this post was submitted on 02 Mar 2021
154 points (97.5% liked)

Privacy

39651 readers
88 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
154
Signal Server is effectively closed source software right now (lemmy.ml)
submitted 4 years ago by [email protected] to c/[email protected]
133 comments fedilink hide all child comments
 

The Signal Server repository hasn't been updated since April 2020. There are a bunch of links about this here but I found this thread the most interesting.

To me, this is unforgivable behaviour. Signal always positioned themselves as "open source", and the Server itself is under the best license for server software (AGPLv3 -- which raises questions about the legality of this situation).

Signal's whole approach to open source has constantly been underwhelming to say the least. Their budget-Apple attitude (secrecy, i.e. "we can never engage the community directly", "we will never merge/accept PRs", etc) has lead to its logical conclusion here, I guess. I have been somewhat of a "Signal apologist" thus far (I almost always defend them & I think a lot of criticism they get it very unfair) but yeah I'm over Signal now.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 55 points 4 years ago (4 children)

Another big problem with Signal is the fact that it's centralized with the server being located in US. Even if the protocol itself is secure with the server not having access user data, this presents a huge risk since US government can simply force Signal to shut down the service at any time. The server can also potentially collect metadata about the users providing US security agencies with user connection graphs.

I think that Matrix approach is much more sound, and would always recommend it over Signal.

[–] [email protected] 5 points 4 years ago (1 children)

I wrote about both issues, and why Matrix isn't a perfect solution, previously: part 1, part 2. Starring WhatsApp, Firefox, Signal, XMPP, Email, and Matrix.

Also discussed on Lemmy: part 1, part 2.

Signal's problem is being a closed platform; Matrix suffers primarily from complexity. Both enable dependence on a single small group, and therefore enable user domestication. That being said, Matrix is considerably less bad than Signal.

For large public rooms, IRC continues to be the best option. All its issues are client-side; IRCv3 supports history, multiple devices, authentication without NickServ, and even typing notifications. All these features are supported on Oragono. For small, private E2EE rooms, all existing solutions have major trade-offs.

load more comments (1 replies)
load more comments (3 replies)
[–] [email protected] 41 points 4 years ago (2 children)

Let's be honest, Signal was never an option.

Rather than being free software, signal is more like museum software, you can see, but you cannot touch.

[–] [email protected] 20 points 4 years ago (2 children)

A few years ago (2017?) I decided I would move messenger apps. The aim (and what I’ve achieved) was all my messaging going through a secure, private app.

Signal was never an option.

In 2017, Signal really was the only option. Element (Riot, back then) was really bad and didn’t feature e2ee (which only got enabled by default last year!). XMPP was and remains difficult to use (not even many people here use it, how could I expect “normal people” to use it?)

I made the choice to use Signal, and I don’t regret it. I only regret that it has taken until now that we are starting to see a glimmer of a real competitor, in the form of Matrix. But a really competitor to Whatsapp and the like, back in 2017, just didn’t exist outside of Signal.

[–] [email protected] 5 points 4 years ago* (last edited 4 years ago) (1 children)

I don't quite get why you think XMPP is harder to use than Matrix. The only way this seems true is if you use the main matrix.org instance and then you are pretty much back at a centralized service based in a five eyes country (UK).

[–] [email protected] 7 points 4 years ago (1 children)

It's not about instances, they're pretty much equal in that regard. There are two main issues with XMPP:

  1. Clients. There is no "default" or "reference" client for XMPP, whereas there is a cross-platform one for Matrix (in the form of Element). This has several implications, but the most important is that for the non-technically aware (which is the vast majority of people I talk to), it is easier and reassuring to use "the" Matrix client. The more important implication to me is on e2ee. Conversations started in Element now enable e2ee by default. In contrast, every XMPP client I've tried (on Linux & iOS) does not.
  2. Message history. Matrix and XMPP differ a lot here, and it's why the Matrix homeservers are much more resource hungry than XMPP servers. When I use Matrix, I get message history on each device. This is a critical feature for those I want to move from Whatsapp and the like. This is not the case with XMPP.
[–] [email protected] 5 points 4 years ago* (last edited 4 years ago) (2 children)

I disagree on the default client idea, especially if it is such a badly done web-based one as element/riot. In the end clients are always platform specific, and there are easy to find "best" XMPP clients for each platform. At most it is a branding/marketing problem (see Snikket.org for that).

As for the other two points: that is both false and outdated. e2ee has been supported and the default in XMPP for longer than in Matrix and message history (as much as the e2ee double ratchet algorithm used both in OMEMO and OLM permits) is working perfectly in XMPP across clients if the server has MAM enabled (pretty much all have).

load more comments (2 replies)
[–] [email protected] 4 points 4 years ago* (last edited 4 years ago) (15 children)

Well there was Wire, which offered e2e encryption, an open protocol and opensource clients and backend, it has been audited, and it was based in Swiss which is times better than the US. I tried to move a lot of people there, but luckily I failed, considering it has been bought by an advertisement company recently

load more comments (15 replies)
load more comments (1 replies)
[–] [email protected] 15 points 4 years ago (4 children)

I can't tell y'all how many friends, family and other peers would just chat with me with WhatsApp if signal didn't exist. Let's be real for a moment, these people wouldn't use Matrix or Jabber instead, because these can seem a little bit unreliable from time to time.

