Increasingly, @signalapp is being criticized by governments and users alike though the only successful compromises have been through bad actors being added to group chats accidentally.
Do NOT follow the narrative that you should move to another chat app if having life-or-death chats. Signal is the ONLY chat app with proper #security for those conversations: #PostQuantumEncryption, #PerfectForwardSecrecy, and a proven track record of privacy in court.
This entry was edited (5 days ago)
reshared this
Seth G.
in reply to Seth G. • • •Take it from someone who has been in security for more than half his career:
1. Signal is not compromised.
2. Signal has flaws, but they do not affect its technical security.
3. Signal is THE app to use for critical situations.
4. Everyone should have a backup chat app, and we should be working on getting those apps to the same level of security (or better) as Signal.
But for now, USE SIGNAL FOR MISSION CRITICAL CONVERSATIONS. Don't be manipulated into leaving it for bullshit reasons!
reshared this
Court Cantrell prefers not to and Unnamed TNG skant beefcake reshared this.
Cegorach
in reply to Seth G. • • •"proper security" depends on your thread model of course
might be something that you host yourself (XMPP or Matrix, heck… even "Synology Chat") might have "less secure" (on paper) clients, but since you're not relying on other peoples servers, you might be way less traceable on reality.
That alternate system might already be in place.
Seth G.
in reply to Cegorach • • •David Gerard
in reply to Seth G. • • •reshared this
David Gerard and Jeff Forcier reshared this.
David Gerard
in reply to David Gerard • • •@dat my real world use case was the El Salvador bitcoin story, where the danger was sufficient that some of my contact have fled the country
of course El Salvador then used Pegasus on a pile of journalists, which fucks even Signal, and .sv is poor so getting a burner is expensive
nevertheless, Signal was absolutely up to the task of journalism in danger, 100% would recommend to everybody ('cos the bigger the network the better) as just a daily messenger
reshared this
David Gerard, Jürgen Hubert, Jan Wildeboer 😷 and Glyn Moody reshared this.
David Chisnall (*Now with 50% more sarcasm!*)
in reply to David Gerard • • •@davidgerard @dat
This is really critical. The privacy of Signal users is significantly enhanced by the fact that tens of millions of people are sending mundane traffic via the same servers. Doing traffic analysis on this is hard.
It's also helped by the fact that this includes the people using it for sensitive things. If you use Signal for talking to journalists and WhatsApp for talking to everyone else, it's easy for a passive adversary to see that you're doing something unusual.
reshared this
GhostOnTheHalfShell, Jess Mahler and David Gerard reshared this.
Kat (post-Hallowe'en edition)
in reply to David Chisnall (*Now with 50% more sarcasm!*) • • •Cegorach
in reply to David Gerard • • •I never claimed "usability" of anything I listed would be good.
Yes, giving people that one piece of advice "use signal!" is way easier than to teach them how to get a decent XMPP-setup or how to run their own server.
I was only claiming: my thread model doesn't put my local government as the most important threat I have to defend against. I.E. defending against US services and companies sounds way more important to me.
Thus "download something from google" kinda sounds a stupid point to start with?
David Gerard
in reply to Cegorach • • •in practical real world terms, that's infosec mall ninja talk
> I never claimed "usability" of anything I listed would be good.
in context, this is a bizarre statement. Are you advising humans, or who are you advising?
anyone can define a perfectly spherical security system for use in a vacuum at absolute zero
i suggest everyone else Just Use Signal
nawan
in reply to Seth G. • • •plan-A
in reply to Seth G. • •