this post was submitted on 05 Dec 2024
185 points (97.9% liked)

Cybersecurity

5923 readers
210 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Zachariah@lemmy.world 7 points 1 month ago (1 children)

There are many where the server owners can see the messages, just not anyone else between the sender and receiver.

Threema and Signal are good options that don’t do this.

[–] breadcat@sh.itjust.works 3 points 1 month ago (1 children)
[–] Zachariah@lemmy.world 1 points 1 month ago (2 children)

Signal being an American company is also problematic.

These two are the best balance of security/convenience, however.

[–] breadcat@sh.itjust.works 2 points 1 month ago (1 children)

server location and legal jurisdiction shouldn't matter for any truly secure messenger

[–] Zachariah@lemmy.world 0 points 1 month ago (1 children)
[–] breadcat@sh.itjust.works 4 points 1 month ago (1 children)

if a messenger is truly 0 trust end to end encryption, it doesn't matter who owns the servers or the legal protections of data because they won't have any data anyway. that's why signal is so good, when they get subpoenaed the only information that they actually have is the last connection and message sent unix times or something. still secure regardless of being in the US and being run on centralized Amazon, google, and cloudflare servers.

[–] Zachariah@lemmy.world 2 points 1 month ago (1 children)

Then the jurisdiction of software development matters. Don’t want a back door being forced into an update by the FBI.

[–] Supernova1051@sh.itjust.works 1 points 1 month ago

The FBI can't just force them to add malicious code. A bad actor could try to contribute bad code, but Signal's devs would likely catch it.

[–] Anticorp@lemmy.world 2 points 1 month ago (1 children)

You can create and run your own Signal server if you don't trust Signal.

[–] Zachariah@lemmy.world 2 points 1 month ago (1 children)

Interesting. Are the server and client open source? Is a self-hosted server interoperable with the main ones?

[–] Supernova1051@sh.itjust.works 2 points 1 month ago

Signal is completely open source and auditable by anyone: https://github.com/signalapp

if you were to create your own clone, it would not interoperate with the real one.