To everybody currently experiencing the #Signal messenger downtime and precariousness of digital infrastructure that relies on servers, know that #Keet exists! It can preserve network connectivity and message deliverability in very degraded and hostile network conditions due to the absence of servers in its #p2p architecture.
The world needs resilient communications for what is to come. Don't let your whole network depend on one company.
@pospi It is not entirely the same, since with Signal I can be sure that the app I'm installing (ok, if self-compiled, which I indeed don't do) does completely encrypt my messages only to the receivers. Their crypto is gold-standard, so the only thing the server can do is a denial of service (even if unintended like today).
I'm not sure about Keet's implementation, but here we trust it to be flawless enough (not even thinking about backdoors) on their word.
My next question was going to be about how you came to trust this particular company, but I see in another reply of yours that you have met people in the community :)
And glad to hear that they're the opposite of fascists!
@minimoysmagician You are of course right about the trustworthiness of the app code 🙂
The story on the server is more complicated. Does the US govt have access? We don't know, fact is Signal would be gagged from telling anybody about that, same as any other US company. We are told that 'sealed sender' prevents any eavesdropping, but this is also debateable- with pipe monitoring and timing attacks, it's quite likely US state actors can determine who's talking to whom. It's been suggested that they allow the service to exist cos it gives them the data they're interested in, in terms of contact metadata... and that seems... likely 🤔
@pospi Well, in terms of contact metadata, the only thing a completely malicious server can do is correlate IP-addresses (https://soatok.blog/signal-crypto-review-2025-part-8/#addendum-2025-02-19, https://soatok.blog/signal-crypto-review-2025-part-3/#signal-server from my trusted furry cryptographer 😉), and if the server itself is not compromised, this means that the more centralized it is, the more 'noise' there is to hide in. One of the only benefits of centralization :)
To mitigate IP-address correlation, you can proxy signal over Tor (non-trivial depending on the client, true).
I'll leave with this:
https://soatok.blog/2024/07/31/what-does-it-mean-to-be-a-signal-competitor/
I hope this brings us on the same page what is guaranteed by Signal and what not. In any case, I would love for a p2p messenger app to exist with the same guarantees as signal!
(directly connecting to each others IP's is already a trade-off in anonymity)
@pospi Don't get me wrong, I do prefer p2p messengers and everything p2p, it's one of the reasons I work on @ouroborosnet . I just want to clarify that the guarantees made by Signal are a high bar to clear.
Having a peer to peer connection and hoping that the US is not sniffing at that location might be more important than knowingly subjecting to potential traffic correlation.
And of course, having back-up comms (as you mentioned in another reply) is invaluable.
pospi
minimoysmagician