202

out of the loop, what's the problem with signal? (lemmy.ml)

submitted 1 month ago* (last edited 1 month ago) by Nuvalon@lemmy.ml to c/privacy@lemmy.ml

165 comments fedilink hide all child comments

i've just seen a comment in a post, in this very community, saying people trust signal because of missinformation (from what i could undertand).

if this is true, then i have a few questions:

-what menssaging app should i use for secure communications? i need an app that balances simplicity and security.

-how to explain it to my friends who use signal because i recomended?

-what this means for other apps in general?

you are viewing a single comment's thread
view the rest of the comments

[-] sefra1@lemmy.zip 23 points 1 month ago

Like many said, signal is centralised and requires a phone number.

Meaning it's not anonymous and the server owners can technically sell your metadata, not the content of the messages but who talks to who, what time, the length of the chat/call etc.

Either-way having to use a phone number to register an account, for me is not acceptable for several reasons besides privacy and metadata.

On top of that, the server side of signal isn't free software (as in freedom), which means that the whole program requires non-free (as in freedom not beer) network services in order to work. Which isn't acceptable for free software advocates.

Alternatives:

Simplex: If you don't require voice calls there are more options available there are many text messages, but very few support calls, which for me is a critical feature.

In theory Simplex is the best, it's e2ee, quantum resistant, each chat (message queue) is it's own "account", each "account" is just a private key, and you can switch servers with the tap of a bottom, it also supports private routing, which from what I understand is like some sort of onion routing between simplex servers.

Hosting your own server is also extremely easy, (tho note that running your own server can actually be detrimental to privacy depending on your threat model), supports calls, group chats and all the features I would ever need.

Unfortunately at least for me and my contacts, SimpleX it's terribly buggy, specially on phone, literally tonight I missed the opportunity to be with a friend because I only saw the message one hour late.

Very often messages just stop being received until the app is restarted, usually I have my friend send me a message via other (centralised) app in order to warn me that he messaged me, I also do the same for him. After restarting the app it usually works fine for a while until it does it again. And needs restarting again.

On top of it, it's taking more and more time to get the first message when in background even during normal operation, tho I blame Samsung for this one and not Simplex, and understand that Simplex doesn't use push notifications for improved privacy, but it has become a real problem, what used to take 5 minutes now sometimes takes more than half an hour. Maybe my phone is overloaded, idk.

Calls could be improved too, takes several tries for it to actually work, and it doesn't help when the other person calls me back and I call them at the same time.

On top of it, the volume of a call seems very quiet compared to a normal phone call and it's very hard to hear the other person, I'm guessing a simple compressor DSP could fix this.

Unfortunately also has been news of Simplex planning to enshittify the app with cryptocurrency, something that I politically and morally oppose.

Session:

I've used it for a month years ago, before I knew about SimpleX, whatever technical merits it may or may not have, (and from what I understand it's privacy is still below SimpleX) it relies on some cryptocurrency network in the background, so I won't use it. Self-hosting it also seemed to me no easy task, but I could be wrong.

Jami:

Never got it to work.

Matrix:

I haven't tried Matrix yet, I think I read long ago that calls aren't e2ee tho that may have changed now. I also read that Matrix leaks a lot of metadata which can be a problem. Maybe not if you self-host, but self-hosting comes with it's own privacy problems. Maybe I should research it again and try to self-host it and see how it goes.

So as bad as Signal is, I can't give you a working alternative, I put all with Simplex despite all the bugs but I don't think most people are willing to go though it, however if you (and your contacts) have a high end phones maybe it works better. But it's not something I can recommend.

[-] GaumBeist@lemmy.ml 13 points 1 month ago

Just looked at Session, and holy shit is that a massive downside...

From their own whitepaper:

Through the integration of a blockchain network, Session adds a financial requirement for anyone wishing to host a server on the network, and thus participate in Session’s message storage and routing architecture.

So you have to pay to self-host, and that's somehow an upside???

This staking system provides a defence against Sybil attacks by limiting attackers based on the amount of financial resources they have available.

Which is a fine explanation in a world where everyone has a relatively equal amount of wealth. This is the epitome of dunning-kruger economics: a little knowledge is a dangerous thing.

Firstly, the need for attackers to buy or control Session Tokens to run Session Nodes creates a market feedback loop which increases the cost of acquiring sufficient tokens to run large portions of the network. That is, as the attacker buys or acquires more tokens and stakes them, removing them from the circulating supply, the supply of the Session Token is decreased while the demand from the attacker must be sustained. This causes the price of any remaining Session Tokens to increase, creating an increasing price feedback loop which correlates with the scale of the attack

So the more nodes a single entity holds, the harder it becomes for other entities to buy nodes and break the monopoly? Did you take 3 seconds to think this through???

Secondly, the staking system binds an attacker to their stake, meaning if they are found to be performing active attacks, the underlying value of their stake is likely to decline as users lose trust in the protocol, or could be slashed by the network, increasing the sunk cost for the attacker.

"Assuming every user is a perfectly rational actor, malicious actors would be shunned. This is somehow due to the economic incentive, and not just how humans operate when they're assumed to be perfectly rational."

Also: malicious actors when they find out they might lose their money if they get caught: "welp, I better not do that then. Thanks laissez-faire capitalism!"

Jesus christ fucked on a pike, these dipshits really drank the crypto kool-aid, huh?

load more comments (10 replies)

this post was submitted on 20 Mar 2026

202 points (90.4% liked)

Privacy

48165 readers

493 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS