"we kill people based on metadata"
"Signal is safe, all they have access to is your metadata"
Login to reply
Replies (33)
Why?
This is fuckery I can approve of lol
what are the best resources to learn about these vunerabilities?
View quoted note →
The only metadata they can get from Signal is frequency of messages and the size of the message files. Everything else is encrypted. There's a feature with Signal called Sealed Sender, it makes it so anyone looking at the data being exchanged can't know who messages came from. This means that unless you and your contact are both active targets of the government, they really can't do much with that minimal metadata... Or, at least, nothing they can't do with other options.
Now, if you need total anonymity due to being a whistleblower or something like that, I'd definitely recommend Session instead, as it's anonymous, has almost no visible metadata and is onion routed. It's not great for a daily option, however, thus why Signal is the best option for the average person.
Simplex is better imo
I agree
If people enjoy SimpleX, more power to them, but I just don't find it to be a good experience at this point in time. There are also some valid concerns over its security that I'm also questioning myself.
That said, nothing about it is inherently bad, just not for me haha
Really, though? It's more anonymous for sure, but it's really slow if you have more than one or two populated groups, most of its 'decentralized' architecture is hosted by them and they're backed by a for-profit corp.
It's cool if you prefer it but I'm not sure how well it actually holds up under scrutiny.
Lots of FUD surrounding Signal but it really doesn't hold up when you research how Signal works. I mean, even Snowden himself uses Signal and he's one of the most wanted men on the planet.
There is some nuance here. If I'm not mistaken Signal knows that communication between two parties was established due to the authentication token, but sealed sender prevents them from knowing the content or frequency of communication between two parties.
I believe frequency is unavoidable with any messaging app, though, right?
Interesting: If you view this post in Amethyst, it says "edited". And when you click on "edited" multiple times, it plays an animation of two white balls bouncing around on a black space.
Fair enough 😁 Would you care to point me to some security concerns?
Yeah. It's @fiatjaf protesting about edits.
Abuse is a great way to force changes. Just look at the spam wars.
Stu, t-y/
Don't disagree
According to Signal (...) the sealed sender functionality prevents them from knowing the frequency.
It is like he wants to damage his own invention, his own protocol.
How long will it take those Bitcoiners to understand that Bitcoin IS the metadata.
If you swap Monero for Bitcoin, you are at risk..
"we kill people based on metadata"
"Signal is safe, all they have access to is your metadata"
View quoted note →
What's the point of this spam?
"This design prevents leaking any users' metadata on the application level. To further improve privacy and protect your IP address you can connect to messaging servers via Tor."
SimpleX Chat: private and secure messenger without any user IDs (not even random)
SimpleX Chat - a private and encrypted messenger without any user IDs (not even random ones)! Make a private connection via link / QR code to send ...
Ive been thinking, the only truly private way to send a message is Owl Post. We must all buy owls and train them.
The biggest is definitely the fact that a vast majority of its relays are run by the company, which is a for profit company that kinda just showed up out of nowhere. The tech itself seems solid but it's concening to me that the relays are overwhelmingly run by the company.
Also, unlike Session, itd be incredibly easy for governments to set up honeypot relays. If I'm not mistaken, there isn't any onion routing in SimpleX, meaning they wouldn't even need to do a sybil attack to know metadata like your IP.
Thanks, that’s very informative. I saw that @Start9 has a @SimpleX Chat server package on their marketplace which means other people could run servers. But that is an issue in itself as you state in your second point 🙂
stop thinking of them as vulnerabilities. trust.
not your keys not your data
🤣🤣🤣🤣😭😭😭
"we kill people based on metadata"
"Signal is safe, all they have access to is your metadata"
View quoted note →
Signal is soo META 🫠
True, but an overwhelming majority are run by the company. There's absolutely zero evidence that Signal is a honeypot.
No problem! I'm down with people using what they enjoy; as long as they're not using unencrypted messengers or big tech ones (Telegram basically falls under both categories), they're doing good for their privacy. It just irks me when people buy the Signal FUD and rush to act like SimpleX is the ultimate, end-all option haha
Got it 😁 thanks again!
Location data (if changing device without sms), phone number, ip address, network graph
"trust me bro" backend
signal is not great