#Signal seems to have been down for a bit today, so this is a good moment to consider if you have backup comms channels with people you care about.
A Signal Contingency Plan, if you will:
https://signal-contingency-plan.info/
I agree with the recommendation there and am working on making Delta Chat @delta that kind of backup channel for me and mine.
@rysiek yesterday I installed Delta as a means of communication chats and file transfers between family members – this is needed for me now because #Meta nuked my two #facebook accounts. Too much #Palestine posting, ya know?
When Meta kills your account they also kill your messenger thus cutting you off from family and work.
Remember my example.
@rysiek
> how Signal might get blocked in the US
It's based in the US. They don't have to block it. They can shut it down.
@rysiek@mstdn.social
So is it back up yet? I gave up on it because of its limits and glitches, and switched to Delta Chat @delta@chaos.social
@rysiek I like and use Delta Chat.
@bane Simplex: https://mstdn.social/@rysiek/114630877715286899
XMPP – I used to run several XMPP servers and the complexity of figuring out client and server support of every given feature (often 2 differently clients, 2 different servers for each connection) made it difficult for any feature to be reliably usable – and that included encryption.
@rysiek it sucks that SimpleX is run by people like this, I was really hyped by the project 😞
Cwth is great but synchrone so not really usable.
Briar coupled to lora seems really nice but i don't know if the project is really mature, i'll dig on that
@bane yeah, I was also pretty interested in SimpleX, until I learned about the people behind it.
@dalias @bane here's context on SimpleX: https://mstdn.social/@rysiek/114630877715286899
@rysiek @delta Your heart may be in the right place here but I beg you to retitle this. It is misleading to call this a “Signal contingency plan”.
A proper “Signal contingency plan” would be an outline for how to make my own assessments of my organization’s needs, and then maybe some fallback tools and their various strengths and weaknesses.
You are only presenting a kind of Delta advertisement here.
@neilk since @delta are not selling anything, I don't think it's an ad.
I am also very strictly not recommending Delta Chat *over* Signal. Just saying that this is my backup comms channel in case Signal has issues.
You are welcome to make your own assessments of your own organization's needs – demanding this, along with "some fallback tools and their various strengths and weaknesses", to be done for you for free by a rando on the Intertubes is a bit rich.
@rysiek @delta @briankrebs SimpleX is also a very good alternative
@rysiek I use threema as well with all my important contacts. Delta is great but its buggy and almost impossible (for me to get anyone else interested). I got one person to use it for a day. 🤷
@rysiek @ruari
+1 for Threema, go check it out. Swiss based, costs a coffee, somewhat open source, highly trustworthy imho. No phone nbr required, you can even buy anonymously: https://shop.threema.ch/en/buy-anonymously (guess that's only possible for android, not for iOS)
Yes, the company has recently been sold to a German investor, but no impact seen or suspected on their business model or trustworthiness so far. Let me know if you think differently.
@rysiek When you say:
But show us a centralized, end-to-end encrypted Signal alternative that is not backed by venture capital, blockchain, the Saudi royal family, or all three, and we'll sell you the Brooklyn Bridge.
...I remember that XMPP is technically neither of the three - is the reason not to recommend it that end-to-end encryption is an extension for XMPP (OMEMO if I recall correctly), and doesn't come enforced by default by the protocol?
@csolisr I am not saying it. I am not the author of that website.
I had, however, ran several XMPP instances, and figuring out how capabilities of my client, my server, my contact's server and my contact's client mesh together has always been a massive issue.
I hope XMPP fixes it one day.
@rysiek my back up is radio. At least in the US the FCC is so poorly funded that enforcement is nearly non existent and sort, local messages are likely to be missed all together.
I setup Briar today ( @briar ) for exactly that reason
@rysiek @delta This is a good idea, hadn't occurred to me that they might demand the duopoly remove Signal. I hope Signal themselves have contingency plans, like direct download or alternate stores.
Speaking of which, one assumes they might also sweep the Play store of alternatives, so I'm guessing it might be better to fetch Delta from somewhere like F-Droid? If you're so inclined that is, I totally get that everyday folks may not want that.
@tehstu I am 100% using F-Droid for anything I can.
@thomaspynching not a fan myself.
