526
top 50 comments
sorted by: hot top controversial new old
[-] Churbleyimyam@lemm.ee 106 points 6 days ago

I can't imagine any messenger is private if you invite random people into a group chat 🤦‍♂️

[-] SatyrSack@feddit.org 57 points 6 days ago
[-] ReversalHatchery@beehaw.org 13 points 5 days ago

error: problem between keyboard and chair

but nowadays maybe it works better with screen

[-] mjhelto@lemm.ee 9 points 5 days ago* (last edited 5 days ago)

PEBCAK Problem Exists Between Chair And Keyboard!

Knew of an IT help desk employee who used this as a resolution in a ticket. Yeah, he got fired as soon as the customer looked up what it meant.

[-] freebase@lemmy.ml 4 points 5 days ago

Also known verbally as an "I. D. Ten T." error (id10t error).

[-] poVoq@slrpnk.net 9 points 5 days ago

The actual military grade (xmpp based) messengers implement security lables, meaning messages are tagged with the required security clearance and if you invite random people to a chat they can't see the messages.

[-] unknowing8343@discuss.tchncs.de 65 points 6 days ago

EVERYONE SHOULD DOWNLOAD SIGNAL for PHONE-NUMBER-based communication, tho. Proper RCS is not here yet (and won't be in a long while), so let's try to mobilize people to Signal.

DeltaChat is cooler for non-phone based communications, IMO, and decentralization makes it way sexier and worth this tradeoff.

[-] 9tr6gyp3@lemmy.world 20 points 6 days ago

Actually RCS has encryption in the new spec now, and we could see encrypted RCS messages implemented on iOS and Android within a year.

But even so, use Signal.

[-] Supernova1051@sh.itjust.works 42 points 6 days ago

RCS still leaks metadata like a sieve. Encryption, considering the platforms that exist today (Signal and SimpleX), should not be the minimum requirement. Plain-text messaging should not even be possible in modern secure messaging platforms. The platform should be open source and be engineered to mitigate the collection of metadata - like Signal and SimpleX.

load more comments (3 replies)
load more comments (1 replies)
[-] breadguy@kbin.earth 13 points 5 days ago

xmpp is like if deltachat was good

load more comments (7 replies)
[-] amanneedsamaid@sopuli.xyz 12 points 6 days ago

Isn't DeltaChat just PGP encrypted email? Could be wrong

load more comments (2 replies)
load more comments (8 replies)
[-] Jason2357@lemmy.ca 19 points 5 days ago

The exact reason why it's bad for top secret communications is why individuals should use it or something like it. That is government auditability.

[-] Evil_Shrubbery@lemm.ee 50 points 6 days ago* (last edited 6 days ago)

Signal is the place for top secret communications, but not for any government business, top secret or not (at least not when using a public instance - they could fork the project to keep decryptable records on gov servers where the official gov instance would run).

[-] florencia@lemmy.blahaj.zone 24 points 6 days ago

at least not when using a public instance - they could fork the project to keep decryptable records on gov servers where the official gov instance would run

All the people in the chat were high enough that the government for free provided them with secure rooms in their homes so everything would be done through government hardware and encryption programs.

[-] Evil_Shrubbery@lemm.ee 17 points 6 days ago

Yes, ofc, using Signal was intentional to not keep any records/evidence.

load more comments (1 replies)
[-] socsa@piefed.social 5 points 5 days ago

The protections for classified information are not just about information security. They are about physical and operational security as well. That's why s SCIF has a "two locks" policy, and requires things like 4" steel doors.

load more comments (1 replies)
load more comments (3 replies)
[-] liop7k@lemm.ee 20 points 5 days ago

What kind of private communication can we talk about if you must have a valid phone number to use Signal?! Lol

[-] danhab99@programming.dev 13 points 5 days ago

Signal recently implemented "usernames" instead of phone numbers

[-] liop7k@lemm.ee 18 points 5 days ago

But still, to use it, you need a phone number, which in many countries can only be purchased with a passport. That's the main rule. If privacy is really needed, personal identification should be excluded so that it's basically impossible to determine who owns the account.

[-] girlthing@lemmy.blahaj.zone 20 points 5 days ago* (last edited 5 days ago)

Pretty sure you still need a phone number for an account, though - the usernames are just for sharing your contact with other people.

Most peoples' phone numbers are easily linked to their identity. Which means the government knows who's using Signal.

Usernames are definitely an improvement, but this is a fundamental limitation in Signal's design.

load more comments (3 replies)
load more comments (1 replies)
[-] pathief@lemmy.world 6 points 5 days ago
[-] ikidd@lemmy.world 3 points 4 days ago* (last edited 4 days ago)

No, but it's easy enough to be both. There's a pile of IM packages out there that manage it.

Metadata is valuable info, look at what a pen register nets law enforcement and why it's the first step in an investigation. The idea that a messaging app that's supposed to be used for political action but the chain of association is visible and verified is absolutely suspect.

