Is Briar any good?
this post was submitted on 07 Feb 2025
342 points (98.9% liked)
Technology
61850 readers
2178 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
I currently use Telegram for my friends and family
Telegram is probably the worst thing you could use, it doesn't encrypt messages by default and they are stored on Telegram's servers, so they can read them at any time.
I'm also on Element/Matrix. Before I try to get my contacts to join me on there, should I be aware of any privacy issues
Yes, Matrix leaks a bunch of metadata and doesn't have post-quantum encryption.
The best option is to use Signal. It uses end-to-end encryption by default for everything: Normal chats, group chats, voice and video calls and even stories. Messages are only stored on their servers (in encrypted format, so they can't access them) until you receive them, after which they are promptly deleted and only stored on your device. And Signal has much better metadata protection than Matrix. The UX is also much better and less confusing, making onboarding new users much easier.
But you should also be aware that Signal does not federate, so the company can be bought. They have control over all accounts and the servers, without easy way to migrate away again. So it might just be another trap.
Try to use federated services (like matrix), they are more robust against hostile take overs.
Shortcut question: What's a workable federated e2ee solution that's available today? Quantum secure? Metadata secure?
so the company can be bought
The company (Signal Messenger LLC) is fully owned by Signal Foundation, a 501(c)3 non profit organization.
Try to use federated services
I generally like this idea, and I also use federated services for things like social media, that's why we're having a discussion here on Lemmy. But it introduces some issues with private messaging, like lack of reliability, which sucks if you want to use Matrix as your primary messenger, as well as metadata leaks. Federation is not always the answer, and in my opinion definitely not when it comes private and secure messaging.
they are more robust against hostile take overs
Probably around 80-90% of Matrix users are on the matrix.org homeserver, so it's absolutely not as decentralized and resilient as you think it is.
The company (Signal Messenger LLC) is fully owned by Signal Foundation, a 501(c)3 non profit organization.
OpenAI is also non-profit. Not really an argument.
Probably around 80-90% of Matrix users are on the matrix.org homeserver, so it's absolutely not as decentralized and resilient as you think it is.
Well, the goal is that moving to your own server, will not mean that you will loose access to all your contacts. Which makes moving instances much simpler. If Matrix gets a hostile take-over, your don't really need to reach a critical mass for an alternative server.
At least (to my knowledge) the Signal messages are decrypted on the client end, so buying the company doesn't give them automatic access to messages.
Having said that, I'm sure a hostile new owner could update the app to decrypt and then send the messages as plaintext to the servers if they wanted..
Well, you can still insert client side decryption into the app.
But it isn't really about the messages, it is about the control of the servers and the accounts. You cannot easily move away from their servers, because you will lose your contacts. This gives the people controlling the servers power over you. A sort of vendor lockin.
In the 1990s US ISPs would "give you" an e-mail account with their service: you@isp.com. Of course, this is insta-lockin for that e-mail address, you can never port it.
Owning your own domain name and running e-mail service through that worked, for a few years, but the big players have made whitelist / blacklist such a frustrating whack-a-mole game in the e-mail space that running your own e-mail server quickly became impractical.
Well, you can still insert client side decryption into the app.
That's why all clients are fully open-source. You can also use a fork like Molly.
AFAIK, Signal does not want anyone to use alternative clients, has that changed?
As far as I know moxie, signals lead dev, considers only the use of the officially build and distributed client authorized to use their servers.
So if they ever manage to detect someone using their services with an alternative client, they might delete your account.
telegram is not encrypted e2e
The most privacy focused messaging app I know is SimpleX Chat, it has no user IDs, is FOSS, e2e encrypted with an option to use TOR, give it a try!
Simplex was bubbling about implementing CSAM. Any client mentioning it is not safe, period... Child safety and hate speech is always an excuse for tolitarian regimes ( sittenpolizei ) never a true approach for solving the issue ( child safety )
I have no idea about this, but as of now anyone can register.
For reference, CSAM is Belgium's government portal and a system of login, as far as I know, so I assume it would be used to check if someone is a minor at the time of registration
Child safety is important but implementing this would kind of defeat the purpose of a privacy focused app.
I agree that just gatekeeping children and therefore verifying everyone with a government platform, but then it raises the question on how to improve child safety on an app that's self-hostable with not even user IDs to identify the users?
I don't have an answer to that, but I don't like just saying "This solution is bad", I always try to add "So try this instead, because XXX"
+1 for SimpleX
hello beautiful people of lemmy I'm excited to make my first comment in here
so I wanted to ask: considering that WhatsApp is a big threat to privacy and even worse because of google and iOS backups, how big of an improvement would it be not using it and using the secret chat option in telegram instead? That would solve the issue wouldn't it? As far as I know the concern is with normal non encrypted conversations and the groups channels and all those.
I would love to use signal with everyone but where I live it seems that there is 0 worries about the topic so I only use it with my more "international" people. The most I can get is probably to use telegram E2EE.
Hello and welcome to the Fediverse.
Telegram's secret chat's encryption algorithm is made by Telegram themselves, which is already a red flag. You generally don't want to roll out your own encryption algorithm if you aren't cryptographers, which Telegram people aren't. Their MTProto is also not proven, so you'd rather not want to use it.
Here's a blog entry about their MTProto: https://web.archive.org/web/20180420061726/http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
Telegram is the worst kind of "secure" messaging in that it gives you a false sense of security while not really being secure.
My response to the body of this post is https://www.privacyguides.org/en/real-time-communication/
This might address the URL of this post (I've never interacted with "iCloud" so I don't necessarily know what would be a good replacement for it): https://www.privacyguides.org/en/document-collaboration/
Telegram is the least secure thing there is. Not only it's complete zero effort security, it's also much above zero effort to advertise itself as almost secure. Not a good combination as you know.
The biggest issue with Matrix is that the server collects ALL the metadata. If that's your server, that's fine. If thats the default matrix.org server that almost everyone uses, you might as well be using WhatsApp. Same thing goes if any of those people are conversing with people on your server, as they will store all redundant metadata on their server as well.
Signal is easier to use, more private, and faster.
load more comments
(43 replies)
I’ve honestly found signal better than matrix.
Matrix is just not there yet in terms of features UI etc and is less private than signal because it collects way more metadata and stuff. I know the idea of federation is cool, but Signal works better for the privacy aspect.
load more comments
(12 replies)
view more: next ›