I don’t know if I’m opening a can of worms here, and I’m still trying to backtrack a lot of history where I was tuning everything out. I keep seeing random swipes at Signal (or the representatives (?)), and I was wondering whether they are founded or just lies.Is it another situation like Lemmy where we just “take the technology and move on”? Thanks!

  • salarua@sopuli.xyz
    link
    fedilink
    arrow-up
    107
    arrow-down
    2
    ·
    2 days ago

    Different people don’t like it for different reasons. Some people don’t like it because they think it has CIA financial backing (nope), and some people don’t like it because it requires your phone number, therefore it is not private (the privacy it provides is more than sufficient for anyone not actively being persecuted by a Five Eyes state), and some people don’t like it because it feels corporate (it’s a 501c3 nonprofit, and how corporate it feels is subjective).

    • lars@lemmy.sdf.org
      link
      fedilink
      arrow-up
      1
      ·
      3 hours ago

      Signal likely does not have

      CIA financial backing

      But this is the kind of information that can be only dispositive.

      That is, because we cannot prove a negative, and the only time you can be certain about whether an organization—especially one like the CIA—has provided funding for something, is after it has been proven.

    • AtHeartEngineer@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      16 hours ago

      Accurate. And if you are being targeted by 5 eyes, your phone is probably fucked, one app vs another probably won’t make a difference

      • boonhet@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        12 hours ago

        If you ARE targeted by 5 eyes, you’d probably want to not be using your phone for communications, but Signal sorta requires you to, even if there’s a desktop client.

        However, I don’t presume to know what would be the best option. SimpleX maybe, as the servers don’t keep messages? Otherwise, I use Matrix because it’s a lot more common and very easy to set up your own homeserver. However, again, if I had to hide something from a 5 eyes threat actor, they’d just find some vulnerability in my server config or, hell, maybe they can somehow sneakily get root access through the VPS provider itself, as I’m not hosting on my own hardware.

        Honestly, meeting in person might be the most private solution if you’ve got that kind of a threat model.

        • Lumisal@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          7 hours ago

          If you’re being targeted by 5 eyes and you and your group don’t know enough about tech to set up your own local communication servers or going serverless / not using internet, you’re already caught or known about

        • irelephant 🍭@lemm.ee
          link
          fedilink
          arrow-up
          3
          ·
          11 hours ago

          Signal doesn’t keep messages on their servers either. The only data they have on you is your phone number and the unix time you made your account in.

          • boonhet@lemm.ee
            link
            fedilink
            arrow-up
            2
            ·
            11 hours ago

            How do you know that?

            It’s what happens in the publicized source code, yes, but how do you know that’s what’s running in their servers? How do you know that all requests aren’t saved?

            Luckily Signal has e2ee and client side code is easy to verify, so they’d only have access to encrypted messages anyway, but if you’re talking state level actors of the highest caliber, they might be able to crack Signal’s encryption eventually.

            Look, I’ll agree that Signal is probably secure enough. It’s definitely secure enough for me, I only run Matrix as a hobby because I like decentralization, my Matrix server is probably less secure than Signal. But I’m just saying we can never know for sure what code is running in THEIR servers, therefore we can never trust is 100%.

              • boonhet@lemm.ee
                link
                fedilink
                arrow-up
                2
                ·
                10 hours ago

                And I hope for sure that they’re never quietly forced to change that.

                But again, if there were 3 letter agencies and gag orders involved with Signal, they probably wouldn’t give regular law enforcement or courts any of the data they have.

                Really, my only problem is that with a centralized service, there’s no way to ever know for sure. There’s luckily no evidence of anything nefarious happening at least.

                  • boonhet@lemm.ee
                    link
                    fedilink
                    arrow-up
                    2
                    ·
                    7 hours ago

                    In an ideal world we also wouldn’t have to worry about communications being listened in on lol

                • AtHeartEngineer@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  7 hours ago

                  The code is open source, people look at the code, I’ve dug through their code a fair bit. It wouldnt be quiet, and it would take major code rewrites, it would be pretty obvious

    • Em Adespoton@lemmy.ca
      link
      fedilink
      arrow-up
      68
      ·
      2 days ago

      And some people don’t like it because it used to handle SMS on Android, and they removed that feature for security reasons.

        • zergtoshi@lemmy.world
          link
          fedilink
          English
          arrow-up
          32
          arrow-down
          3
          ·
          2 days ago

          Handling SMS and handling secure/encrypted messages could’ve made people think they communicate securely while relying on text messages instead.
          Not handling SMS fixes this source of confusion and I applaud their decision.

