this post was submitted on 08 Jul 2025
18 points (95.0% liked)

Privacy

3169 readers
186 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 8 months ago
MODERATORS
[email protected]
otter
[email protected]
[email protected]
18
How checklists lie with facts, and are bad for figuring out privacy of apps etc. (soatok.blog)
submitted 5 days ago by [email protected] to c/[email protected]
22 comments fedilink hide all child comments
 

cross-posted from: https://beehaw.org/post/20989376

Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.

all 23 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 3 days ago* (last edited 3 days ago) (1 children)

So Soatok advocates for signal as pretty much the "gold standard" of e2ee apps, but it has a pretty big problem.

  1. Having signal be the distributor of the app, sorta breaks the threat model where you trust the app to encrypt data and hide it from the sever

  2. Signal is hostile to third parties packaging and distributing signal

The combination of these problems is suppose to be fixed with reproducible builds, where you can ensure that any user who builds the code will get the same binaries and outputs. Soatok mentions reproducible builds and the problems they solve on another blogpost

But signal's reproducible builds are broken.

The problem is that the answer to Soatok's second question "Can you accidentally/maliciously turn it off" is YES if you are using packages directly from the developer without signing to verify their identity and reproducible builds. They could put a backdoor in there, and you would have no way to tell. It's not fair to pretend that signal doesn't have that flaw, while dissing OMEMO

To understand why this is true, you only need check whether OMEMO is on by default (it isn’t), or whether OMEMO can be turned off even if your client supports it (it can)

(Although there is an argument to be made that having e2ee always on by default would minimize user error in improperly configuring it).

Now, I still think signal is a great software choice for many things. It's basically the best choice as a replacement to text messaging, universally.

But some people need something more secure than that, if you're seriously concerned about certain entities compromising the signal project, than you must have the ability to install clients from third party distributors and developers, even though they can have security issues, which Soatok notes in a post about Matrix (see the heading "Wasn’t libolm deprecated in May 2022?").

I thought the whole point of choosing Matrix over something like Signal is to be federated, and run your own third-party clients?

Yes Soatok. Depending on your threat model you may need to be able to choose from more than client implementation, even if all of them are trash except for 3. (Although I wouldn't recommend Matrix as a private messeger due to metadata like users/groups being public, but it's shaping up to be a great discord clone with PM feature. Is the crytography as secure as signals? No. But it checks the box of "Discord but doesn't sell my data" (yet ofc, Matrix is VC funded).).

Anyway, it's frustrating how he seems to have become more of a hardliner about this. It used to be that these were the bar to clear to become a signal competitor. Now these standards are the bar to clear to be recommended entirely (see the main section about "How do experts recommend secure messaging apps"), even though Signal itself doesn't clear them.

[–] [email protected] 1 points 3 days ago

Very good and well thought out reply! Thanks so much!

[–] [email protected] 6 points 5 days ago (1 children)

I'm surprised this article doesn't mention privacytests.org by name, but it reaches a conclusion that may as well:

If you see a dumb checklist trying to convince you to use a specific app or product, assume some marketing asshole is trying to manipulate you. Don’t trust it.

Thankfully there's a good recommendation in the very next paragraph for all things (messaging apps, browsers, etc):

If you’re confronted with a checklist in the wild and want an alternative to share instead, Privacy Guides doesn’t attempt to create comparison tables for all of their recommendations within a given category of tool.

Also: shots fired at XMPP throughout, as the poor protocol limps along trying desperately to catch up to the encryption baseline that was set over a decade ago by the first versions of Signal.

Ultimately, both protocols are good. They’re certainly way better choices than OpenPGP, OMEMO, Olm, MTProto, etc.

Why OMEMO is "bad" is indirectly answered earlier:

The most important questions that actually matter to security:

  • Is end-to-end encryption turned on by default?
  • Can you (accidentally, maliciously) turn it off?

If the answers aren’t “yes” and “no”, respectively, your app belongs in the garbage. Do not pass Go.

