@evacide

Sharing any data with Zuckerberg's genocide wurlitzer is a danger to your community.

@evacide Many people in the reply are criticizing Signal. It's one of the best encrypted messengers available and recommended for everyone. But it's rightfully criticized for requiring a phone number and being US-based. The protocol is the same as WhatsApp, so a malicious government could make it silently behave like WhatsApp and suddenly store metadata like in the article. Nobody can guarantee that this does not happen. I personally like Threema, where you don't require a phone number to register. It also has good e2e encryption, but I'd wish they used the Signal protocol. The biggest risk is probably that the adversary gets a hold of the phone of your communication partner, having access to all decrypted messages. There it doesn't matter what messenger app you use.

@evacide @starraven do you guys have alternatives that you'd suggest?

@evacide I am using signal but thinking of switching to matrix. Does that make sense?

@evacide
The next preference is to have a tech that sends no metadata in client-server communication.

@evacide it would be nice if Signal would delete messages when you are kicked from a group. How to circumvent cops looking at your phone?

https://community.signalusers.org/t/delete-message-history-from-a-group-members-device-when-a-group-member-is-removed/71647

@evacide and I do not use biometrics to unlock my device.

@evacide RIP your mentions because you’re talking about Signal and Mastodon is full of some weird, aggro nerds.

@evacide @Herman I was able to possibly identify the majority of the people with whom Ayala was communicating with on WhatsApp during this small time frame,” an HSI agent wrote in the warrant. (Meta hadn't commented at the time of publication.)

@evacide and then it's only a tiny step from #signal to #molly

https://molly.im/
@mollyim

@evacide as if u would reach anyone here who doesn't already agree with u

@evacide https://www.whatsapp.com/records/login https://faq.whatsapp.com/444002211197967/
https://faq.whatsapp.com/808280033839222/?locale=en_US

They actually have good docs on all this data sharing. Interesting that a user's Address Book is on there.

@evacide as a US-based corporation, Signal is just as vulnerable to pen register warrants as WhatsApp, the saving grace is Signal’s Sealed Sender feature that WhatsApp doesn’t have. Sealed Sender makes it hard to reverse the identity of the correspondent, but if the pen register also has the IP address and the sender doesn’t use Tor, they can still be identified that way.

@evacide nope, Signal is centralized and they do get lot of useful metadata (at least who messaged who and user's identities via phone numbers).
It's trust based if they store or sell this data.

Also it being open source is questionable, as ~100% of users run a binary build with google libraries embedded. You won't find Signal in F-Droid or Debian repositories like proper open source alternatives.

As lot of users already commented, use decentralized or p2p messengers if you need hard privacy.

But don't get me wrong, it's much better alternative than WhatsApp or other fully closed and centralized apps.

@evacide can we just skip the part where Signal corp gets inevitably controlled by the US government and go straight to using decentralized messengers instead ? Like @delta

@evacide

A bunch of accounts with few followers and not a lot of activity posting anti Signal messages.

Not saying they're absolutely wrong, or ill intentioned, just noticing a pattern.

@evacide @opiobf

The main disadvantage of using #Signal is that it is provided by a centralized corporation, with all associated risks.

Free Libre & distributed peer-to-peer has always been far better (but most people are amnesiac).

Is it the right time to remind that this is even one of the fundamentals of Internet design?

@evacide Among SimpleX Chat, I am not very aware of other metadata-protecting messengers. But I guess other exist, so who aware, drop links/names please.

@evacide Also opensource and has reproducible builds for Android.

@evacide signal is literally whatsapp 2.0 given its servers are in the US and accessible by the NSA.

@evacide
That meta data ties you to others... Maybe enough to get a warrant.