6
Using Signal groups for activism (micahflee.com)
submitted 1 month ago by poVoq@slrpnk.net to c/inperson@slrpnk.net
9 comments fedilink hide all child comments

I am personally not a big fan of using Signal for various reasons, but this seems like a good guide if you have no better options easily available.

you are viewing a single comment's thread
view the rest of the comments
[-] SweetCitrusBuzz@beehaw.org 2 points 1 month ago

The latest version of that encryption adds features that are beyond what Signal does.

Do you have a link that explains them in an easy to understand way as I'm very interested in what those are.

And there is a method to cross-sign keys that makes verification quite easy, but it comes with other trade-offs.

What are the trade-offs?

Also, would be nice to have that in all clients.

Of course if you have many servers there will be a variety of different ones. As I said there are trade-offs. Still better though than having only one single option that is under one of the worst possible jurisdictions.

I'm still not jurisdiction matters if the encryption is good enough, but maybe. Do you have any recommendations for good servers?

Edit: you don’t need to do that, there is TOFU for that, and that is entirely sufficient for larger groups where trust is necessarily limited anyways.

I'm not sure if TOFU is in all clients, but yeah, I'm aware of it, still don't fully trust TOFU, but it's good enough, I suppose. Fair about big groups, I tend not to like those anyway, so I guess it doesn't matter.

I think the only thing that XMPP is missing, like similar projects is easy to use, well encrypted group calls, or maybe even well encrypted one-to-one calls, I could be incorrect about that though.

[-] poVoq@slrpnk.net 2 points 1 month ago

Omemo >8.x has some encapsulation of metadata. I am not aware of an easy article about it though. Arguebly this is adding something similar to what Signal partially achives with work-arounds only possible due to their centralized infrastructure and single app only architecture, but doing that in the encryption layer is ultimatly the better approach.

Cross-signing of keys ultimatly outsources trust to someone else. From a security perspective having to manually verify each key yourself is the best way. Cross-signing is a bit controversial in xmpp developer circles as a result, because many think it adds a lot of internal complexity while being only marginally more secure than TOFU.

I don't think I can give you any recommendations for good servers, as it is very context specific. Jurisdiction is IMHO among the most important issues, because even if your encryption is water-tight it doesn't help you much if the provider can be coerced into tracking you or can be easily shut down and replaced with a honeypot.

As for calls: the popular xmpp mobile apps do have well encrypted peer to peer calls. Currently most are limited to 1:1 calls, but some others are experimenting with small group calls as well (currently only Dino, Movim and Libervia support these).

[-] SweetCitrusBuzz@beehaw.org 3 points 1 month ago

Thanks so much for the information!

this post was submitted on 03 Sep 2025
6 points (100.0% liked)

In Person Activism

721 readers
8 users here now

"Power wants your body softening in your chair and your emotions dissipating on the screen. Get outside. Put your body in unfamiliar places with unfamiliar people. Make new friends and march with them." -Tim Snyder

A community for sharing information about ways to get involved with real world activism to make the world a better place.

Spend less time arguing about politics on the internet. The world is in trouble. Get out there and try to help.

founded 2 years ago
MODERATORS
auk@slrpnk.net