PieFed.zip
Blaze (he/him)
47 Comments
Comments from other communities
use signal to safely organize, but remember to faraday cage your phone before you leave. no proof that you were there.
lnxtx (xe/xem/xyr)What if a gestapo officer is undercover? How to trust members of a protest?
adr1anSignal, yes...
Or snikket (xmpp).
Or delta chat (email).
The three are good.
ZeroOne
UlrichIf you join a large WhatsApp group, anyone in that group will have everyone else's phone number, and they can use that to learn far more about everyone's identities.
Does it not give away your identity when you join a Signal group?
Jean-luc Peak-hardSignal defaults to hiding your phone number since the release of user names: https://signal.org/blog/phone-number-privacy-usernames/
But they must still have your phone number and associate it with your username. So it would still be easy for a government organization to force Signal to give up the identities of all people who join a group.
Wrong. Signal servers don't know of group members.
Really? That's interesting. But the group membership list must be persisted somewhere, no? Otherwise, you wouldn't know where to send and receive messages. So where is it persisted then?
And also, how would you add someone to a group? When you add a new user to a group, would he be able to view all previous messages? Is it possible for this to scale to, say, a thousand or a million users?
teolanThey can't get your username from your phone number (but they can b'get your phone number from your username)
Not worried about my phone number, I'm more worried about my profile.
Your profile, like everything else on Signal, is also end-to-end encrypted. Your name and profile picture do get shared with whoever you chat with, groups or individuals. If you don't want your name and profile picture shared with randos, either don't set them or don't chat with randos.
your profile...is also end-to-end encrypted
That's fine if one of those ends isn't a public activism group.
If you don't want your name and profile picture shared with randos, either don't set them
I use Signal to talk to people I actually know, both personally and professionally. I don't want to message them from some sort of unidentifiable alias. And if I did they would know my alias and could disclose it to law enforcement.
or don't chat with randos.
You mean randos like you might find in a public activism group chat? Yes, that was my point, thank you.
merde alorssettings > privacy > phone number > who can see my number > nobody
👍
Not worried about my phone number so much as my legal name...
No requirement to have your legal name in Signal. Though, I do wish it was possible to set a different name for group chats though. Happy to use my real name with friends and family, but would prefer an alias for group chats.
Happy to use my real name with friends and family, but would prefer an alias for group chats.
Exactly.
Maybe I'm just weird, but basically nothing I do in an online capacity traces back to my IRL identity. (I do maintain a linked in for professional purposes.)
I haven't used the groups, but I know you CAN opt to use usernames now.
My username is my name. As is my profile.
I mean, if you're using your name as your username, you can't really complain that Signal doesn't let you be private. That's on you.
No, that's not on me. Signal should let me join groups without my username (this is what SimpleX does)
The point is not to blame Signal, the point is to highlight that it's not safe to join these activist groups with Signal for this reason, and political action groups should not be using it for this reason, unless you use it exclusively for this purpose, which is also not good, because then it means you're not using it for your personal communications.
Or you could....you know....
NOT use your name as your screen name. That's like buying a hammer and complaining that the nail remover side isn't efficient at removing screws. Well.....yeah. You're not meant to use it that way.
If you actually read my comment before replying to it, I already addressed this. I use Signal in my personal and professional life. I do not want my clients to message me and see my ID as fucking xX_StarLord_69_Xx. Nor my family. It would be very confusing to them. If Signal gave me an option to use multiple profiles (like SimpleX does) I would, but it doesn't.
XNXI wish Signal had an option to create forums. With forum Like ui with threads its easier to organize things and keep up with projects over long periods of time.
For those that want more security:
Simplex does not give you anymore security. It does however, provide anonymity.
what's the security issue about simplex??
Venus_ZiegenfalleLet's stay in touch! I'm on Signal. Just text me on Telegram. I've got Whatsapp with ads. I'm literally on Snapchat. You can probably find me on Kik. Dude text me on Matrix. It's a Wechat feature. I'm on Simplex. You can text me on Simplex. You can go to Simplex and text me. Log onto Simplex right now. Go to Simplex. Dive into Simplex. You can Simplex me. I'm on Simplex. Simplex has it for you. Simplex has it for you.
Also beware that the target entry is always people. Any group you don't know extremely well is going to "leak" and so it's best, in general, whenever it involves electronics, to not do things you wouldn't want to be found out doing.
Some users are mentioning SimpleX, which has some very good features, but for activism I'd really suggest Briar. Just scan each other's QR codes to add all the needed contacts with no real names and create a mesh network through WiFi or Bluetooth connections between devices (no internet needed). If everyone is still bent on using Signal, whoever owns an Android phone should at least download the .apk from Molly.im. This version of the app is better suited for this.
Deleted by moderator
Very insecure. Vulnerable to MITM, jamming, etc.
