60
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 21 Jul 2023
60 points (95.5% liked)
Privacy
32142 readers
804 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
Telegram is neither private nor secure. Its not encrypted bu default. Normal texts as well as group chat is stored unencrypted on its servers.
For everyday use with friends, family and work (assuming these folks already have your number), Signal may be the best thing out there as its open source both on server and app levels. Signal is also end to end encrypted (E2EE) with decryption keys stored on device.
For anonymous communications Session and SimpleX may be better as they are both E2EE and doesnt requie a phone number as an identifier.
Just chuck out Whatsapp, Telegram and all the other closed sourced garbage apps.
What about Matrix?
Unless you want to run communities there I wont bother with it. I feel everything from setting up accounts (anonymously) to getting people to join, works better in SimpleX and Session. I'd even be happy using SimpleX as my everyday messenger. Matrix is a little clunky and the fact that all conversations get duplicated on the primary Matrix servers is cause for concern.
With Signal and SimpleX, servers are used only for relaying messages beteeen users - messages which are encrypted on the device.
In the end you are going to be sacrificing something, and the last thing you'd want to sacrifice is privacy and security.
If I was pushed to list my go to, it'll be Signal for chats with people I know: because its open source, battle-tested against adversities, and can be set up by anyone who understands how ro use Whastsapp / Telegram.
For communitties (and even as a daily text solution beteeen collaborators or anyone you dont want to exchange numbers with), I'd use SimpleX as it has a lot of in-built anonymity and decent privacy (so far - its a fairly new project).
Theres just too much fuzziness round Matrix for anyone to trust it.
And how decryption key gets to other device ๐?
It's a "basic" Diffie-Hellman key exchange that's been a solved issue since before mobile phones were even invented
[0]
.Think of it like this:
I give you a lock that only I have they key to open it. You can secure (read encrypt) any message with it by placing it in a box and locking it with my lock, send me the box and - because I'm the only person in the world with the key to open it, we can say you're sending me a secured (encrypted) message. It doesn't matter if anyone can intercept this lock because all they'll be able to do is send me secure messages from their inbox. Now, in the digital world this lock we're giving each other is a cryptographic "public key" that you can lock a million things with (messages, images, videos) and send them to me via the internet. We can thus exchange public keys and securely message each other.
I've simplified it a lot, as Signal actually uses something called the "Extended Triple Diffie-Hellman" (X3DH)
[1]
, but I hope this explains how it works. You can read more about it here[2]
[0]
https://studybuff.com/when-was-diffie-hellman-key-exchange-invented/#When_was_Diffie-Hellman_key_exchange_invented[1]
https://www.signal.org/docs/specifications/x3dh/[2]
https://security.stackexchange.com/questions/45963/diffie-hellman-key-exchange-in-plain-english