I know the weaknesses of signal, but I don't think a better solution exists as of today.

[–] [email protected] 6 points 4 years ago* (last edited 4 years ago) (2 children)

You mean like the centralized Signal servers that recently went down half a day? Not a blip on XMPP despite also higher number of users the same time due to the federated nature of the network.

I get that people are annoyed by the latency of the main matrix.org server, but even that improved lately.

[–] [email protected] 8 points 4 years ago (12 children)

yes like that, but my private xmpp groups all have issues with people turning OMEMO off because they can't get some messages of each other.

Like I wish it was better and I'd totally advertise it to non-technical people over signal, but that's not the case today. I hope that projects like https://snikket.org/ take off and solve these issues.

tldr: Signal sucks, but it's the best we have for some scenarios for now.

load more comments (12 replies)
[–] [email protected] 5 points 4 years ago

recently went down half a day

It was more like ~3 days

load more comments (3 replies)
[–] [email protected] 15 points 4 years ago* (last edited 4 years ago) (1 children)

edit: i didn't mean to say that this post is unimportant, rather that this course of events for signal was somewhat predictable and i'm not terribly surprised that this happened...

[–] [email protected] 5 points 4 years ago

Then you should have used this https://en.meming.world/wiki/File:Surprised_Pikachu.jpg (yes, I'm fun at parties)

[–] [email protected] 9 points 4 years ago (2 children)

Signal is the easiest alternative to WhatsApp for now. But we need to be moving to something like Jami.

[–] [email protected] 11 points 4 years ago (2 children)

Try Conversations or Element

load more comments (2 replies)
[–] [email protected] 4 points 4 years ago (1 children)

Why not Jami? (Rather than like Jami?)

load more comments (1 replies)
[–] [email protected] 9 points 4 years ago (1 children)

I warned you guys about this: https://lemmy.ml/post/47340

load more comments (1 replies)
[–] [email protected] 8 points 4 years ago* (last edited 4 years ago)

I have always had my doubts about how open and transparent signal is to its community, I so far have resisted the urge to join signal because of how adamant they are to creating yet another walled garden around their platform.
They have times and times again shown their disdain to interacting with their user base (unlike other open source platforms) and answering valid questions and concerns from their community. and them keeping secrecy about what is being worked behind the scenes and their very vague and evasive answers about future features.
To me signal's attitude is more inline with silicon valley venture startups than with a non-profit who listens to its user base concerns and needs. though they are working hard on switching more whatsapp users and keep growing.
They ignored the most asked feature for years which is the ability to sign-up without the need of a phone number. while they kept rolling meaningless features to privacy like reactions, stickers, backgrounds, group chats.. and kept answering that usernames are coming, but didn't give any details to how that would be implemented.
Hopefully Berty if released could become a viable solution. as to me right now signal isn't more than a whatsapp clone if they don't give up reliance on phone numbers

[–] [email protected] 6 points 4 years ago (4 children)

People seem to float https://getsession.org as an alternative. Are there any details on who's actually behind that? Personally, I really hope p2p solutions like https://jami.net get better soon.

[–] [email protected] 12 points 4 years ago* (last edited 4 years ago) (3 children)

I won't promote Session again because of this point:

Convenience again instead of doing something which is in their hand. They are just sold.

Better Jami.

load more comments (3 replies)
[–] [email protected] 6 points 4 years ago (2 children)

jami looks nice

load more comments (2 replies)
[–] [email protected] 5 points 4 years ago

I have tried Jami about more than a year ago, It has its promise. but they need to work on resolving many connectivity issues. I might go back to checking it later.
I find it sad that this app isn't more advertised and talked about in privacy and security circle it definitely deserves more light. but hey we always flock t champion the winner.
as for session, I don't like the direction the devs are taking, as they are switching to using Loki net instead of tor. and they will be tying the app more and more with their blockchain and cryptocurrency. this is enough for me to stay clear as I can't trust projects developed on money insentives

[–] [email protected] 4 points 4 years ago

Last time I looked into Session, my conclusion was that its background was shady enough that I'd never use it.

p2p solutions would be great. The team at Matrix have demonstrated p2p over Matrix (using the Dendrite homeserver) so hopefully that also becomes more accessible at some point.

[–] [email protected] 5 points 4 years ago* (last edited 4 years ago) (5 children)

I recommend Delta Chat, it doesn't needs to create an account since it is just an email client with a chat interface, it is not a replacement for your fancy chat app but for your email app, everyone have email, so will need an email app anyway, it makes email easy to use and encrypted out of the box without your friends having to know what encryption means.

I like XMPP but UI/UX is really poor, it is surprising that this email client has a much better UI/UX than Conversations, it has swipe to reply, etc. I found Conversations ridiculously "hard" to use, blabber.im improves a lot of small details that have an impact in the users every day workflow

https://delta.chat

load more comments (5 replies)
[–] [email protected] 4 points 2 years ago (1 children)

I’ve been recommending Session over signal for a while. It does what’s signal is supposed to do, and more, with even more anonymity

load more comments (1 replies)
[–] [email protected] 4 points 4 years ago

+1 i got all my friends on matrix anyways now.

load more comments
view more: next ›