- cross-posted to:
- news@lemmy.world
- cross-posted to:
- news@lemmy.world
You must log in or register to comment.
Ironically having a giant security breach happen in a security focused messaging app was good advertising.
Of course in this instance the breach was not because of the app, which is a good thing I guess.
“When something is made idiot-proof, they will just make better idiots.”
Gestures broadly at the federal government
Gestures narrowly at oval office and cabinet.
On Signal you can verify user identify, and you should absolutely do it if were to discuss national security maters.
This is not a hidden feature, I think it’s designed to prevent man in the middle attack. It also work against the “oops I accidentally added a journalist to my conversation no one should know of”, which is so dumb that no one saw this coming 😅
It’s not a security breach per se. Someone accidentally added a journalist to the group. Signal is still as safe as it’s ever been.
PEBKAC
Everyone hoping to get accidentally added to a government group chat.
Bad actors are sowing distrust by implying that Signal is not secure. Always remember that the powers that be don’t want the public to have encrypted comms and would love to ban private messaging apps altogether. I could also be completely wrong and Signal is in fact a fed honeypot…
The code is open-source though, and I’m hoping that individuals more learned than I would surely alert us if there were any backdoors/exploits…
There are many things you can complain about when it comes to signal, but overall it’s a huge improvement from unencrypted messengers like discord and definitely a
stepleap in the right directionYou have to be very tinfoil hat to believe that this current administration is capable of anything so sophisticated as a misdirection.
For the people who want to use Signal but are stuck in WhatsApp land because all their contacts are on WhatsApp, you should download WhatsApp business and create an automated away message that says that you are only available via Signal and with a link to your Signal account (if you use a Signal username. ) People in my contacts are slowly switching to Signal.
I did something similar with Twilio. When you call or text my number you get a message about how to reach me. The Twilio SDKs are pretty good. It’s just a few lines of code.
Next up:
- Signal getting banned in US govt
- Signal getting banned in the US
- Signal servers seized, devs detained
- Signal protocol repos removed from M$hub
Good. It’s the only encrypted channel I trust right now.
Matrix is also an option and heavily audited+ federated. And unlike Signal not based in the US.
And the best? You can easily selfhost a bridge to signal and WhatsApp.
How well do the signal and whatsapp bridges work? Have you used them yourself? I tried setting up a discord bridge years ago and it was terrible. Is it better now?
I’m just learning this is an option, but Matrix Signal Bridge.
Best I can tell from the documentation, we add the Matrix server bot to a signal account, and it relates messages between the two platforms.
Yes, exactly. That’s why it’s preferable to use them self-hosted as the E2E of course ends on the server.
They have been,well, complicated and uncomfortable, a few years back but gradually improved. I use both and they are alright. The WhatsApp Bridge works flawlessly for me, no issues at all, the signal bridge has occasional issues that require a restart of the container (as in “once every one to three months”),but that’s more on the signal end of things. While they are not ideal they are the best option at the moment.
deleted by creator
The chat space is problematic.
- There are a lot of apps that don’t encrypt at all (e.g. Google chat, discord, etc)
- There are apps that encrypt but they are subject to jurisdictions that can or may in the future force backdoors (e.g., Chinese apps, possibly telegram, possibly US apps in the future)
- There are apps that encrypt, are in countries that are privacy focused but are not for free (e.g., threema)
This contributes to a fragmentation that makes WhatsApp the app that-you-must-have
Sure it is supposedly encrypted but I would not bet my money that is without back doors
Whatsapp to messengers is what internet explorer was to browsers lol. Slow, bloated, unfree, universally hated, but still somehow universally used
Ain’t that the truth
I mean honestly, feature wise, it’s pretty good in my opinion. It has some very useful features Signal lacks (e.g. live location sharing) and it’s not slow or badly designed in my opinion.
I still prefer Signal since I don’t like Facebook, but realistically speaking WhatsApp is pretty good.
WhatsApp
Not in the US, pretty much nobody uses it here. Which is really odd to me, since it’s so prevalent elsewhere.
IIRC it’s because US cell carriers don’t charge as much as others for sending and receiving SMS
That makes sense, SMS is essentially free here.
It is elsewhere now it’s just in the past it used to be stupidly expensive to send SMS.
It’s wjere text speak came from, I believe they used to actually charge by the character so if you wanted to tell somebody you’ll “be at the train station in 15 minutes” that’s quite a lot of characters, so that became “@ stn n 15” which is almost incomprehensible these days.
When WhatsApp became available everybody went over because suddenly you could communicate like humans, after the phone company’s realized that the jig was up they lowered text prices but by that point everyone had gotten used to just using WhatsApp. Then Apple came along with iMessage and no one could see the point because it only worked on iPhones whereas WhatsApp work for everyone.
Text speak mostly came from typing on dumb phone number pads to enter text. Like if you wanted to type “hi” you would have to enter “4-4 pause 4-4-4” As you might expect 5 putting presses with a pause between some of them just to say “hi” got painful. Thus the shortening.
Text messages were always charged per message. But each message was limited to 160 ascii characters or less if you were using other encodings. You could send 1 character or 160 characters but it cost 20 cents (at least where I grew up) either way.
This is all separate from l33t speak which is a whole different thing.
T9 made this way better.
Oh yeah, I remember realizing my new razr had that and started going text crazy.
