Mastodawn

Electronic Frontier Foundation

If you're new to Signal, it might feel a little overwhelming to get the hang of, but you can get it set up and working pretty quickly. https://ssd.eff.org/module/how-to-use-signal

How to: Use Signal

Download location: Google Play Store, Apple App Store System requirements: Android 5 or later, iOS 13 or later Version used in this guide: Android: 7.38.6 iPhone: 7.5.1 License: GPLv3 Level: Beginner Time required: 15-20 minutes Other reading: https://signal.org/ https://support.signal.org/ https://signal.org/blog/ Table of Contents Download and Install Signal Register and Verify...

Classic2 Jan 25

@eff
But I don't want Signal to have my phone number. This is still problematic to me, I don't understand why they don't provide an alternative if they truly care about the user.

@isaacl @eff You don't have to. They give directions on how to set up a secondary phone number. Yes it is a cost, but it won't be associated with your primary number.

Classic2 Jan 25

@EdBruce @eff
I think you miss the point here. Having a secondary phone number just means having a 2nd number with which to register an account. You must still retain ownership/control of that number. It is not really different than having a primary number except you can use it to segregate your messages.

If privacy was a real concern, they could use a phone number to verify the account creation but then create an account ID and then throw away the initial phone number.

Classic2 Jan 25

@EdBruce @eff
Yes, I understand without the phone number you could still be traced with the appropriate skills, but it makes it that much harder. The phone number pins you to a lot of other associated info.
And yeah, I get it, phone number is convenient, that's partly how WhatsApp initially 'won'. Making people get an ID and then having to somehow share that ID with someone is a hurdle.

@isaacl @eff my understanding is you can put a PIN on the 2nd phone number, give it up that number and still use Signal. So even if someone else gets that phone number it would be difficult to create a signal acct or hack yours.

lemgandi Jan 25

@eff Now if only I could get my friends and family to use it. Oog.

@eff
Is it not that their servers are hosted on AWS, Azure, Google? Yes, communication is end to end encrypted, but I have zero doubt they will shut them down if the orange clown tells them to.

People subject to this kind of regime should use peer-to-peer communication with GNU Jami (everyday) or Briar (worst-case scenarios).

CC: @[email protected]

Jami

Jami facilitates share, freely and privately.

Jami

X_Cli ⏚Jan 25

@eff Also, you might consider uninstalling Signal and using a truly private and secure messaging app. Stop recommending Signal, for the love of god.

Chad McCullough Jan 25

@x_cli What would you recommend replacing Signal with?

@eff

X_Cli ⏚Jan 25

@cmccullough @eff At the moment, the best app I can recommend is SimpleX Chat.
Their crypto was audited by Trail of Bits. They do a lot to secure metadata or reduce its exposure. The servers and the clients are open source and the servers can be self-hosted, including as Tor services.

Chad McCullough Jan 25

@x_cli Ah, agreed. I do like SimpleX . @eff

@cmccullough @x_cli @eff

SimpleX didn't work at all for me, couldn't connect to a contact, even with a direct invitation link to that account.

Chad McCullough Jan 25

@fasnix @x_cli @eff I should give it another try. It's been a while.

I really do need to get Delta Chat going.

@cmccullough @fasnix @x_cli @eff Cwtch is also a very good option. End-to-end encrypted, serverless, routed through Tor

https://cwtch.im/

Cwtch | Cwtch

Metadata-Resistant Messaging

@wizard @cmccullough @x_cli @eff

Jami and Cwtch look interesting as well.

Personally I think, a messenger that is based on the XMPP-protocol, would be the best alternative, as it offers interconnectedness and is not bound to *one* messenger.

Haack’s Networking Feb 8

@cmccullough @fasnix @x_cli @eff delta chat works great, but all groups and room are based on trust as there's no mod level controls ... which is a giant flaw and limitation for large scale and or use with public communities.

@cmccullough @x_cli @eff

Please check out https://delta.chat and spread the use about this messenger.

