This is kind of useless fear-mongering suited to no one's threat model.

Are messages truly E2EE and they don't share meta data? Yes? Then you're fine. It needs a phone number for registration? OK, well buy a burner SIM card (you of course have several, right?) to register it if you're that worried. Because if you're already at a level where you're THAT concerned about your phone number pinging for using a widely popular messaging app, then you have lost the game by even having a phone or sending messages to other humans who are the weakest link in the security chain anyway.

Considering that the Feds tried to make some government-compliant front end for Signal for idiot Hegseth to use to talk about national security stuff with the Vice President, I'd say that it's probably fine for you to buy weed or whatever.

Private and anonymous are different things. While anonymity does increase privacy, it is not a strict requirement. So it this private, but not as private as possible.

The best private messenger IMO is simplex, but it not production ready yet

Signal is the gold standard of secure messengers. If you're looking for decentralized go with xmpp and/or matrix.

Right now, for the wider population, it it a heaven sent option compared to Whatsapp, FB messenger etc. Break those bonds first and keep the wheel turning.

Depends on your threat model, as always. If you require absolute anonymity, it's tricky, because it uses phone number during the onboarding process, so get an anonymous pre-paid number and discard it after registration. After onboarding you don't need the number.

For the rest, it's about as "private" as you make it. It supports group messaing, calls and video, so obviously you need to be careful while using it. Everything is e2e encrypted and stays on your local device, the source is available and has been extensively audited. The company itself is non-profit and has sensible privacy policy.

But yeah, your threat model is the key answer to your question

Blog post about Threema that changed my mind against it: https://soatok.blog/2021/11/05/threema-three-strikes-youre-out/

you have to register with your phone number.

But you dont have to give your phone number out to friends or peopole you meet.

Some family members use Molly-Foss and have no issues.

I use signal-foss from the Twin helix repo, A fork of Signal with proprietary Google binary blobs removed..

https://www.twinhelix.com/apps/signal-foss/

Signal from the F-droid - The guardian project repo, is just signal.

I read that the issue was with signal using google firebase, and that it was easier for the fascist piglets to track your messages through notifications.

I have found that you can actually delete a contact via molly but cannot do it via signal.

With signal you can only block a contact, which for me, is a privacy issues.

If I meet a random person, say on holiday, and we swap details, I want to delete them, not block them, where they remain in my block list forever.

I swap between Signal-FOSS and Molly if I want to delete a contact.

crazy that no one's posted the dessalines article yet https://github.com/dessalines/essays/blob/main/why_not_signal.md

EDIT: just to have it here in case anyone even cares, i put my thoughts on the essay later on in the thread

Secure and private or anonymous are very different things and nearly impossible to do both at the same time and still make it user friendly. Signal is secure, not fully private or anonymous.

Imo signal protocol is mostly fairly robust, signal service itself is about the best middle ground available to get the general public off bigtech slop.

It compares favorably against whatsapp while providing comparable UX/onboarding/rendevous, which is pretty essential to get your non-tech friends/family out of meta's evil clutches.

Just the sheer number of people signal's helped to protect from eg. meta, you gotta give praise for that.

It is lacking in core features which would bring it to the next level of privacy, anonymity and safety. But it's not exactly trivial to provide ALL of the above in one package while retaining accessibility to the general public.

Personally, I'd be happier if signal began to offer these additional features as options, maybe behind a consent checkbox like "yes i know what i'm doing (if someone asked you to enable this mode & you're only doing it because they told you to, STOP NOW -> ok -> NO REALLY, STOP NOW IF YOU ARE BEING ASKED TO ENABLE THIS BY ANYONE -> ok -> alright, here ya go...)".

They have your phone number but that's really all they have.

Some people say Bozos can read your metadata because it's hosted on AWS servers but I don't believe that.

With the phone number, no; and since there's no Signal usage without a phone number, well…. Also, I think somewhere on their website (or some place) they talked about burner phones as if it's a universal phenomena.

Signal has felt "out of place" to me. Odd. It doesn't fit in, doesn't make sense if I think a bit farther about it.

I hope something decentralised comes out of Signal protocol minus the need for a phone number.

Since we are on the topic of signal.. im not tech saviie but i have read lots of blogs and people about how secure is the signal protocol. My question is .. how can i be sure that the protocol is implemented as the open source code shows? Please correct me if im wrong but from what i read on their website the apk they provide has the capability to update itself at anytime. So what stops them to change how it works with an update? is it posible to build the apk yourself and stop the ability to update?

Signal is a stop gap measure on the way to simplex

It did its job of providing privacy of content but meta data a d KYCd phones was a honeypot. Glowies got their relationship heat maps which is really all they wanted.

Once they need content, they will brick your end point with million zero day back doors caked onto everything.

Pegasus cellebrite etc is now used against normal targets.

5 years ago you would have to be a national security concern for such royal treament

the metadata isn't

Anything that touches greed-incentivizing cr*ptocurrencies turns to shit. Use Matrix, XMPP, or Tox instead.

✍︎ arscyni.cc: modernity ∝ nature.