I felt the same way the first time I discovered swipe-to-type on a smartphone! 🤣
I’m not sure why this had 0 votes, but it’s true. I’m old enough that my first cell phone experience was a bag phone from the 1980s.
Texting wasn’t even a thing for a while, but once it started, it was charged per message with like a 16 character limit. Then that limit was expanded, but it was always per message, not per character.
But, actually typing out a message was a pain the ass. There were no keyboards at first. You used the letters on the number pad to send your messages.
When T9 texting debuted that was a GOD SEND. Only needing to tap a lil number once to guess your word? Holy crap!
That is if you stay within one country. I still get some insane charges if I text someone 60 kilometers away because it’s international.
It still expensive to use your phone abroad that hasn’t improved
It did actually. I don’t pay for sending a message or calling my neighbour if I go to the next country or Bulgaria. The EU made it law that roaming is free.
What still costs money is if you send a message in the NL to the NL if you have a Belgian number for example, which makes it so that you still have to get a new number each time you move countries. Or rather the bigger pain is calling my mom who lives in a different member state, that I can’t really do without incurring insane charges.
We did the same here (US), but I guess texting got cheaper faster than in the EU? Because free text was generally a thing before smartphones really took over. Another interesting metric might be data costs, data was super expensive for a long time, while texting was essentially free, so I think people just didn’t want to switch to an app like WhatsApp. Data is pretty cheap now, but I guess the culture never really changed.
I remember my parents flipping shit over a $0.50 fee for a handfull of messages before text was unlimited.
That’s definitely part of it, but I think a bigger contributor is iMessage. iPhones have a dominant market share in the US and iMessage has been the gold standard for a long time and it doesn’t even use the SMS system.
So who exactly is downloading the app as a result of this latest government scandal? I’m going to guess it’s the maga crowd because they are this as an endorsement from their new king. But hopefully I’m wrong and it’s a broad sweep of different users from across the political spectrum.
Why should it matter if the new users are all magas or not?
It matters though. Like in Germany telegram is associated with hard right wings groups. Telling someone you use telegram makes them assume that you are a part of hard right ideologies.
It’s a shame as the telegram app is really snappy. You always have to say that you are on telegram but are not right wing. Even then people can be suspicious.
It just about always comes down to user error. The White House trusting Signal is very indicative of the effectiveness of the app’s underlying protocols and the organization’s commitment to privacy. This is definitely huge publicity and I hope Signal endures the limelight.
LOL what kinda bullshit comment is this?
The people in the White House are idiots. They choose Signal because they’re either dumb/negligent -or- because they have been intentionally avoiding record preservation requirements.
Signal is a solid app for sure, but these dipshits didn’t choose it for being the right tool for the job here, as it certainly is not.
-or- because they have been intentionally avoiding record preservation requirements.
It’s this one
dipshits didn’t choose it for being the right tool for the job here, as it certainly is not.
It was, actually. If they weren’t dipshits it wouldn’t have been a problem.
Signal, on your personal device, is fine for personal use. It is absolutely not fine for classified communication as the VP or head of DoD, as there are billions of dollars dedicated to compromising your phone.
The encryption doesn’t mean shit if they breach an endpoint or account.
If it was strictly personal chat, yeah, no problem, but they just have to assume the messages are being read by other nations.
That’s absolutely correct. Everyone seems to fixate on the encryption, but hackers are lazy and they’ll attack whatever is weakest. In this case that means the storage on the phone after it’s decrypted.
Don’t store classified information on your phone, regardless of what you use to transmit it.
Or better yet, do whatever the heck security experts tell you to do. I can only imagine what’s standard procedure for the president’s cabinet.
Exactly. I can guess as to what decent OPSec looks like, but that’s not my job and I’m not an expert. If you’re in a sensitive position, listen to the experts. If you’re a hobbyist, do whatever strikes your fancy.
It’s not the right tool for their job but still a good tool for the laws they were trying to break…
I wholeheartedly agree the White House is full of morons. I was just saying that Signal is a solid app for me to securely share bullshit with my family. Its definitely not the right tool for government officials to use. But its plenty safe for sharing memes and pics of my dog.
The white house trusting signal is nice, but using it to circumvent official communication tools which document messages for the archives is not the way it should be used - they used the “disappearing messages”-feature as well. This usage is more in line with criminal organizations like the mafia or yakuza.
I believe some people have been ordered to archive the chat so that it can be presented to Congress in the future. Trouble is, looking at the screenshots it’s already gone as they had the message lifetime set to a week.
I wonder if this will be seen as destroying evidence .
i’m pretty sure that there are laws regarding required archival, but laws seem optional for this administration.
There very much are law requiring archival, but now it’s been ordered in the hearings as well. This makes it much more obvious that it’s a problem.
Signal has been with me for a decade. Have had Matrix/Element installed for years but no one i know uses it
hmm havent heard of this one yet. Looks promising, gonna try it later. Thanks!
For people seeking an interface similar to signal, I suggest Session. It’s a fork of signal that onion-routes the messages (they have their own onion routing network, not TOR). There are no user IDs stored anywhere, you message people through their public keys. From the user experience side of the coin, it’s a little on the slow side tho.
But definitely find out beforehand whether there were any security gaps or anything else. I followed the whole thing at the beginning of the tox protocol and the clients were not yet fully developed. But since I couldn’t get people away from WA, I forgot about it over time. So I can’t say anything about the security.
I know session… well i have read about it… Didnt test it because i would fail at the same point like with tox.
