this post was submitted on 21 Sep 2021
50 points (100.0% liked)

Asklemmy

43912 readers
1036 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

I'm using Signal, but after I found out that it's not as privacy-friendly as it claims, I'm uneasy about sharing my address there. I trust the person who asked for my address, but not the service. What's a safe way to share? I was thinking of something like a self-destructing pastebin, but surely you have better ideas.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] dessalines@lemmy.ml 8 points 3 years ago (3 children)

Pretty much everything about it is unverifiable, because its a centralized service and you ultimately don't know what the server is running. Contrast that with self-hostable apps which must pass verifiability checks, because people can host their own instance.

[โ€“] ancom@lemmy.ml 33 points 3 years ago (1 children)

Clients are open source. Independent clients exists and they work. So the server must kind of do what signal claims, otherwise those devs would notice.

[โ€“] dessalines@lemmy.ml 4 points 3 years ago (2 children)

You have no idea what the server is running. It has your phone number, ie your real name and address, and it knows who you sent messages to.

[โ€“] Trapping5341@lemmy.world 34 points 1 year ago (1 children)

But it doesn't though. That information has been subpoenaed from signal in the past. They don't have access to it to give. This is public information.

[โ€“] ironsoap@lemmy.one 13 points 1 year ago* (last edited 1 year ago) (2 children)

As comment in thread points out, the subpoenaed info was essentially useless.

[โ€“] Trapping5341@lemmy.world 11 points 1 year ago

Yeah that's exactly my point. Other guys was listing all these things the signal has stored but they really just don't want access to any of it.

[โ€“] gon@lemmy.world 1 points 1 year ago

IDK if this an issue on my app specifically, but it looks like you put the wrong things in the parentheses there.

[โ€“] 9tr6gyp3@lemmy.world 12 points 1 year ago* (last edited 1 year ago)
[โ€“] shrugal@lemmy.world 29 points 1 year ago* (last edited 1 year ago)

This is suspicion on the level of "you can't be sure reality didn't just pop into existence 10 seconds ago". You can never be 100% sure of what others are doing on their hardware, or of anything really, especially if other people are involved. Your chat partners could leak all your chats and metadata for all you know!

What we do know is that Signal is operated by a non-profit foundation, their client and protocol are open source and considered the gold standard for privacy by pretty much every expert on the subject, they had multiple independent audits and a very good track record, they were subpoenaed and couldn't comply because they didn't have the requested data. That's about as good as you can get.