• @ctag
    link
    English
    0
    edit-2
    4 days ago

    I don’t trust Signal. Haven’t used it since it went down when people and capitol rioters fled WhatsApp and signed up. My understanding is it’s a brittle centralized system just like WhatsApp.

    AND back when I did use it, the app had dark patterns that included spamming all your contacts when you set up the app.

    Matrix still needs work, but it is the future in this space.

    • Kalcifer
      link
      fedilink
      English
      2
      edit-2
      3 days ago

      Matrix still needs work, but it is the future in this space.

      Matrix can send encrypted events [1.1], but, imo, the Matrix protocol is a firehose of metadata [1.3][1.2]. I’d argue that metadata leakage doesn’t lend itself well to anonymity; if one seeks anonymity, then I think they should seek to reduce their metadata footprint, as, logically, any information is better than no information when trying to identify someone.

      References
      1. “Client-Server API”. “Matrix Specification”. Matrix Foundation. Version: 1.12. Accessed: 2024-12-09T02:21Z. https://spec.matrix.org/v1.12/client-server-api
        1. §“Sending encrypted attachments” (§10.12.1.7). https://spec.matrix.org/v1.12/client-server-api/#sending-encrypted-attachments.
        2. §“Extensions to m.room.message msgtypes” (§10.12.1.7.1). https://spec.matrix.org/v1.12/client-server-api/#extensions-to-mroommessage-msgtypes.
        3. §“Events” (§10.2.1). https://spec.matrix.org/v1.12/client-server-api/#events-2.
      • @ctag
        link
        English
        13 days ago

        I think that’s fair, maybe I should have said efforts like Matrix.

        But I’d also view a singular commercial company’s no-cost product as not being a long term bet on privacy/anonymity.

        • Kalcifer
          link
          fedilink
          English
          -1
          edit-2
          3 days ago

          But I’d also view a singular commercial company’s no-cost product as not being a long term bet on privacy/anonymity.

          Oh I completely agree with the idea that a federated service, like Matrix [1], is far preferable to a centralized one, eg Discord [2]; I have no issue with using Matrix (I personally use it extensively) I just think one should be careful with the idea of using it with the intent of being anonymous.

          References
          1. “Matrix Specification”. Matrix Foundation. Version: 1.12. Accessed: 2024-12-09T06:41Z. https://spec.matrix.org/latest/.

            Matrix defines a set of open APIs for decentralised communication, suitable for securely publishing, persisting and subscribing to data over a global open federation of servers with no single point of control. […]

          2. “Discord”. Wikipedia. Published: 2024-12-07T05:34Z. Accessed: 2024-12-09T07:03Z. https://en.wikipedia.org/wiki/Discord#Features.
              • The license is listed as “proprietary”. This was interpreted to mean that Discord is the owner of all of their infrastructure.
    • Kalcifer
      link
      fedilink
      English
      13 days ago

      I don’t trust Signal. Haven’t used it since it went down when people and capitol rioters fled WhatsApp and signed up. My understanding is it’s a brittle centralized system just like WhatsApp.

      Imo, there are more components to trust than service reliability (iiuc) — eg: trust in the underlying protocol, trust in the governing body etc.

      • @ctag
        link
        English
        13 days ago

        Yes, I agree.

        • Kalcifer
          link
          fedilink
          English
          12 days ago

          Is that an “agree” as in you hadn’t considered what I said, or that you agree to that in addition? If it was the latter, I should clarify that I wasn’t adding supplementary information — I was outlining what I thought was a flaw in your rationale (eg argument from ignorance) for distrust in Signal.

          • @ctag
            link
            English
            22 days ago

            It’s an agree as in I don’t really feel like arguing with another user here. I don’t buy the point about metadata when Signal, a centralized service like Discord (why are we talking about Discord?), may be able to scrape it too. Or the point about anonymity when Signal is far from the right tool for that purpose too, see above “spams your contact list.”

            For reliability, I’m not concerned with how much RAM Signal’s servers have. What I should have highlighted is that Signal can nuke your communications on accident / on purpose / under coercion. And it’s proven because they’ve already done it before. Mitigate that by having a backup system set up? That necessarily doubles your surface area for breaks in privacy or whatever a given user is worried about. So starting with Signal in the first place doesn’t make sense to me.

            • Kalcifer
              link
              fedilink
              English
              122 hours ago

              […] starting with Signal in the first place doesn’t make sense to me.

              If you have the means to choose something more secure/trustworthy/robust than Signal, then I think it would be in your best interest to do so! I personally would recommend SimpleX, if possible.

            • Kalcifer
              link
              fedilink
              English
              1
              edit-2
              22 hours ago

              […] And it’s proven because they’ve already [“nuked” communications] before. […]

              Would you mind providing a source of this? This sounds interesting, and good to know.

            • Kalcifer
              link
              fedilink
              English
              122 hours ago

              For reliability, I’m not concerned with how much RAM Signal’s servers have. […]

              I’m not sure that I understand this statement. What does RAM have to do with with Signal’s infrastructure reliability?

            • Kalcifer
              link
              fedilink
              English
              122 hours ago

              […] What I should have highlighted is that Signal can nuke your communications on accident / on purpose / under coercion. […]

              Are you referring to the possibility that they may be able to block communications, as they are a centralized service?

            • Kalcifer
              link
              fedilink
              English
              122 hours ago

              I don’t buy the point about metadata when Signal […] may be able to scrape it […]

              I agree that it it within the realm of possibility, but, imo, this is independently verifiable, as the Signal apps are open-source [1][2][3] and offer reproducible builds (except iOS [2.1]) [1.1][3.1]. See this section on Signal’s metadata for some more concrete information [4].

              References
              1. “signalapp/Signal-Android”. Github. Published: 2024-12-06T21:08:08.000Z. Accessed: 2024-12-11T05:38Z. https://github.com/signalapp/Signal-Android.
                1. Filepath: “reproducible-builds”. Published: 2024-10-29T18:36:34.000Z. Accessed: 2024-12-11T05:40Z. https://github.com/signalapp/Signal-Android/tree/main/reproducible-builds.
              2. “signalapp/Signal-iOS”. Github. Published: 2024-12-04T21:19:41.000Z. Accessed; 2024-12-11T05:41Z. https://github.com/signalapp/Signal-iOS.
                1. “Reproducible builds” (#641). Author: “Jeroen Massar” (massar). Issues. Published: 2015-03-03T09:16:05Z. Accessed: 2024-12-11T06:11Z. https://github.com/signalapp/Signal-iOS/issues/641.
              3. “signalapp/Signal-Desktop”. Github. Published: 2024-12-04T22:57:07.000Z. Accessed: 2024-12-11T06:12Z. https://github.com/signalapp/Signal-Desktop.
                1. Filepath: “reproducible-builds”. Published: 2024-11-21T03:14:21.000Z. Accessed: 2024-12-11T06:15Z. https://github.com/signalapp/Signal-Desktop/tree/main/reproducible-builds.
              4. “Signal Protocol”. Wikipedia. Published: 2024-11-30T04:32. Accessed: 2024-12-11T06:18Z. https://en.wikipedia.org/wiki/Signal_Protocol#Metadata.
                • §“Properties”. §“Metadata”.