It doesn’t have to be “real weird shit” though for it to be a problem, coordinating about protests or other political activism on Signal is sketchy because of the phone number requirement, and just having your phone number be associated with another suspect phone number from inferred conversations is enough to potentially get you in trouble. Or if some national anti-abortion or anti-LGBTQ law happens and they put serious effort into enforcing it, activity on Signal, which is not anonymous, could be used against you and people you had conversations with. Yet I’ve seen multiple groups who shouldn’t be using Signal use it anyway and people thinking they’re anonymous on the platform because it keeps getting recommended. SimpleX and Cwtch have weaknesses also, but both of them take anonymity more seriously than Signal does.
In the blog posts I read where the author, a security engineer, audited and/or reported vulnerabilities with two E2EE chat protocols commonly recommended as Signal alternatives–Matrix and XMPP–both had implemented half-baked solutions or refused to solve the issue at all in some regards, and both had evangelists that gave dismissive responses. The XMPP chud dev gave a laughably childish response, and the Matrix dev even admitted the team being aware of the olm vulnerability and deliberately refused to fix it for years. Not that Signal cultists are any better and not negating the legitimate security and trust issues with the Signal platform, but Signal is still a decent platform for most people’s threat model, though it would be nice if there was an alternative that could compete with Signal to recommend to most people instead. If you care about metadata resistance and your threat model involves high stakes if your assets are compromised, the blog author suggests Tor-based solutions such as Cwtch and Ricochet Refresh.
I would encourage you to think critically about the nonsense being shared here. Do some research and read about people who actually know things about security and you’ll find a common pattern: basically all of them hold Signal up as a gold standard in privacy and security.
I hear signal is not a good alternative. What is a good one, then?
I imagine Signal is probably fine unless you’re doing some real weird shit.
It doesn’t have to be “real weird shit” though for it to be a problem, coordinating about protests or other political activism on Signal is sketchy because of the phone number requirement, and just having your phone number be associated with another suspect phone number from inferred conversations is enough to potentially get you in trouble. Or if some national anti-abortion or anti-LGBTQ law happens and they put serious effort into enforcing it, activity on Signal, which is not anonymous, could be used against you and people you had conversations with. Yet I’ve seen multiple groups who shouldn’t be using Signal use it anyway and people thinking they’re anonymous on the platform because it keeps getting recommended. SimpleX and Cwtch have weaknesses also, but both of them take anonymity more seriously than Signal does.
https://lemmy.ml/comment/15999861
In the blog posts I read where the author, a security engineer, audited and/or reported vulnerabilities with two E2EE chat protocols commonly recommended as Signal alternatives–Matrix and XMPP–both had implemented half-baked solutions or refused to solve the issue at all in some regards, and both had evangelists that gave dismissive responses. The XMPP chud dev gave a laughably childish response, and the Matrix dev even admitted the team being aware of the olm vulnerability and deliberately refused to fix it for years. Not that Signal cultists are any better and not negating the legitimate security and trust issues with the Signal platform, but Signal is still a decent platform for most people’s threat model, though it would be nice if there was an alternative that could compete with Signal to recommend to most people instead. If you care about metadata resistance and your threat model involves high stakes if your assets are compromised, the blog author suggests Tor-based solutions such as Cwtch and Ricochet Refresh.
This better not be a “computers received pentagon funding when the first Vaccum tubes were being made”.
Signal is an excellent choice. Literally forces cops to get a warrant for your phone and hope you didnt purge your messages after a few days.
If you want anonymity on top of that than simplex
I would encourage you to think critically about the nonsense being shared here. Do some research and read about people who actually know things about security and you’ll find a common pattern: basically all of them hold Signal up as a gold standard in privacy and security.
Depends on your threat model. Signal is fine if you just want to communicate with average joe. If you want something more anonymous look into secureX,
Matrix, simplex, xmpp.
Signal is an excellent alternative if you’re looking for an E2E encrypted SMS replacement your grandmother can use.
Where are you hearing this?