bjoern
Leander Lindahl 🇪🇺Thursday is a good day to delta with friends and family.
Switch a loved one to #DeltaChat – the decentralised secure open source messenger from Europe.
Andre B.@leanderlindahl
It's very simple and secure. You can only connect with people with whom you've shared your QR code.
Nice.
It's very simple and secure. You can only connect with people with whom you've shared your QR code.
Nice.
Koutsie 
@gewaltfrei_digital @leanderlindahl or a link - but yes.
RBuzz@leanderlindahl why this looks so whattsuplike?
Loohoosaher@rbuzz I mean it's a messaging client
Jasper@leanderlindahl I'm slowly getting people on Signal, I doubt this here will happen.
But the screenshots imply desktop usage as a bigger thing? Could it be an alternative to small discord communities?
brainwashed by lentils@b0rn_dead @leanderlindahl
as #signal user, i've often wanted to use a separate profile for work, for personal and for activism. whenever you're in that situation, #deltachat is helpful.
if you ever find yourself communicating in a context where it would be bad if you're phone numbers are leaked (despite being set to "hidden" because that setting is broken), then it's time to switch from #signal to #deltachat for that.
honestly signal's whole phone number thing is about as un-private as #facebook's real-name policy.
Maypop the Dragon@pelle @b0rn_dead @leanderlindahl
the phone number requirement is actually worse because, unlike names, phone numbers are globally unique and you can't effortlessly just make one up.
edit: see reply. this is slightly wrong.
ok actually i accidentally did misinfo here oops. if court orders or data leaks are part of your threat model, it's worse, but otherwise it's less bad because you can hide it from other users by using a username.
@maypop_neocities yes, you •think• you can hide your number, because that's what the settings say, yet #signal will still leak your number, so it's actually even worse, because they give false promises of security.
does their reply to my bug report look reassuring to you?
https://github.com/signalapp/Signal-Android/issues/13824
there are other such leaks.
Sebastian@pelle @maypop_neocities Yeah, the reply from #Signal looks perfectly reasonable. They told you why it would happen, they said they would change the UI (which they did) and they told you again why this could happen. What else do you want? That looks perfectly reasonable as far as responses go.
@moehrenfeld @maypop_neocities
they're polite, but they're wrong. i'm using #OpenContacts, therefore the system contacts was empty, so when they blame the leak on system contacts they're mistaken.
phone number can be visible despite the privacy setting saying "your phone number will not be visible to anyone," which is fine if phone number leaks are not an issue to you, but otherwise serious as authorities can identify an entire network of activists from a single captuted device. it puts people at risk.
another leak issue that's probably not fixed:
https://github.com/signalapp/Signal-Android/issues/14222
@pelle @maypop_neocities The second issue was because the setting was not saved on the server side because there was an outage. I get why that is not good but still explainable. I don’t know what OpenContacts is but they didn’t blame it on the system contacts, they said that you maybe hat a chat before they started the feature and so you might have already had the number? And looking at the issue you said that that might have been the case. Where are they wrong?
@moehrenfeld @maypop_neocities
if your phone number may be visible to others, depending on compicated program logic (when you sign up; how contacts are stored on various phones; whether a setting has been enabled in the past; whether a server was available; etc) then it would be more accurate to write "your phone number may still be visible to others."
when #signal says that your number is hidden yet it may not be, then they are giving a false sense of security to users and preventing thrm from taking appropriate safety precautions. this is especially bad for an app that is advertised as safe for journalists and dissidents.
i think #deltachat does this the right way by simply not asking for your phone number.
TudbuT@b0rn_dead @leanderlindahl yes, i use it as a discord alternative. it doesnt require syncing to phone either
@b0rn_dead @leanderlindahl (i also use it as a signal alternative as i am slowly trying to get off of signal as well since i am finding it increasingly suspicious)
@tudbut @leanderlindahl what's suspicious about Signal? I think they're striking an amazing balance between privacy and usability. I'm paying monthly as I am happy to support an ethical alternative and ensure that they can stick around for a long time.
their main issue i have is that its a black box. the app on google play and such is not auditable because it isnt verified against the source code. the authors of signal also reject packaging on f droid, which makes me doubly suspicious: why would they do that if not to make sure they remain the only people compiling the app?
other than that, the phone number requirement is absolutely archaic, and made much worse by the fact that they require me to use a phone to sync my messages to my desktop. i fundamentally distrust phones, so an app that forces me to use one despite relying on no phone-specific features is extremely annoying to me because i cannot in good conscience use it for private messaging.
the need to have one singular profile also goes against basically all advice you will find on opsec. there is no point in doing this other than some form of traceability (whether by others through easier discovery or otherwise).
ĞÖKÜ👻👻™@GOKUSHRM @b0rn_dead @leanderlindahl most people im talking to will still be using the sus app, and i just dont feel like using a platform that does this stuff. also the other two points still apply, among others (e.g. centralization)
Michał Narecki@leanderlindahl any day is good to switch to Delta Chat 😉
ScenePeek@leanderlindahl Feels so good to be able to sign up on a new platform by only providing a username. No emails, no phone numbers. Kinda like the old days.