Privacy

31275 readers

379 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

How good you feel good about your privacy using apps such as Signal? (lemmy.wtf)

submitted 9 hours ago by chappedafloat@lemmy.wtf to c/privacy@lemmy.ml

56 comments fedilink hide all child comments

Convincing people to use apps such as Signal is hard work and most can't be convinced. But with those you manage to convince, do you feel happy to talk to them on Signal?

The problem is these people use Signal on Android/IOS which can't be trusted and IOS has recently been in the news for having a backdoor. And it has also been revealed that american feds are able to read everyone's push notifications and they do this as mass surveillance.

So not only do you have to convince people to use Signal which is an incredibly difficult challenge. You also have to convince them to go into settings to disable message and sender being included in the push notifications. And then there's the big question is the Android and IOS operating systems are doing mass surveillance anyway. And many people find it taking a lot of effort to type on the phone so they install Signal on the computer which is a mac or Windows OS.

So I don't think I feel comfortable sending messages in Signal but it's better than Whatsapp.

These were some thoughts to get the discussion started and set the context.

you are viewing a single comment's thread
view the rest of the comments

[–] Kualk@lemm.ee 1 points 6 hours ago* (last edited 6 hours ago) (1 children)

Signal runs a service. Even if its source code is open source there’s no guarantee that that’s the code running on the server.

I don’t know the protocol, but I am concerned of man in the middle and how safe it is from man in the middle. In this case signal servers must be considered to be man in the middle.

The only system to trust is peer to peer with proven track record of sending encrypted data over public channels.

That’s PGP and Delta Chat utilizing PGP.

[–] JubilantJaguar@lemmy.world 2 points 6 hours ago (1 children)

If the client software is open source with reproducible build, then you don't need to care about what's running on the server. You will never have any means to confirm what's running on the server, because you don't control the server. That is why EE2E was invented.

[–] andylicious1337@lemmy.world 1 points 5 hours ago (1 children)

but if this is your argument, you could also say that Telegram is good because their client can also be built from their open source. of course you have to activate e2ee on a 1-1 chat first...

[–] JubilantJaguar@lemmy.world 2 points 5 hours ago (1 children)

If the E2EE is enabled and the client software source is available and reproducible, then, indeed, it could be called Telegram or anything else, it doesn't matter.

The particular issue with Telegram is, as you say, the default setting. And also that its encryption algo is not universally trusted.

[–] andylicious1337@lemmy.world 1 points 5 hours ago (1 children)

ok but if the source of the server is not know, how can the client be save?

I know how e2ee works but couldn't a bad closed-source server still be a problem?

btw. not trying to call you out, I just really want to know, cuz I cant get my head around it 🙈🙊

[–] JubilantJaguar@lemmy.world 1 points 4 hours ago

The message is encrypted using a key. The key exchange was done over a direct secure channel to the other client, in much the same way as you connect to your bank's website using HTTPS. The server therefore does not have the key and can only see encrypted text.

Assuming the client software has not been compromised at either end, then the server will never see anything other than garbled ciphertext.

BTW, this is also the case with Whatsapp, for example. But the problem with Whatsapp is that the client software is closed source. So you have to trust them not to, for example, surreptitiously phone home with a separate copy of your message. Very unlikely but you have no way to check when the client software is a black box.

But what's running on the server is not the issue in either case.