• Sammo@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        3 years ago

        Also a few interesting things: I saw a lot of people saying that Signal isn’t keeping metadata, and a few articles from4 years ago claiming that. I took a look at the signal ToS and Privacy Policy which states quite the opposite: „SIGNAL DOES NOT WARRANT […] THAT OUR SERVICES WILL BE […] SECURE, OR SAFE”, „For the purpose of operating our Services, you agree to our data practices as described in our Privacy Policy, as well as the transfer of your encrypted information and metadata to the United States and other countries where we have or use facilities, service providers or partners.“ and „Other instances where Signal may need to share your data

        To meet any applicable law, regulation, legal process or enforceable governmental request.“

  • ᗪᗩᗰᑎ@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    3 years ago

    A quick rebuttal of some points you made. Not going too in depth as I just want to provide my perspective:

    • CIA Funding:
      • This is a non-issue. The OTF also funds: Briar, Tor, Wireguard, Delta Chat, Bind9, CGIProxy, CertBot, K-9 Mail, Tails, NoScript, QubesOS, The Guardian Project, and a host of other essential privacy tools/software. You’re telling me they’re all compromised just because they’re getting funded? I don’t buy it.
    • A Single, Centralized, US-based service
      • The Code is open source and Android has reproducible builds, iOS would have them too, but it’s impossible based on the way Apple’s build process works. Lastly, Signal’s devs/infra exist in the US, they have to exist somewhere, why not the country of origin? With the code being open/reproducible, you don’t have to trust them.
    • Phone # Identifiers
      • This is to make onboarding easier and minimize spam - I got my grandma to install it and find the rest of the family on Signal VERY easily. Trying to get her onboard with Matrix/Element or even Briar would have been a struggle. I like Briar, but its not ready for mainstream yet. I also like Element, but I don’t believe it’s quite a text/sms replacement like Signal is - in addition to leaking metadata.
    • Social network graphs
      • Here you mention metadata, so I’ll ask which other provider goes to the lengths that Signal does to minimize the collection of metadata? And please read over how Sealed sender works before you claim its easy to circumvent. You deride their implementation and claim how easy this is to collect without understanding what’s going on under the hood.
    • Abandonment of Open source
      • This is a stretch. Signal is a non-profit. They don’t have the same funding or staffing as their competitors and all their code is current. Yeah, they let it get out of sync for a while, they’re human, not robots. Don’t let perfect be the enemy of good.
    • Bundling a Cryptocurrency
      • What does a messaging platform have to do with crypto/payments? I don’t know, you should ask every other big player who is also trying to get in on the game hoping to siphon even more data from everyone’s purchases.

    I do want to close by saying that Signal is definitely not the end-all-be-all of secure messaging platforms, but it is currently the best for mass adoption. I’m keeping my eyes on Matrix, Sessions, and Briar, but can’t say they’re ready to “go mainstream” yet.