Can everyone please start using Signal now?
I'd rather not, because Signal’s APK bundles binary blobs¹ from GoogleSurveillance™ and Signal’s creator is hostile to federation²³.
That was my point. I cannot tell my extended family or the random that asks to go use a program they have never heard of and that nobody else they know uses. Also, Briar does not have an iOS application so in the US at least that rules it out entirely for a large percentage of people, myself included.
When you talk about federation you are only as secure as the least secure of those that you federate with.
My friends prefer Apple Messages or Facebook Messenger. Work prefers Slack.
Even if I installed all of the suggested applications I would have nobody to text with.
We may have to give up on normal humans using Signal or Briar.
I wonder if use of a nonstandard chat application in some places flags you for further investigation
Encrypted text via email for the win?
I mean, somewhere one of your colleagues or friends probably made the same argument about nobody in their circle having Signal.
You have to start somewhere. Most of my colleagues and friends are on Signal now.
But yeah, with that attitude? We might as well give up, sure.
Good lord. 🤦♂️
Telegram Desktop Saves Conversations Locally in Plain Text https://www.bleepingcomputer.com/news/security/telegram-desktop-saves-conversations-locally-in-plain-text/
Signal Desktop Leaves Message Decryption Key in Plain Sight https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/
It doesn't matter that much if the message store is encrypted. If the attacker has access to your device, that's the ballgame. Screenshots and keyloggers are just a few ways to get around encrypted message storage.
Briar requires the user to type-in a password, which has security benefits, but usability trade-offs. And is still vulnerable to keyloggers.
@jeff @rysiek @Michcioperz There are inherent trade-offs in both solutions. Federation cannot provide ‘convenient security’ as good as centralization. That’s the price to pay for independence.
Signal’s severs can be turned off at once for everyone. That could happen in a crucial moment. A single point of failure is the price for conveniences of centralization.
We have an individual decision to make on what we want or can sacrifice.
I already made mine ― I choose freedom first then security.
Lack of security can result in someone losing their freedom though. It is very much an individual decision not to be taken lightly. Everyone's threat model will be different and great care should be taken to know the risk vs benefits for your own situation.
At least we can all agree that getting off of Whatsapp is probably a good decision though.
@riking @jeff @rysiek @Michcioperz [Joking cuz it’s late here] So on one side we have ‘wacky and bad’ crypto but w/o binary blobs in APK¹ and on the other side ‘solid and good’ crypto but w/ binary blobs in APK.
So FSB/GRU attack by breaking cypto and NSA/CIA by having backdoors in Google’s Android and it’s blobs.
A strange game. The only winning move is not to play. 😺
@jeff We use Telegram and it 'saved' the communication in our family with a variety of devices and OS'es. So,no, sorry. We also use Wire instead of Skype.
@jeff it is one more reason. Actually, everybody should have switched when Facebook bought WhatsApp since they were getting all peoples phone number.
"WhatsApp Status has become very popular, even surpassing Snapchat usage."
I've never seen anyone using it in Finland. Not a single time.
A Mastodon instance for info/cyber security-minded people.