Developed in Germany, end-to-end-encryption by design, using email-infrastructure (therfore cannot get turned off by an authoritarian state), including applets, like polls, todo-lists, calendar, collaborative work on documents, games, ...

I use it with several people and really can recommend it :)

#DeltaChat

Delta Chat: Delta Chat, decentralized secure messenger

Delta Chat is a decentralized and secure messenger app 💬 Reliable instant messaging with multi-profile and multi-device support ⚡️ Sign up to secure and interoperable chatmail relays 🥳 Interactive ...

Chad McCullough Jan 25

@fasnix
Delta Chat is a good one, as well.

@x_cli @eff

Matthias Jan 25

@fasnix @x_cli @eff @cmccullough I think delta chat is a great messenger but it started to use a separate infrastracture (chatmail) as e-mail providers like google etc turned out to be not reliable. Users will have fun when using chatmail but they will be frustrated when using gmail.

@fasnix and here you have some poster to make your message more attractive and easy to understand when trying to convince friends and family

@x_cli @eff @cmccullough

Morten Juhl-Johansen Jan 26

@adbenitez @fasnix @x_cli @eff @cmccullough Yes! There is a lot to love about @delta .

Chad McCullough Jan 26

@mjj 💯

@adbenitez @fasnix @x_cli @eff @delta

@adbenitez @fasnix @x_cli @eff @cmccullough @delta Sometimes I honestly wonder: when do we cross the point where it makes more sense to tell what is NOT good about #DeltaChat. It is by far the shorter list.

Haack’s Networking Feb 8

@x_cli @eff What's your basis for the signal critique? Fully open source, they can't access your content due to full e2ee support and design? Nonprofit governance, no cost, what's exactly the issue? Did I miss some report or recent article or compromise? Do share if so ty.

@oemb1905
Here is the conference I gave on the topic this summer: https://passthesalt.ubicast.tv/videos/metadata-protection-in-instant-messaging-applications-a-review/
@eff

Metadata Protection in Instant Messaging Applications: a Review

Pass the SALT Archives

Haack’s Networking Feb 8

@x_cli @eff k, I will check it out, ty for sharing 👍🏼

Haack’s Networking Feb 10

@x_cli @eff Interesting ... Personally, I safeguard that type of leaking on my own and don't expect the app/dev to handle that. Of course, that's a general statement and egregious meta data leaks certainly should be addressed. As for Simplex, my buddy and I gave it a yeoman's try for two months or so ... but it was barely functional, with respect. I hope with more work and development it becomes a more compelling option. Thanks for sharing the technical and well done presentation 👍🏼

@eff you don't need the Google Play Store.

🍀March Mastodoness🍀Jan 25

@eff https://f-droid.org/packages/com.b44t.messenger/

Delta Chat | F-Droid - Free and Open Source Android App Repository

Decentralized private messenger with chat-shared tools and games.

🍀March Mastodoness🍀Jan 25

@eff https://github.com/mollyim/mollyim-android

GitHub - mollyim/mollyim-android: Enhanced and security-focused fork of Signal.

Enhanced and security-focused fork of Signal. Contribute to mollyim/mollyim-android development by creating an account on GitHub.

GitHub

@eff

I'd rather not create a Google account in pursuit of privacy.

Julius Schwartzenberg - Юліус Jan 25

@eff this is the start of the guide:
"""
Download location: Google Play Store, Apple App Store
System requirements: Android 5 or later, iOS 13 or later
"""

Obtaining a device that happens to have one of these operating systems and setting it up so it actually respects you, *is* overwhelmingly difficult.

Bart Veldhuizen 🚀Jan 25

@eff why would you say Signal is ‘overwhelming’? Really curious as it’s pretty much as simple to use as WhatsApp or Telegram..

Christoph Wick Jan 26

@eff But you cannot make Backups of your data to your own devices/servers. You cannot make backups at all on non-US servers (paying aside). I therefore can not recommend Signal at all.

Chris Malik Feb 9

@eff Any comments on Bitchat?