Signal is testing out a new feature that encrypts message metadata. Once it's widely deployed, their server will facilitate delivering messages but without having access to who is sending them

signal.org/blog/sealed-sender/

@micahflee stay away from Signal, it's too easy to prove that they are full of shit. Sorry for the harsh words. The article doesn't answer my questions, or essentially it does, confirming my fears.

@tuxicoman @micahflee
1. Signal has closed source elements and as such cannot be trusted as a whole
2. The whole business model is talking shit about Telegram using buzz words without actually using good security. I don't trust people who rely on black-mouthing.
3. Hiding metadata is a lot harder than they make it out to be, and the only app I trust about that is bitmessage. Study bitmessage and you understand why this metadata hiding stuff is full of shit.

@tuxicoman @micahflee basically Signal is in the business of security theater, not actual security. and honestly, usually that's good enough, but I don't trust it enough myself. your experience may be different.

@lapingvino @tuxicoman

What part of Signal isn't open source? Here is the server code github.com/signalapp/Signal-Se

Signal doesn't have a business model. It's not a business, it's a non-profit funded by a billionaire. It doesn't have ads, sell (or collect) data, etc.

One thing I appreciate about the Signal project is they don't make claims about security that aren't true.

Projects like bitmessage are great, but really need to prioritize UX if they want to be accessible outside of a tiny niche.

@micahflee @tuxicoman I agree about bitmessage having terrible UI and other stuff by the way. It's not for mainstream usage. I don't really use it.

@micahflee @tuxicoman Another problem about Signal is that it is not very clear in communications about what it protects you from and what not. Insecurity by obscurity, people don't know what will give them away. That's what I mean with security theater: they are technically providing protection and that is tried and works, but people don't understand crypto and security well enough to understand how safe on which parts it actually is.

@micahflee @tuxicoman Adding metadata encryption will lure people into a bigger sense of security that might not be justified, so people take more risks and any spying done on data that is giving itself away will be much more effective. You basically know that security minded people will use it, and might risk their lives doing so.

@lapingvino @tuxicoman

So you think it's better that they don't work on encrypting metadata?

I'm just confused by your arguments. Can you use specific examples of when when Signal has communicated something unclearly?

Follow

@micahflee @tuxicoman encrypting metadata is good... the point is that good security makes you not stand out. using those features might make you a target, and figuring out who uses those features is still basically possible.

@lapingvino @tuxicoman

But once it's released and everyone updates their apps, every Signal user will be using that feature.

@micahflee
While I use Signal on daily basis, Wire is becoming my preferred communication app.
Me and my friends have more and more issues with Signal like very big delays in message delivery, problems with successfully making calls and so on. I would blame my phone for that, but I hear about this also from friends who communicate with their contacts with the same issues.
Wire also lets me retain my phone number for myself and use the same account on several devices. 😉
@lapingvino @tuxicoman

Sign in to participate in the conversation
esperanto.masto.host

Bonvenon! Malferme al ĉiaj kaj ĉiuj respektemaj esperantistoj.