Increasingly, @signalapp is being criticized by governments and users alike though the only successful compromises have been through bad actors being added to group chats accidentally.
Do NOT follow the narrative that you should move to another chat app if having life-or-death chats. Signal is the ONLY chat app with proper #security for those conversations: #PostQuantumEncryption, #PerfectForwardSecrecy, and a proven track record of privacy in court.
Take it from someone who has been in security for more than half his career:
1. Signal is not compromised.
2. Signal has flaws, but they do not affect its technical security.
3. Signal is THE app to use for critical situations.
4. Everyone should have a backup chat app, and we should be working on getting those apps to the same level of security (or better) as Signal.
But for now, USE SIGNAL FOR MISSION CRITICAL CONVERSATIONS. Don't be manipulated into leaving it for bullshit reasons!
might be something that you host yourself (XMPP or Matrix, heck… even "Synology Chat") might have "less secure" (on paper) clients, but since you're not relying on other peoples servers, you might be way less traceable on reality.
That alternate system might already be in place.
- replies
- 2
- announces
- 2
- likes
- 7
@dat @davidgerard For the example I gave, where it's life or death circumstances, and implying that the threat actor is a nation state, I stand by Signal being the only option. Anything that is weaker on paper can have the message transmissions captured and decrypted, whether now or in the future. Who hosts the servers does not matter if the servers (1)are not the target, (2)keep no message records, and (3)have no insight into message traffic even in real time.
@secbox @dat my real world use case was the El Salvador bitcoin story, where the danger was sufficient that some of my contact have fled the country
of course El Salvador then used Pegasus on a pile of journalists, which fucks even Signal, and .sv is poor so getting a burner is expensive
nevertheless, Signal was absolutely up to the task of journalism in danger, 100% would recommend to everybody ('cos the bigger the network the better) as just a daily messenger
@dat the threat model was clearly stated: "if having life-or-death chats." for that model, your best (and only reasonable) threat mitigation is signal, proven on paper and in the trenches. not xmpp with whichever extension, not matrix, not synology chat. not selfhosting github dot com slash thesecurestestchat. not anything "less secure (on paper)," whatever that means anyway. @secbox @davidgerard
Signal was absolutely up to the task of journalism in danger, 100% would recommend to everybody ('cos the bigger the network the better) as just a daily messenger
This is really critical. The privacy of Signal users is significantly enhanced by the fact that tens of millions of people are sending mundane traffic via the same servers. Doing traffic analysis on this is hard.
It's also helped by the fact that this includes the people using it for sensitive things. If you use Signal for talking to journalists and WhatsApp for talking to everyone else, it's easy for a passive adversary to see that you're doing something unusual.
Some of those aren't even remotely in the same range as others. No, I don't see how "only our saviour signal!" can be secure enough, while other things (that too do perfectly fine E2E encryption AND come with the benefit of not connecting to other peoples servers) are clearly inferior for every purpose.
My threat model is much less concerned about state actors and legal persecution than yours. Meanwhile the possibility to recieve a manipulated signal.apk from google sounds way more dangerous to me. Signal Foundation is located in USA (and has to adhere to laws of that ridiculous excuse of a pseudo-democracy) and I couldn't trust Moxie (or the current 5 members of it's board of directors) possibly any less.
Having all my data never leave any of my devices and me not even becoming a visible target (because there's no traffic to anyone the USA control) is way better imho.
But that's MY thread model… and… (opposed to others) I would never claim that mine has to be the only possible one.
Yes, giving people that one piece of advice "use signal!" is way easier than to teach them how to get a decent XMPP-setup or how to run their own server.
I was only claiming: my thread model doesn't put my local government as the most important threat I have to defend against. I.E. defending against US services and companies sounds way more important to me.
Thus "download something from google" kinda sounds a stupid point to start with?
@david_chisnall @davidgerard @secbox @dat
Using it daily to ask my wife to buy some bread on her way back from work.
I works flawlessly for that too!
@david_chisnall @davidgerard @secbox @dat I use Signal to talk to everyone who's got it, except for those who also have Matrix, in which case I use that instead. And unfortunately, I still have to use WhatsApp because far too many people just can't be bothered to use anything else.
@dat literally the only point of e2ee done right is that you have a mathematical guarantee of confidentiality regardless of what servers handle your traffic and who sits on the board of the entity owning those. have a great day yourself as well. :)
@david_chisnall @davidgerard @secbox @dat Half my signal chats are about what to order for game night.
@dat in practical real world terms, that's infosec mall ninja talk
@david_chisnall @davidgerard @secbox @dat
For whatever reason all of our local parents chats (people with kids born in the same year/month in the neighborhood) are on Signal so a lot of messages at very strange times of night flying around
@david_chisnall @davidgerard @secbox @dat "It becomes more difficult to distinguish the Signal from the noise" was right there.
@davidgerard @dat I use Matrix to communicate with friends and family. I self host my instance. But for third parties? Signal is fantastic. It just works for most people and I have to explain little.