Similar discussions have skewered the federated Delta Chat for having an even worse version of this issue.

[–] [email protected] 1 points 3 days ago* (last edited 3 days ago)

If the answers aren’t “yes” and “no”, respectively, your app belongs in the garbage. Do not pass Go.

Please see my comment about this issue. Signal does not pass this test due to not having (working) reproducible builds.

[–] [email protected] 5 points 4 days ago (1 children)

My lithsmus test for a good checklist is how they rate the Brave browser, Telegram, and popular VPNs. All three have marketed themselves as privacy friendly and secure, but all three are absolutely terrible if you do your homework on them. I've seen Brave or Telegram in the top tier on so many lists it isn't even funny

[–] [email protected] -1 points 4 days ago (2 children)

Yeah, more tech and privacy enthusiasts should really look into things before declaring them secure or private. Even those that market themselves as such. Like, a lot of them hark on about SimpleX without really understanding that it's not a good choice.

[–] [email protected] 0 points 4 days ago* (last edited 4 days ago) (1 children)

I actually do endorse SimpleX. While it does lack a lot of user features you might enjoy in other messengers, it does do the security/privacy part right. While not having as many auditors as signal, there have been enough to form an opinion. The fact that it is foss in the first place gives an advocate for their transparency. It's also double ratchet E2E enrypted, comletely anonymous, practices perfect forward secrecy, and even offers Tor proxies; which is more to be said than most messengers.

The only good argument I've seen against it is that it isn't federated or P2P, which is a discussion on the centralization of power rather than a security/privacy issue outright

[–] [email protected] 3 points 4 days ago* (last edited 4 days ago)

A big thing they could do to convince more of us is to set up a transparency report like Signal has, so we can see any requests for information or legal orders they get, and their replies.

[–] [email protected] 1 points 4 days ago (1 children)

Thieves*

[–] [email protected] 1 points 4 days ago (1 children)

Good catch, feel free to tell Soatok as all posts are repliable on fedi.

[–] [email protected] 1 points 4 days ago (1 children)

Not my circus, not my monkey. 🙈

[–] [email protected] 0 points 4 days ago (1 children)

So you just wanted to be a pedant for the sake of it?

[–] [email protected] 1 points 4 days ago* (last edited 4 days ago) (1 children)

If we don't gently remind each other to be better, who will? You?

[–] [email protected] 0 points 4 days ago* (last edited 4 days ago) (1 children)

I don't count that as being better, heh. Being better is things like behaviour not some random spelling someone got 'wrong' that ultimately doesn't matter.

[–] [email protected] 1 points 3 days ago (1 children)

Oh, my sweet summer child... 🤦🏼‍♂️

[–] [email protected] 1 points 3 days ago (1 children)

Winter actually.

[–] [email protected] 1 points 3 days ago (1 children)

That tracks.

[–] [email protected] 0 points 3 days ago (1 children)

What also tracks is you're a pedantic asshole that somehow thinks that correcting random posts on a forum, and not the original author because it's "Not my circus, not my monkey" (but it is yours to correct random internet posts, go figure) somehow makes you 'better' than others or others 'better' in some way when all it does is show how much of an asshole you are over things that ultimately do not matter and will not in any meaningful way change the world.

This isn't a fucking spelling competition, it's not an academic piece of work, it's not an exam, it's one fucking minor 'mistake' that, no really, doesn't matter and is just a reference to "Comparison is the thief of joy." Seriously, find something better to do with your obviously boundless free time, if you have so much of it you'd have the time to do this.

Instead of realising that language is about communication and as long as the original message comes across fine in non professional context then that's all that matters, you'd rather come into some random thread so you can be a smug asshole from afar.

Now either have something meaningful to say about the actual subject or get out.

[–] [email protected] 1 points 3 days ago (1 children)

Don't forget to breathe, kiddo.

[–] [email protected] 1 points 3 days ago

LMAO, I'm probably older than you.