So…there is a concerted campaign, with Musk as its mouthpiece, to discredit Signal and get people to switch to Telegram. It’s disinformation, but there’s also useful information in it. The useful information is that a hideous, powerful, right-wing crank — or whoever’s yanking his chain — really, really wants people to use Telegram.
We’ve long known Telegram’s security is weak. But now, in light of this new information, we should move forward assuming that Telegram is actively compromised.
Yes there is FUD around signal. But they are not offering any better solutions.
Signal has some structural issues, and isn’t a good solution for all threat models (i.e. if your a government who doesn’t fully trust the USA, then signal isn’t for you)
Any conversation that doesn’t talk about briar, simplex, etc is deeply flawed since only they attempt to address the fundamental structural issues with signal.
Don’t use that centralized chat service, use THIS centralized chat service - is just FUD… and isn’t a helpful conversation.
Don’t use a centralized chat service. Use a decentralized chat service. XMPP uses the same encryption for it’s e2e encryption, is decentralized, and super light weight for both the server and the client.
And “super easy” to use. To get your friend onto it, first you have to host a server, then they have to install a client with an interface from the 90s, activate the XEPs for encryption on their client and ensure the server supports it too, exchange usernames, create an encrypted connection and exchange random codes over another medium to ensure you’re talking to the right person.
NOW you can start chatting with the other person and hope the server doesn’t crash. ECPC
Or, you can skip the unhinged rant, use monocles or dino, and a public server.
Also, hosting a server is much simpler than something like matrix. You can host an xmpp server on a pi and that is more than enough. Or, just use a public server.
So difficult.
I like how you included steps that absolutely aren’t required and haven’t been for like a decade to make your statement more hyperbolic.
Uploading your private key to the cloud is a very risky thing to do regardless of your threat model. And there are many threat models that absolutely cannot do that. So it is worth indicating as one of the weaknesses of signal
Yes there is FUD around signal. But they are not offering any better solutions.
Signal has some structural issues, and isn’t a good solution for all threat models (i.e. if your a government who doesn’t fully trust the USA, then signal isn’t for you)
Any conversation that doesn’t talk about briar, simplex, etc is deeply flawed since only they attempt to address the fundamental structural issues with signal.
Don’t use that centralized chat service, use THIS centralized chat service - is just FUD… and isn’t a helpful conversation.
Don’t use a centralized chat service. Use a decentralized chat service. XMPP uses the same encryption for it’s e2e encryption, is decentralized, and super light weight for both the server and the client.
And “super easy” to use. To get your friend onto it, first you have to host a server, then they have to install a client with an interface from the 90s, activate the XEPs for encryption on their client and ensure the server supports it too, exchange usernames, create an encrypted connection and exchange random codes over another medium to ensure you’re talking to the right person.
NOW you can start chatting with the other person and hope the server doesn’t crash. ECPC
Anti Commercial-AI license
XMPP is nice, but OMEMO is brittle.
Haven’t ran into issues with it yet, and this is my preferred PM method. When does it break?
One account, multiple devices logging into it (in my use case, personal laptop, work laptop, two phones).
Or, you can skip the unhinged rant, use monocles or dino, and a public server.
Also, hosting a server is much simpler than something like matrix. You can host an xmpp server on a pi and that is more than enough. Or, just use a public server.
So difficult.
I like how you included steps that absolutely aren’t required and haven’t been for like a decade to make your statement more hyperbolic.
how? i tought it was e2ee and open source?
https://hackertalks.com/comment/1056851
The security of your key is determined by the strength of your passphrase. Am I missing something?
https://hackertalks.com/comment/3441244
Uploading your private key to the cloud is a very risky thing to do regardless of your threat model. And there are many threat models that absolutely cannot do that. So it is worth indicating as one of the weaknesses of signal
the best answer
Removed by mod