Thoughts on Signal? nostr:note10ws3h802ekts62marnjwvw23n07mhnhq2axrkkrj8w938z9aj25qxp57cc
Discussion
Seems clearly a honeypot to me. Simplex is about the only I think works
Why a honeypot?
Their privacy model seems to boil down to “trust me bro” when I’ve looked at it
Also, lots of evidence that intel agencies have a backdoor reported in the media
I think most of those reports were the police had direct access to the persons phone. Not sure if the encryption has been cracked.
Can’t be sure, would prefer to use Simplex
I agree.
Signal encryption is unbroken. In fact plenty of other messengers (afaik WhatsApp too) use the signal encryption methods.
Signal doesn't save any data except your phone number and the last time you logged in (as Unix timestamp, so even without timezone).
For normal day to day ops and to move your friends away from WhatsApp, signal is the best alternative imo.
Simplex is even better in terms of privacy but the usability for non techies is hard(er)
what degree of privacy you need for the comms is key to the option with the best balance between security/privacy and UX, reach, speed, ...
You can refuse contact permissions and it still works.
You have to provide a cell number
Thats true. But isnt that all they have? The messages would still be encrypted.
SimpleX is funded by VC money and Bill Gates, they are also actively pushing for censorship (check their blogposts and Github), and has a shitcoin built in. 🚩 Run away.
Shitcoin? Bill Gates?
Censorship? What are we talking about here?
Works well for me, I like it personally
Self PGP encrypted text manually pasted into WhatsApp. Share public keys with your contacts so they can send stuff for you to decrypt. And vice versa.
It’s clunky but it’s pretty damn secure. The following message is what “GFY” looks like encrypted to my public key, for example. I use InstantPGP on iOS, Kleopatra on PC and Linux. And GPG Keychain on MacOS.
-----BEGIN PGP MESSAGE-----
Charset: UTF-8
wcDMA3YwQAn/5FadAQwAp/lLOdlkqGmzMBBMj0KT5gnminKqrNrPFZLnRXhgSsVSC0Q0DNUfiINu
E174iky0XQHQioB+qT1cIS7e/WzcOTzq2K48uQ62HE2jX2h8ne2b/sI9tmKBaF6upTz2XN4YSO4v
FtoFHMz6aw9I2/PT2XgsPON2ibU17ohVC8HyeFO9PlofmsmfGj8wN3/WI5ndmuCG05I+6ekddOpA
0myuIlBC+x3s8cR7obX+DzcT3PrusiQ7uGz32iIljzG08LNCrdfgovDFJC0Vf75GsPNrJOHDxJtU
Q3G6mDSxbUBR803IGfc83Mh3ZVBgKugpzOwFnzU4miEEpJUauwXAyyZY6Pn4ry8sb5vtV0ZhYsyS
W1mMqYSisXBG9R5MWLY3+AOP3yzAswtBgyoHTsRWN+ZwxYzVhMATwRum20RxZkC7gpCmy7RSHTLt
numRRZs6RwI9lc/pHDHgib65eCc9Bta2RKj2siuqtZa+5xb5IMVKhuz0gCLH6cvC+DmSHlBS8kZJ
0j8BgO1MkPHUY0XW8vATOWHMTeNY4DVhMKqUctPfz2QKd7iyyVHtzyzSScenbguRwleFfusjs/p1
Ki0MFlp1W2o=
=qQmg
-----END PGP MESSAGE-----
Very helpful thank you! Going to check it out! Appreciate the different apps and programs I can choose from. Its nice it could be through any messaging app then. 🤙
Yeah and it’s cool too if you have sensitive text to send home to yourself on your file server, you can encrypt it before you send it. Then decrypt it when you get home.
Just like Bitcoin though, key management is paramount. There’s no sense sending yourself or others encrypted data if the decryption key is readily available for use on the same device without a passphrase.
The recommendation is SHA-256 4096 bit with a strong passphrase. Nobody is cracking that. And if you’re sending data that sensitive, you likely have bigger problems, like Jason Bourne coming to your door lol
The biggest problem I find is on-boarding friends to PGP. It’s so easy, but as usual most people aren’t interested in learning it BEFORE it’s needed.
Signal is flawed in that it’s centralized on Amazon servers, partially open-source platform, controlled by a single entity, requires a phone number, and can not be self-hosted. 🚩 Run away.
Please read the and papers yourself to make an actually informed decision. I find most normies look at signal or WhatsApp. Whatsapp is more mainstream (they run ads everywhere including televison). If your choice is between signal or whatsapp please convince them to consider signal. Both can be a trust-me bro model but one is owned by a company who has absolutely no incentive or history at preserving user's privacy, in fact their business model relies on the complete opposite.