"We have ceded so many of the core operations of our lives and institutions to tech, we must recognise that strong encryption isn’t the enemy of security — it *is* security." - Signal President
@Mer__edith for the Financial Times on the war on encryption
https://www.ft.com/content/a934150f-e0f5-4e75-a2d1-a3671ea52ca0
@signalapp i'm going to be a replyenby here for a sec
you do realize anonymity is a friend of security, and you're actively sabotaging your users' anonymity with your hard phone & phone number requirement?
you've built a great app but that choice of basing your account system on phone numbers makes it nonviable for the sensitive activities encryption is most nessesary for
At Signal, we’ve been thinking about the difficulty of private contact discovery for a long time. We’ve been working on strategies to improve our current design, and today we’ve published a new private contact discovery service. Using this service, Signal clients will be able to efficiently and s...
@ckrypto if@[email protected] wasn't complying with #CloudAct, @Mer__edith would be in jail.
Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!
Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!
By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.
Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.
Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.
Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...
@kkarhan
JFC you're clearly just using an AI to generate your replies for the purpose of spreading FUD.
In any case, with regard to decentralization:
https://youtu.be/DdM-XTRyC9c
@ckrypto no and I expect you to take that insult back, Neurotypical!
I consider your reply a conditionless surrender, or as we'd say in Germany: "I'd love to duel you intellectually but I see you are unarmed!"
@[email protected] JFC you're clearly just using an AI to generate your replies for the purpose of spreading FUD. In any case, with regard to decentralization: https://youtu.be/DdM-XTRyC9c @[email protected] @[email protected]
If you are looking for security, you would probably be well advised to avoid Signal.
Security and privacy aren't the same thing. And no, that's click bait. It is a company doing scraping of publicly accessible data, so it is unrelated to the security or privacy of either Proton or Signal. Please do more research before you make such wild claims.
@unexpectedteapot @signalapp @Mer__edith
I wonder what data from a ‘secure’ app should be public data. Is user data public data or are the messages exchanged public data or what else?
@Avitus @unexpectedteapot @signalapp @Mer__edith
So you mean the ICE contractor ShadowDragon is wasting resources pointlessly to get data it can't do anything with?
@signalapp @Mer__edith
Yes but you are still not Open Source and de centralized. Or usable without Phone Number.
I need to have this for full offline apocalypse, zombie and Doomsday Mode, to trust you my dairy.
P.s. I still love what you done so far. However, every chat got unencrypted and exploited by Apps and advertised on Apple and Google devices with its A.I. ... privacy bank rubbery.
@ibrahim_cris I don’t know about all of these things, but Signal’s source code is open source and freely available on GitHub. This includes its Android, iOS and desktop apps, as well as its server code and underlying encryption library:
https://github.com/signalapp
It also has regular security audits from third parties:
https://community.signalusers.org/t/overview-of-third-party-security-audits/13243
The last one was done on February 18 and found no vulnerabilities in Signal’s encryption:
https://soatok.blog/2025/02/18/reviewing-the-cryptography-used-by-signal/
I hope this information is useful!
@ibrahim_cris @chriswood https://github.com/signalapp/Signal-Server
I'm not sure where the whole "signal server isn't open source" came from, but it's not accurate. If you're so inclined you can roll your own signal infrastructure, though getting an app past Apple and Google's gate keeping would be an issue.
If you're threat model is so extreme, give Veilid or Reticulum a look.
@schm43cky @signalapp @Mer__edith
So, then I take it from your words in conjunction with the fact that the ICE contractor ShadowDragon is grabbing phone numbers from Signal and using them (presumably to merge with other data) that the use of Signal is contributing to attacks on the privacy of its users.
```
A Signal spokesman said the Pentagon memo is not about the messaging app's level of security, but rather that users of the service should be aware of what are known as "phishing attacks." That's when hackers try to gain access to sensitive information through impersonation or other deceptive tricks.
"Once we learned that Signal users were being targeted and how they were being targeted, we introduced additional safeguards and in-app warnings to help protect people from falling victim to phishing attacks. This work was completed months ago," said Signal spokesman Jun Harada.
```
https://www.npr.org/2025/03/25/nx-s1-5339801/pentagon-email-signal-vulnerability
@meles @signalapp @Mer__edith Same reasoning applies to any other app, service or system.
This is a warning against phishing attacks *on a person*.
Once a person was incautious, impatient or incompentent enough to let some random QR code on the internet capture a part of its communcation stack, the underlying infrastructure (here: Signal) can't do a lot about it.
Maybe the linked devices feature hat a flaw in this regard (not enough bling bling?) but that seems to have been mitigated, as the article states.
chloedarge
Signal
zaire the bored genderfuck
unexpectedteapot
Andromxda 🇺🇦🇵🇸🇹🇼
Fluffy Kitty Cat
astroboy
George Dinwiddie
Harold Smith
Potato
Kevin Karhan 
ckrypto
Nicoco
Tomáš Němeček
meles
👊🇺🇸🔥
@leX 🤘🏻
Sérgio Machado
Chris Wood
AlexanderMars
As The World Spins
josh://
Wulfy—Speaker to the machines
Thomas Traynor