The divide in these comments perfectly encapsulates why nothing ever gets done when it comes to privacy
This thread is the worst case of astroturfing I’ve seen on this site so far, holy shit.
I dont understand the downvotes on some of these anti-signal arguments. There are a number of very valid arguments against Signal if privacy is your chief concern: they have centralised servers, they’ve been extremely lax with adding their production updates to their publicly available source code on github, they receive funding from RFA.
Yup, would probably get more people to join by just using Discord at this point.
While I have a discord, but not gotten around to matrix or Signal, I hate this idea
But on the other hand, atleast having a mirror on discord could be good
You won’t see previous messages, but that doesn’t mean the group is dead lol
Don’t want Signal with randoz. Try SimpleX, easy mutli-accounts.
Why not a matrix server?
Or Simplex Chat
Would be the most appropriate in this case as people don’t need to hide when talking in public groups
Seen a lot of different opinion in this, but personnaly I would recommended this.
-
SimpleX, for the most privacy (but not really appropriate here) Wouldn’t use any of threema wire and else, as it’s not the best.
-
A good option in the case of this project is a matrix server, if the group is public it’s the best thing. Try to host it somewhere else than matrix.org. Will have no real hiding but surely anonymously if done correctly
-
SimpleX maybe 😁
Yeah not doing Signal with randos.
That is indeed a massive improvement, but until they allow multiple profiles per number - that would still mean either using the same account with internet randos as I do with IRL friends, or renting a whole other number and risking losing the account once the ownership of the number expires.
Not usable until they support unifiedpush. I won’t burn my battery with simplex.
Actually it’s not burning my battery so much, but I can understand
Why not something xmpp based? Or matrix
Lol not in Signal
Why not?
Basically a app that lock you with a phone, giving you only one account. Centralized servers. Not good.
Good for some use cases. Only if the Signal Foundation stays in the current track and it doesn’t go south like with Mozilla.
For a privacy chat group with random people, maybe another app would be a bit better.
Personnaly I would recommended SimpleX for small groups and 1:1, only a bit less uglier
Because you can’t have privacy if a company asks for your phone number.
Depends, who do you want to shield what information from? Signal knows all of their users’ phone numbers. You can hide it from other Signal users. All depends on your threat model.
The NSA
Right, then Signal might not be the best option. The NSA can easily track who’s using Signal, and possibly do some traffic correlation to reveal who’s talking to who.
But to state that there is no privacy on Signal at all is a bit of a stretch.
Yes but, I ain’t joining a random group I found on Internet on a service which has my phone number. Which can be easily traced back to me. Because I don’t know who all the members are then if someone is on the list then that will put me also on the list. If it was something like matrix where even though the group could be unencrypted and open to all. I can use Qubes and whonix to make sure that some stupid idiot doesn’t put me on a watchlist I don’t want.
But if I know all the members and I or someone I trust controls who can join then anonymity isn’t a concern security is and in that scenario yes I’ll definitely be using signal. I already am. But not here.
Signal knows all of their users’ phone numbers.
Only the hash of your phone number.
How exactly is it hashed? There aren’t that many possible phone numbers, so it might be viable to just try every valid number until you find one that matches
Here’s what Signal says: https://signal.org/blog/contact-discovery/
Good correction, thanks
Burner numbers are pretty easy to come by…
What @jagged_circle said but also. Even if you were lucky enough to be born in a country where you don’t have to give government I’d and thumb print just to get a goddamn sim card. It is still feasible to trace it back to you if you are not careful and there are a lot of ways you can slip up.
Like if you use a phone/device which is know to be yours then even if you buy new prepaid sim card anonymously your ID will be revealed due to same IMEI.
Or if you turn it on in a public area where cops know that you are there (maybe because they caught you on a camera) even though this is public area how many people connected to that tower are using burner sims, and how many of those are into extreme privacy or into something they suspect you to be involved.
And so many other scenarios and at the end it will come down to humane error which will be very tricky to avoid in this case. Whereas in case of being online you can properly setup iptable rules. Qubes, whonix, etc. Test it yourself that even if your VPN/TOR/I2P/etc. Goes down you’re not reviling your true IP
Not for everyone. Check your privilege.
I mean online providers like jmp.chat, my sudo, and virtualsim will hook you up for a couple of bucks. So sure, if you are seriously cash constrained or crypto is unobtainable for you, then not so easy.
If you use one of those accounts, someone will just take over your account after some weeks/months
Like anyone’s doing that just to talk to you.
Known what’s easier? A username.
Do it on Wire and I’m in. No way I’m giving you my phone number.
This is a privacy community ffs
Where’s the option to hide if from signal?
tbf, signal is a bit of a privacy joke
Yes. We should not be recommending it here in this community.
Make a Threema group then I’ll join lol
Isn’t this a paid app?
if it’s free, you’re the product.
signal seems really good right now, with open source clients, but they already show that they’d like to keep the ecosystem locked down by not allowing 3rd party clients. at some point they will need a way to pay for their datacenters, and even if they claim the foundation or whatever is doing well, i can see the pestering for donations getting much worse in the future.
that said, threema is far from optimal too, im still waiting for matrix servers to become solid options. last time i wanted to set up synapse, the only captcha they supported was fucking Google captcha :|
it’s generally true, but Signal is asking for and depends on donations because they have no other revenue source (unlike google which does not ask for donations because indeed they monatize you, the “product”).
Your arguments don’t really make sense in the context of you asking for Threema instead, even if you acknowledge that it isn’t optimal.
[Signal] already showed that they’d like to keep the ecosystem locked down by not allowing 3rd party clients
Neither does Threema, it is a closed eco system? And in fact there is Molly, a hardened Signal fork for Android
At some point they will need a way to pay for their datacenters, […] i can see the pestering for donations getting much worse in the future.
Threema is a paid app though. So you consider an app asking for donations worse than a paid one? I agree though that their financials aren’t the best, since they seem to be living off a loan, but thats even more an argument to donate.
if it’s free, you’re the product.
FOSS software existing proves this is not always true.
I mean, those are valid concerns. Most messaging apps require a server to be running at all times. If there is only one centralized server, costs will start to pile up, so they’ll need a way to make money; either by asking for donations, making a paid tier or by selling your data.
True! That’s why I much prefer federated protocols so that the cost (and data!) does not pile up in one specific place. You can end up paying for it - in form of your VPS bill or the cost of the hosting hardware.
Have fun paying to be the product, LMAO