- cross-posted to:
- pulse_of_truth@infosec.pub
- cross-posted to:
- pulse_of_truth@infosec.pub
I really don’t understand why so many people like Signal. It’s an utter piece of shit in terms of UX, has questionable security practices, harvests phone numbers, and it’s located on a central server in US.
Signal has always looked like a honeypot operation to me. Keep in mind, too that if you run a CIAware operating system, the key can be remotely pulled off of the filesystem or extracted from memory. It’s not possible to have any secure piece of software on an unsecurable OS.
indeed
Totally agree, it has an extremely sus history too. No one should be using any US-based centralized service.
Someone should give SimpleX or Session a try
I have tried session, the crypto wierds me out a little, but I could not find a terrible issue with the service. I will say Quality of Life Features where not there, most notable the messageing service would start to heavily log out if you have it open too long
What else is free, open source, end-to-end encrypted, has better UX and security practices, and isn’t located on a central server in the US?
I have zero expertise in this but xmpp is an old decentralised technology with encryption available
You can also layer encryption on top of xmpp like omemo and openpgp
Matrix. It can be hosted by anyone, anywhere.
matrix? but that is more of a discord or telegram alternative, session and tox also look interesting for chatting
Matrix (as a protocol) appears to be very strong end-to-end encryption and is federated/decentralized. It can do encrypted and unencrypted chats for any number of users, so it can replace discord (which is not at all private or secure) and do private 1:1 communications (which I’d say is the best use case for it). It also does not require a phone number like signal does (which is usually tied to your legal identity and can be used for geolocation).
I wouldn’t trust any electron apps, which is the framework the official Matrix client, Element, is built on. It’s fully open-source so there are other clients out there which may be better. Of course, the biggest weakness is probably going to be the OS/firmware of device you run it on.
Edit: The desktop element clients rely on electron (which is a webapp framework built on google chrome, which is spyware). If you’re on android, the app also renders in chrome (which is spyware), but that matters a bit less because android itself is a massive pile of spyware. iOS is also spyware that openly just copies all your files to a server in the US where they are “scanned for very bad things”, retained indefinitely and may be accessed by your favourite state agencies without warrant.
On android, element, and it’s newer version element X, are native android, not electron at least.
Thanks, I should have been more specific.
Session is, fine, but the app can get really laggy at times of you are in it for a long period of time, pr especially if you scroll to an older message, this is my experience using it
Isn’t Signal very similar to Telegram but focused on “security” and less features? Revolt is more like Discord. Matrix feels more similar to XMPP, and I see it as a compromise between Telegram style and Discord style. Matrix works well as a one to one chat as well as a team collaboration chat, but audio and video chats are very laggy. Self-hosted Jitsi would serve as an alternative to video and audio chats.
I genuinely appreciate everyone suggesting alternatives, but I’d humbly suggest that, from a normie perspective, “better UX” doesn’t involve learning how to host or locate a server. There’s a reason Reddit is still more popular than Lemmy. In my personal experience, getting a local org with some members that already had trouble using email and SMS onto Signal was difficult. Trying to get them onto an alternative that involved selecting a specific server or learning the technical details of different internet communication protocols would have been a nonstarter. I’ve gotten multiple Boomers to reliably use Signal, and they have no idea what encryption is.
I wish there were a secure texting app that was as accessible to normies though.
Briar works pretty good
https://element.io has a pretty easy onboarding for matrix, that’s good for most platforms.
In the 90s-2000s, we had to make new accounts for every forum-type site if we wanted to use them, but nowadays it’s assumed that ppl aren’t smart enough to do that anymore.
hey how dare you say something so hurtful yet so true
would be nice