Deleted by moderator
What you mentioned doesn't have PFS nor break-in recovery, plus it uses PGP... a significant security downgrade compared to Signal or SimpleX.
Signal still centrally collects metadata and requires a phone number to participate.
If you're serious about privacy, ESPECIALLY if you're part of a group looking to organize in a clandestine fashion, you should look into the vastly superior SimpleX Chat.
The only metadata they collect is:
The last time you connected to their server
When you first registered
per the article
Deleted by moderator
Yes. The client uses what's called "remote attestation" to verify its talking to, not just official servers, but official server code published on github. Read more about it here: https://signal.org/blog/building-faster-oram/
To put it simply, they're using the same technology that allows DRM protected videos to play back on your computer/phone/tablet, but against their own servers, to ensure its not a rogue host or code.
i switched my family over to signal. i cant do a seitch again xD
Signal is likely fine for a use case like that. Don't feel like you need to switch if you don't have a good reason. Signal is a great balance between stupid-easy useability and E2EE messaging, and people who actually need that extra mile of privacy should know better than to use Signal.
On a serious note, sticking to Signal for family group chats is fine. No need to move them over to another platform.
I feel you.
SimpleX is run by a Trump apologist and "white genocide" believer who believes the protests are fake and/or literally Stalin.
Edit: "all child abuse is horrible. But..." Evgeny is especially concerned about "genocide of young white girls" specifically, wondering "can Elon Musk help?"
Can all of this compromise the SimpleX protocol in any way?
Nope. To add a little context, imagine that someone who uses Lemmy (which is well known to be developed by a team of people not everyone agrees with) to crosspost the same articles to infinity told everyone not to use a piece of well regarded and audited open source privacy software because it's main developer has sided with US republicans.
I kind of figured with the X in the name. (I'm only half joking... But yikes)
Idk why it’s always assholes coming up with good software (shoutout to the lemmy devs lol) but simplex is a great messenger nevertheless. I sure as hell won’t donate to that guy though, like ever.
Fml why.
Signal doesn't collect any useful data; they've been compelled by court to present all data they have on users and all they know are two time stamps. The date + time your phone number registered and the last day (not time) one of your apps (linked desktop app or tablet) pinged their server.
Source: https://signal.org/bigbrother/
Because it originated as an overlay of the SMS/MMS network, a text messaging replacement, before everyone was "always online". But that's beside the point as you can now hide your phone number from others.
I wouldn't recommend SimpleX chat, its developed by a Trump-supporting Antivaxxer who believes in wild conspiracy theories, not the kind of person I would put my trust in. Source: https://social.tchncs.de/@pixelcode/114633102552691724
If you're serious abut privacy, ESPECIALLY if you're part of a group looking to organize in a clandestine fashion, you should fund the development of your own secure channels. Don't outsource the important stuff. For everyone else, there's Signal.
Or if you want to have a federated platform that's closer to something like Discord, Matrix.
Signal collects your IP address and the last IP address you sent a message to. They store that info to maintain their services. They also store your phone number, either of which can be tied back to your identity (in the US, don't @ me, friends from across the pond).
The only thing these reveal is that you use Signal, which is currently still legal. Also, even if a judge ordered Signal to collect outgoing messages for your user, the content of your messages would already be encrypted. So unless your use of the service could be construed as illegal (or perhaps who you're talking to), then it's probably still safe to use.
However, all that said, I still agree that SimpleX is a better choice for activism. No phone numbers or other useful identifiers, uses a series of nodes rather than a central server, expiring contact-adding codes, etc... it's simply better, if you need privacy against external threats.
And there's no reason you can't have both on your phone for different kinds of groups!
can you show evidence for this?
The best choice for activism right now is signal and has been for years. The best choice isn't necessarily the most hardened app or messaging system, it's the most hardened balanced against ease of use and access, along with features.
It's been proven in court several times. The only information they keep is your phone number, unix timestamp of your account creation, and the unix timestamp of when you were last online.
Which is not the claim OP made.
Which claim are you referring to?
Usability of Simplex is very similar to Signal.
Evidence for what?
The claim being made?
I promise I'm not being pedantic. Which claim? I made at least two.
The one that suggests Signal collects your IP addresses.
They dropped the phone number requirement a while ago
No, you still need a phone number to sign up. You can now optionally have a username as well, but a phone number remains a hard requirement.
What's more, they require you to periodically log in on your phone. If you exclusively use the desktop client, you will get a message that access will be blocked if you don't sign in on your phone.
Sometimes, it feels like a surveillance loophole is left for the OS (remember when they had plain text backups on windows). And Apple, Microsoft, and Google would happily turn over data, while Signal always will have plausible deniability.
And you will always need a smartphone OS built by one of the US companies above to start and continue using signal.
Yeah I thought they had too, but it's the case that for a new account you still have to have a phone #. You can then use a chosen account for everything else.
you mean, you don't need one for registration?
I've been corrected on that.