          • Brad@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            22 hours ago

            There were ways to make it clear that it was insecure that didn’t alienate an arguable majority of their casual userbase.

          • AFK BRB Chocolate@lemmy.world
            link
            fedilink
            English
            arrow-up
            19
            arrow-down
            2
            ·
            2 days ago

            The problem is that most people don’t want multiple text apps, they just want one. I had gotten a number of people using signal, and it was secure when we talked, but when signal dropped SMS, almost every one of them stopped using it, so then none of their conversations were secure.

            • zergtoshi@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              2 days ago

              Yeah, the never-ending weighting between convenience and security.
              But are you going to tell me that those people don’t have Whatsapp, Threema, Telegram or any other IM installed and just use plain SMS instead?

          • Acamon@lemmy.world
            link
            fedilink
            arrow-up
            10
            ·
            1 day ago

            I think the number of people who care deeply about privacy and cannot tell the difference between an sms or signal message is minimal. There were plenty of ways signal could have highlighted DANGER UNSECURE CHANNEL if they had wanted to, or made it an off-by-default option, rather than drop SMS entirely. For myself and many other people it meant that family members dropped Signal rather than have an extra messaging app, and so I’m still stuck with WhatsApp on my phone…

          • guy@piefed.social
            link
            fedilink
            English
            arrow-up
            6
            ·
            1 day ago

            If only the was some indicator for unsecure messages, such as a grey send button and an open padlock. 🙄

            • zergtoshi@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              2
              ·
              1 day ago

              And you seriously think most people would look at and act on such an icon instead of just ignoring it?

              • voracitude@lemmy.world
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                21 hours ago

                Or just accept that not everyone will be having a secure conversation every time at first, but more will be secured as more and more people like me convince our family members to use it and eventually we transition everyone away from SMS?

                No, of course not, why would we build a critical mass of users like that?

                Since they removed SMS support almost my entire family and my friends uninstalled signal, except a few who keep it to talk to me, and my half dozen friends privacy-conscious enough to care. Dozens of people, down to eight if you don’t count me, in my circles alone. Objectively, removing SMS support harmed Signal’s popularity and made everyone less secure. The argument for why they did it was at best myopic and also, in my opinion, utter bullshit.

        • kn33@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          2 days ago

          It was very unpopular with my girlfriend, who I had just gotten into using Signal a few months prior.

      • ERROR: Earth.exe has crashed@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        2 days ago

        This might be offtopic but:

        Fun Fact, you can use an open source app like Secure Space Encryptor (SSE) (on iOS its called “Paranoia Text Encryption”) to convert any string of text into a encrypted ciphertext, and you can then copy-paste that ciphertext and send it over any medium, like SMS, without the internet. (Most encrypted messaging apps require you have to have internet AFIAK, so people without a data plan is fucked, but with SSE, you can just send ciphertext over SMS) Its not intergrated with SMS, so you’ll have to type plaintext in the app then copy paste the ciphertext it spits out.

        Or you can also PGP over SMS

        I remember when Signal used to intergrate with SMS, and I kinda liked that more than the Signal today where you have to use the internet and go through their servers.

    • felixwhynot@lemmy.world
      link
      fedilink
      arrow-up
      9
      ·
      2 days ago

      Some people don’t like that they attached a crypto wallet to the app. I couldn’t care less and use the messenger daily!

      • guy@piefed.social
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 day ago

        I don’t care or use it either, but I haven’t seen a single use case for that wallet nor mobilecoins. Does people actually use it and for what?

        • felixwhynot@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          15 hours ago

          My friend sent me some MOB coins mainly because he could attach messages with the transactions. So no idea what it’s really used for

    • wildbus8979@sh.itjust.works
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      2 days ago

      I don’t think I’ve ever seen people say it has CIA financial backing. It did however until only a couple of years ago have strong ties to the State Department’s Open Tech Fund (from the same financial envelope that brings you RFA/RFE/VOA).

      • Snot Flickerman@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        25
        arrow-down
        2
        ·
        2 days ago

        The main developer of Lemmy seems to think there’s a solid connection. I’m not jumping in that fight, I got no dog in that fight, I don’t have that kind of threat model.

        https://dessalines.github.io/essays/why_not_signal.html#cia-funding

        However, considering he’s openly Marxist, he may be just slightly biased.

        I suspect OP of this post actually saw the recent /c/Privacy thread over at lemmy.ml where Dessalines was proselytizing against Signal while not seeming to have a problem with SimpleX chat being funded by a group of Venture Capital investors, including Jack Dorsey.

    • lapping6596@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      2 days ago

      I understand why, but I get annoyed that I can’t integrate it into ferdium with my other things like discord, e-mail and calendar.