Avatar
lavender 11mo ago

Alright I'm gonna put a bigger effort to switch to Signal this time around and get a few friends roped in. I installed the APK just recently. I have some questions and am hoping some of y'all fedibrains would have an answer.

1. Is there any privacy difference between Signal from the Google Play store vs installing the APK from Github?

2. Given how locked down iPhones are, could that make Signal inherently less private?

3. Are calls also e2e encrypted?

4. Is it safe to put my Signal username on my bio? Or should that only ever be shared in private?

5. Can anyone with my Signal username also see what name I set as my first name?

Some of these questions might be dumb because I'm still learning the ropes. Thanks in advance!

#signalapp #signal #privacy #messaging #socialmedia

Reply to this note

Please Login to reply.

Discussion

Avatar
ChirpChop 11mo ago

1. I _think_ the APK from Signal's site uses (or at least offers and then chooses based on your OS) a different non-Google way of sending you notifications. Not sure, check this again. DO NOT USE APKs from random sites or GitHub repos.

2. I don't know what you are asking exactly.

If you are asking for implications of answers to the first question for the privacy of Signal convos on iPhones (given iPhones are "locked down" (whatever that means?)) then I don't see any but my answer to 1. is uncertain and likely incomplete anyway. Note that surveillance via notification timing analyses has been reported in the past.

If you are asking whether Signal convos are less private (from who?) on iPhones compared to what exactly?, then I'd say that the Signal app itself is as good as on e.g. some Android flavour but that it of course depends (like any other app) on the OS playing ball. _In theory_ the OS could happily screenshot everything. Not saying this happens on iOS but it'd be possible and unnoticable. For something actually resembling privacy on a smartphone you should be using GrapheneOS anyway.

3. Yes.

4. Define "safe". Anyone knowing your username can message you. However, you can easily rotate your username without losing existing chats/contacts initiated with your old username.

5. No.

Remember: I'm just a random dude on the internet. Signal has an ok blog/documentation which helps you verify my claims.

Avatar
Dr. Hax 11mo ago

I can confirm that answer #1 is correct.

If you post your username, people can figure out your phone number with the default settings. Turn off the ability to contact you by phone number to close that privacy problem.

Signal is better than SMS. 💯

Having said that, I don't like that they still collect everyone's phone number in a huge centralized database, are hostile toward any other clients, don't let you connect to another Signal server, don't have any documentation on how to run your own server (last time I tried, the server software wouldn't compile/run), intentionally block the completely open source fork of Signal (Signal FOSS) from the F-Droid app store, waited years to fix security issues with their desktop client, and a number of other things.

Part of my problem is that I have used them since it was called TextSecure and so I was used to them making cypherpunk choices instead of "gain market share" choices. Don't get me wrong, I still use Signal. It's just not my first choice.