Hopefully this is will be addressed soon, but you also aren't met by a completely empty contact list. Phone numbers are there for a reason, but good on Threema for making both approaches work, although my contact list is still at zero, just like it was when I first purchased it.
[deleted]
- Edited
People looking at XMPP might be interested to read XMPP: Admin-in-the-middle by now defunct Infosec Handbook and associated HN discussions here and here. It mostly applies to using third party servers, not hosting your own.
MoonshineMidnight
On metadata - see discussion at
https://www.reddit.com/r/fossdroid/comments/12vehzr/comment/jhdb2oe/
and
https://www.reddit.com/r/fossdroid/comments/12vehzr/comment/jhmm0sd/
for references.
zzz
No link able sources, but read about Australia and encryption.
US politicians are no better than Australian politicians, to say the least.
And “our” government is constantly dinging them to “take action” on the “problem” of encryption for the citizenry.
Blastoidea I.e. your government wants to ban encrypted messaging?
supersonic My 0.02 cents. Creator of ,,tinfoil chat'' which is a really secure communicator, has a long reddit history of saying unpleasant things about SimpleX. Sadly i cant say much specyficaly as i was reading this long time ago
Tuba the now-deleted posts he was responding to, you mean?
supersonic not sure, like i said, i read it long time ago
Javcek
Law enforcement never stops trying to gain access to encrypted communications, through lobbying legislators, or any other method they can think up or access.
supersonic That's fine and dandy, but those are threads boosting SimpleX. I read quite a bit of FUD on Signal.
About Signal... Every instant messenger that presents me with Google Captcha can go fuck itself.
AlanZ
Example(s)?
Blastoidea
Signal does it when you create a new account. At least it used to, once I saw this, I uninstalled the stupid thing right away. Hell, even Molly does it, albeit with hCaptcha (not much better).
The thing with chat apps is that if everyone/most people I care about aren't going to use it, its useless for me.
I know nobody who uses XMPP, Session, or Simplex. I do know people who use signal and have convinced a few to use it. But that's it.
If nobody else, or very few people I know are using it, I'm not going to bother using it. This is a network effect type problem I believe.
My family and a few close friends, are all on signal, anyone else who wants my number, well they need to download Session. And if they don't- then I guess they don't really need to chat with me.
Be a grain of sand in the workings of surveillance capitalism
- Edited
Indeed, also depends of the country, in mine Whatsapp is the most used, then Telegram used for groups.
I think most of the people has not privacity concerns, big tech knows how to exploit that vein of gold.
If I'm honest, I don't think governments agree that a percentage of users cannot be spied on, there are excuses such as terrorism, jihadism, pedophilia, etc.... to keep us all under surveillance. They are not going to allow this to change, they handed over user data to the government, when they said it was impossible for that to happen. Remember Protonmail, one of the most secure email servers, delivering user data to the government when they said that was not impossible.
Icecube JS based browser emails like Proton, Tuta, Posteo, etc. are not secure from a targeted guv attack. They can inject code into the JS in your browser and get your key. However, we all need email, and the ones I mentioned are better than the alternatives. Companies put ad trackers in the pixels of their corporate logo in an email to you. Proton blocks these. It helps and if you are not targeted by guv for a high level hack, having your emails encrypted at rest no matter who you email means Proton is not using them for ads. Use Signal or Session or your messenger choice e2e for high threat model. No useful metadata with Signal. The e2e emails have a fair bit of metadata.
As for OP, I just flashed my 6a to GOS for the first time a few months ago. Downloaded the Signal APK from their GitHub. No CAPTCHA.
MoonshineMidnight And, when I say JS attacks I am talking browser based e2e emails on laptops and desktops. For their apps on an Android/GOS phone their is no JS so they are very secure that way from a targeted guv attack. However, they all leave metadata like who you emailed and received email from. With a court order the guv gets that and will figure out who you are.