[-] pathief@lemmy.world 3 points 4 days ago

You say "easy enough" but there are some serious tradeoffs when removing phone numbers from the equation. My mom can use Signal without my help but she wouldn't be able to use SimpleX.

Signal is a fantastic middle ground messaging app that is secure enough for me to use and easy enough for my mom to use.

I also have SimpleX but I have exactly 1 contact there...

[-] HotCoffee@lemm.ee 15 points 5 days ago

Wherever Signal is mentioned, I shall mention SimpleX-Chat.

Zero user ID needed to use. No phone numbers and no username.

SimpleX-Chat!!!

[-] Jason2357@lemmy.ca 10 points 5 days ago

Out of band key exchange is great -as long as people can physically meet and exchange QR codes. In reality, they are often sent via less secure means. As always, the humans are the weakest security link.

[-] HotCoffee@lemm.ee 4 points 5 days ago

Fair point, it always feels dirty to send invite-link through WhatsApp, the dominant messenger in EU.

How would one go to solve the invite problem? How does Signal handle this?

[-] Jason2357@lemmy.ca 1 points 2 days ago

Phone number and trust-on-first-use for most people, with out-of-band fingerprint verification for the paranoid. It really depends on the threat model and the security practices/awareness of your colleagues, but a link shared on some social media or lower-security chat network is more vulnerable to a man-in-the-middle attack than a phone number for your average Joe. There are a lot of ways a person could get a manipulated invite link.

[-] Lychee@lemmy.ml 3 points 4 days ago

Finally someone who understands! Haven't found anything better. Just missing the bridging bit, though that comprises the privacy/security and overall personal opinion why I started using SimpleX.

UI-wise it isn't there yet, but actively being developed so. I miss posting photos (combined) with a comment, now they are all sent separately.

Anyhow if you are looking for privacy go for SimpleX!

load more comments (7 replies)
[-] girlthing@lemmy.blahaj.zone 15 points 5 days ago* (last edited 5 days ago)

Consider Briar.

Uses Tor. Works directly over Bluetooth/WiFi if the internet is censored or shut down. Decentralized, no accounts. No phone number required.

Of all the options available, I feel like this one is the best suited to current threats (oppressive governments with all-encompassing surveillance, and the willingness to destroy critical institutions and infrastructure).

The app is super barebones right now - feels like SMS - but it works. Main downside is that both participants have to be online at the same time (maybe group chats can work around this?), since there's no servers.

load more comments (5 replies)
[-] Korkki@lemmy.ml 23 points 6 days ago

I personally use carrier pigeons with caesar cipher. I know I can't out tech google, so I will go medieval.

[-] tVxUHF@lemmy.dbzer0.com 2 points 4 days ago

Consider upgrading to IPoA?

load more comments (1 replies)
[-] bushvin@lemmy.world 24 points 6 days ago

Considering the US government now owns Meta and thus WhatsApp, it’s an interesting case… why did they use signal?

[-] merde@sh.itjust.works 35 points 6 days ago

because "they" don't trust the people they "represent" and they want to avoid federal archives

they must know something about WhatsApp that we don't

[-] Zorsith@lemmy.blahaj.zone 28 points 6 days ago

There's nothing to know; facebook is facebook, and nobody trusts facebook for data security. Whatsapp is not, nor will it ever be, true end to end encryption, when facebook owns the locks and keys.

load more comments (1 replies)
[-] JubilantJaguar@lemmy.world 13 points 6 days ago

The government does not "own" Meta. Words have meanings.

load more comments (2 replies)
load more comments (2 replies)
[-] WhatSay@slrpnk.net 19 points 6 days ago

Signal is great, that's why I'm suspicious that this recent story is to not only target journalism, but also secure app communication. I wouldn't be surprised if it's used as an excuse to remove signal from the app stores.

Hopefully I'm just being too paranoid.

[-] shaggyb@lemmy.world 18 points 6 days ago

Immediately had that thought as well.

Don't blame the barn for not holding the horses when you leave the fucking door open.

[-] neon_nova@lemmy.dbzer0.com 12 points 5 days ago

I don’t think that’s the case, I just think it is old people not know how to use technology.

Additionally, all these people in power are using signal, how is that not a loud endorsement that everyone should be on it.

Sadly, my contact list remains mostly on WhatsApp and Facebook messenger only.

[-] Droggelbecher@lemmy.world 5 points 5 days ago

Anyone who uses Facebook messenger as their only messenging app will need to text or call me. Fuck that. I do, however, use WhatsApp and discord for work and uni group chats. If or when that's no longer the case, people who only use those will need to text me, too.

load more comments (2 replies)
load more comments (3 replies)
load more comments
this post was submitted on 27 Mar 2025
526 points (96.8% liked)

Privacy

36417 readers
728 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS