Here are the four paragraphs of conclusion from that clickbaity piece ("Is Signal safe?") by @protonprivacy about @signalapp that is doing rounds.
1. "Signal remains widely regarded as the gold standard for secure private messaging for very good reasons. The Signal Protocol is extremely secure, and unlike most other apps that use the Signal Protocol, Signal collects almost no metadata from the Signal app."
1/🧵
@rysiek @protonprivacy @signalapp
I hate to break the news to you that Signal is secure, but ... and it's not just Signal that isn't ... nothing electronic is secure from the NSA - NOTHING.
@rysiek Signal is not perfect, but compared to most apps it is still way ahead, and pretending otherwise just confuses people more than it helps.
There are also a bunch of good reasons to criticise Signal, but this kind of piece and the recent marketing nonsense by some DeltaChat folks hides those criticisms.
I don’t recommend Signal because it’s perfect, I recommend Signal because it’s better than the alternatives. But there’s still a lot of room for improvement.
@rysiek @protonprivacy @signalapp I accept your point about the unnecessarily click-baity headline, but aren't you doing the same with your intro message? Implying that Proton (which has gotten more than its share of shit on fedi) is up to some underhanded shenanigans? Only to conclude at the end of your chain that this is actually a reasonable article?
Just saying; I guess we all live in an attention economy, for bad and for worse.
@rysiek and yet people will continue to insist that Proton, whose CEO very actively supports literal Nazis and the surveillance state, is one of the good guys. You know. Because the CEO's personal beliefs have zero influence on any company ever.
2. "Signal is therefore vastly more private than any of its mainstream competitors, and with easy contact discovery and a wealth of advanced features, you might realistically convince your friends and family to actually use it."
2/🧵
3. "However, being hosted on AWS servers remains a concern in light of Signal’s reliance on SGX. There are a number of open-source encrypted messaging apps like Threema that try to address this and other perceived issues with Signal — such as its reliance on a centralized server and the need to supply a real phone number— some of which show great promise."
⚠️ Warning, this one is not true – Signal does not actually rely on SGX for its privacy; see: https://hachyderm.io/@dalias/115718139556844218
3/🧵
@rysiek also "perceived" is doing a lot of work there :(
@rysiek "Reliance on SGX" is a common lie by bad faith parties trying to sell you scam/nazi "secure messenger" products. Signal does not "rely on SGX" for any of its actual promised privacy properties.
@dalias @rysiek Signal does rely on SGX, but it seems they are moving away from it.
I've written a blog post on the subject: https://s1m.fr/signal-pin/
About Signal PIN
@dalias oh, thank you for catching that!
4. "But none of these have undergone the same level of rigorous external scrutiny as Signal, and all of them have tiny user bases by comparison to Signal, which limits their practical usefulness."
4/🧵