@rysiek Interesting. I'm curious why not a fan. I'm always open to consider shortcomings in platforms even if it's a platform I enjoy.
@thomaspynching so, I am on Matrix, and I think it is an entirely fine IRC replacement. But I find it extremely clunky and rickety in ways that Delta Chat for example is not in my experience.
Then there is this:
https://soatok.blog/2024/07/31/what-does-it-mean-to-be-a-signal-competitor/
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
Admittedly, Delta Chat does not meet all of the requirements from the first blogpost. Which is why I am not suggesting it as an alternative to Signal, just as a backup. And it passes my personal sniff test better than Matrix.
@thomaspynching the sniff test thing is not helped by Matrix's community that tends to be quite belligerent (not saying you are – your question is entirely reasonable!) in ways that are frustrating.
This was visible in the reaction to Swedish armed forces choosing Signal for one of their communication channels. Instead of congratulating Signal on getting them to use a solid FLOSS solution, Element published this:
https://element.io/blog/why-the-swedens-armed-forces-switch-to-signal-misses-the-mark-2/
It struck me as petty, even if I agree with some points.
@rysiek Nicely explained, very much appreciated. Yeah, I actually have very few folks to even talk to on element, most of my peeps just use signal...but one group I worked with did do some really complex *space building* on element with a bunch of different rooms.
If you're worried about Delta Chat being e-mail based and using OpenPGP, you should probably read this:
https://blog.feld.me/posts/2025/03/deltachat-is-actually-good-though/
@rysiek No, I'm not worried about Delta about the reasons debunked by the post. I'm worried because:
@qgustavor @rysiek
> Fixing things instead of having a solid foundation to begin
i really would like to know if xmpp and matrix were not suited for edits to become like chatmail
> why does a chat app need to include a sandbox for JavaScript-based apps
because it's fun!!!!!!!!!!
@ex_06 @rysiek IT'S MADNESS!!! There are lots of reported sandbox vulnerabilities in well maintained browsers and yet people include JavaScript in an app that, if cryptographic keys get leaked, it might cause A LOT of havoc.
Is it fun to add footguns to an app so three letter agencies have an easier time finding vulnerabilities without ever reporting them (like what happened with Heartbleed)?
Matrix crypto is bad too. There are lots of people who commented on it and have far more knowledge than me. Signal isn't perfect either: its out-of-band key verification scheme is outdated and not ideal as it adds too much friction. It can be improved, sure, it doesn't need a protocol change, a foundation change.
@rysiek interesting, thanks for the link! I have had that gut reaction based on my limited understanding of delta chat...but mostly when people here recommend it to activists/journos/other vulnerable groups, over stuff like Signal.
@wall_e I am very much not recommending it *over* Signal. But I am sufficiently convinced of their tech and their project to recommend it as a backup in case Signal goes down, in ways I would not recommend a lot of other stuff.
@rysiek yeah I've read the blog post now and it did indeed clear up some things for me. The idea still *feels* weird but I see some very viable scenarios to use it.
I will definitely still object to people blindly recommending it to vulnerable groups though.
I've often seen: "it's encrypted, free software, and decentralized! You should use it!", being thrown around...and I think you definitely need to understand a) your threat model and b) the cryptographic properties of the protocol and how they map to your threat model.
But to be fair, that's true for any messenger.
One big thing that I could see being a problem for some, for example would be deniability. As far as I understand the protocol, right now we have the exact opposite property: non-repudiation
@wall_e yup. Being careful and mindful of edge cases and possible failure modes is good!
@rysiek So far our fallbacks have been OpenPGP + (email or XMPP), but I’m seriously eye-ing deltachat for some of our less tech-y extended family…
„If you're worried about Delta Chat being e-mail based and using OpenPGP, you should probably read this"
• The PGP problem
https://www.latacora.com/blog/2019/07/16/the-pgp-problem
_ I use SimpleX Czat
@Lacze @Arcanoloth SimpleX is developed by a right wing transphobe:
https://mstdn.social/@rysiek/114630877715286899
I am aware of problems with OpenPGP. I am also aware of how Delta Chat learned from them.
@rysiek Thanks for sharing, now I'm sure SimleX is the right choice.
