Technology

58150 readers

4986 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

-21

Signal is just a company selling privacy (lemmy.sdf.org)

submitted 1 year ago by gthutbwdy@lemmy.sdf.org to c/technology@lemmy.world

81 comments fedilink hide all child comments

Signal is a centralized app, run by a company. If they are offered enough money or legal threat they will sell out or close.

I am sure people will make an argument that its FOSS and people will just fork it if it goes bad, but a new fork will have 0 users and Signal will still have all of your old contacts. Why not make a switch now? Before it is even more popular and you have more reasons to stay? Why fork it if there are already decentralized apps that use same encryption, like XMPP apps?

Sure you can find flaws in every app, including XMPP implementations, but if we will have to write code for a new Signal fork, why not just fix whatever is that bugs you in XMPP clients?

If you want to use Matrix, that is fine as well, we can always bridge the two open protocols. But you cant bridge Signal if their company doesn't allow it.

you are viewing a single comment's thread
view the rest of the comments

[–] oatmilkmaid@possumpat.io 2 points 1 year ago (2 children)

Doesn’t XMPP collect hella metadata unlike Signal?

[–] jecxjo@midwest.social 4 points 1 year ago (1 children)

There is no one to "collect" this data. You do have to trust the servers that others are on, since its federated, which is the issue with all services.

[–] oatmilkmaid@possumpat.io 1 points 1 year ago (2 children)

I think that’s where I’m icky about it. I don’t know that I trust other servers more than I trust Signal. Which, I mean, is not great to say given that in a perfect world I would rather not rely on one organization to keep my “data” private - but hey.

I don’t mind so much on Lemmy or Mastodon because I’m not looking for privacy but if encryption is the main selling point of something, a random XMPP instance doesn’t really inspire confidence at the moment. But hey maybe that’ll change in the future and XMPP will require less metadata to work.

[–] gthutbwdy@lemmy.sdf.org 1 points 1 year ago* (last edited 1 year ago)

You can pick servers run by groups that have just as good record of privacy or even better or are run by the person you know or yourself.

When you have a decentralized service you can choose who you trust, you are not stuck with one corporation. Picking a completely random server is the worst possible example you could have chosen.

[–] jecxjo@midwest.social 1 points 1 year ago

That is THE ISSUE with email. I can secure my server all i want but when you use Gmail and they hand over the keys to whomever they want i get screwed.

As for XMPP security, you have to do e2e a layer above. Use XMPP or any other protocol and encrypt the messages you send. The catch is that you need to always encrypt everything so that your Happy Birthday to your Grandma is just as unintelligible as your secret bank pin yoh send me to get you bail money. At that point the meta data is useless as we don't really know who gets important messages and who doesn't.

[–] gthutbwdy@lemmy.sdf.org 2 points 1 year ago

XMPP is decentralized, you can run your own server. In open decentralized protocols, such issues are resolved by design. Further more most XMPP servers don't require a phone number, why would they, unlike Signal.