

There are plenty of good enough options like SimpleX Chat out there that don’t have this problem. The whole argument that people should just ignore the obvious issue with Signal is frankly weird.


You don’t have to trust anybody when you run your own server, or you use a server that doesn’t collect information it has no business collecting.


There’s no such social graph to speak of. Signal does not know who is speaking to whom.
The only people who know this are people operating the server. Period.
Three-letter agencies have served them legal subpoenas many many times and they never turn over anything more than the above information.
See the link I provided above.
Filter for…what, exactly? The hundreds of millions of people who value private and secure communications?
Yup, that’s precisely what it’s a filter for.
We do, because they publish them publicly.
Trust me bro is not a viable model for anybody who actually gives a shit about their privacy.
The reality of the situation is that Signal asks users for information it has no business collecting during the sign up process, and this information can be used in adversarial ways against the users. People using Signal are making a faith based judgment to trust the operators of this server.


The problem is that you just have to trust them because only people who actually operate the server know what they do or do not store. Trust me bro, is not a viable security model. As a rule, you have to assume that any info an app collects, such as your phone number, can now be used in adversarial fashion against you.


It’s better than Signal since you don’t have to disclose any personal info, but people have pointed out some issues with federation in it. Again, it’s one of those things that may or may not matter based on your use case.


Yeah, I’m leery about anything where vcs are involved as well for obvious reasons. The tech itself does seem solid though, and it is open source. If it does start moving in a sketchy direction at least it could be forked at that point.


It really depends on your needs and what people you communicate with are willing to use. A few platforms that are notable in no particular order.
SimpleX Chat is probably the gold standard right now. It uses absolutely no user IDs such as phone numbers, no usernames, no random strings of text. Instead, it creates unique, pairwise decentralized message queues for every single contact you have. Because there is no global identity, there is no metadata connecting your conversations together.
Session is a popular Signal alternative. It doesn’t require a phone number and routes your messages through an onion-routed decentralized network that’s similar to Tor. Since your IP address is hidden and messages are bounced through multiple nodes, no single server ever knows who is talking to whom, stripping away metadata.
Jami is completely decentralized, open-source platform. It uses Distributed Hash Tables to connect users directly to one another without a central server. Notably, it supports high-quality voice and video calls.


It’s also important to continue educating people about the fact that Signal is incredibly problematic as well, but not in the way most people think.
The issue with Signal is that your phone number is metadata. And people who think metadata is “just” data or that cross-referencing is some kind of sci-fi nonsense, are fundamentally misunderstanding how modern surveillance works.
By requiring phone numbers, Signal, despite its good encryption, inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.
Being able to map out who talks to whom is incredibly valuable. A three-letter agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a “person of interest” for any reason, they instantly have your entire social circle mapped out.
Worse, the act of seeking out encrypted communication is itself a red flag. It’s a perfect filter: “Show me everyone paranoid enough to use crypto.” You’re basically raising your hand.
So, in a twisted way, Signal being a tool for private conversations, makes it a perfect machine for mapping associations and identifying targets. The fact that Signal is operated centrally with the server located in the US, and it’s being developed by people with connections to US intelligence while being constantly pushed as the best solution for private communication should give everyone a pause.
The kicker is that thanks to gag orders, companies are legally forbidden from telling you if the feds come knocking for this data. So even if Signal’s intentions are pure, we’d never know how the data it collects is being used. The potential for abuse is baked right into the phone-number requirement.


name a more iconic duo than capitalism and slavery
The desire for Taiwanese independence has experienced a significant drop over the past three years, with only 25.3% of people who want to “move toward independence” or seeking “independence as soon as possible” - down from nearly one-third - 32.4% - in 2020.



incidentally, a good dive into the sketchy stuff the dev baked into piefed https://lemmy.ml/post/42049895/23496934


and unapologetically so too


yeah, and also stuff like this that’s been going on forever https://hrnews1.substack.com/p/feminist-icon-gloria-steinem-was


yeah the direct reddit tie in with world and piefed definitely feels sketch af


It’s how Iranians refer to it as well https://www.tehrantimes.com/tag/12-days+war
There’s a big difference between having confidence in open source code that has been audited by many people, and knowing for a fact that the service collects specific information. In the former case, you can never be absolutely sure that the code is not malicious so there is always a risk, but in the latter case you know for a fact that the service is collecting inappropriate information and you have to trust that people operating the service are not using it in adversarial ways. These two scenarios are in no way equivalent.
It’s a choice to trust the entire open source community around the project and all the security researchers who have been looking at the code.
Frankly, I have trouble believing that you don’t understand the difference here and are making your argument in good faith.