“When you use Signal, your data is stored in encrypted form on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on.”
This isn’t an ad, I wasn’t paid for this post. Just to clear the air: fuck facebook, fuck elon musk and twitter, fuck anyone who thinks this is a paid advertisement. I wish I was paid for this shit, I just wanted to spread the word. Thank you. 😀 👍
I found the hardest part was convincing people to move away from the incumbents such as WhatsApp / FBM etc as all their contacts / friends / family were already using those platforms.
Same, I tried to move to Signal a couple years ago, but I couldn’t get anybody except one friend to follow, so I gave up on it. I would try again, but I know it wouldn’t go any different, yet.
Network effect 😃
The people that run signal are a fair bit sketchy though, telegram is a generally better option.
No telegram is definitely worse. Their cryptography is amateurish at best and wrong on purpose at worst. Attacks again telegram are regularly found (https://www.research-collection.ethz.ch/handle/20.500.11850/506353) and telegram chats aren’t even end-to-end encrypted by default.
They are ignoring a lot of cryptographic best practices in their protocol to the degree where anyone taking a basic cryptography class will laught at it. The paper above shows that some cryptographic properties can be proven for telegram but those look more accidental than actually planed.
So yeah I’d say telegram is way more sketchy. The signal protocol is significantly better. Telegram’s still probably better than WhatsApp tho.
Interesting I wasn’t aware of that, thanks for letting me know.
Also, while I’m not familiar enough with cryptography to know how accurate that is, speaking to OP’s point regarding the people behind the apps…Telegram’s people are sketchy themselves. From what I gather it sounds like the lead person behind Telegram is more or less a tech bro but Russian instead of American or South African, and has some similar negative qualities.
It’s a long article, but Wired’s feature on Telegram is an interesting read. TL;DR though is that Telegram seems to be led by yet another eccentric libertarian who reportedly is very controlling over certain aspects of the platform.
As an aside, for anyone put off by Signal’s foray into cryptocurrency BS, Telegram also tried to dive into crypto, so…Yeah.
I still wish they hadn’t dropped sms on android. A few family members dropped signal as soon as they needed another app for messaging.
I’m very glad they did. It was hard to recommend while they did, it’s a huge security risk! Sms needs to die
I still don’t understand why they did that, I used to use Signal for everything and while it was clear that it couldn’t encrypt basic SMS I could at least do all my messaging in one place. Now, I can’t communicate with 80% of my contacts via Signal even if I wanted to, forcing two separate messaging apps.
Just let me send unsecured messages. It’s fine. As it stands now I don’t think I’ve even opened Signal in nearly six months even though I’d much rather use it than the default messenger.
Basically, it makes the whole platform less secure because you could accidentally send a non-encrypted message at any time. With SMS-free Signal, at least mistaken sent messages are still E2E encrypted.
Is their goal to become the new de-facto messaging app? Or is their goal to become the most secure messaging app for whistle blowers, etc for whom a single mistake could mean losing their life or their freedom?
If they are so concerned about the privacy and lives of whistleblowers they should implement usernames (and multiple accounts) instead of forcing people to give their cell phone numbers to others.
The use of cell phones in an app supposedly made for dissidents and whistleblowers is the stupidest decision I’ve ever seen.
Have unsecured messages be opt-in and have a warning banner on non-encrypted messages. Maybe even a confirmation dialog.
That way people who want or need to be that paranoid can be, but the rest of us can have something a bit more convenient.
By disallowing SMS messaging they’ve just made it so a lot of people who were being secure when their contacts allowed, aren’t being secure at all.
Yeah, I’m basically in this boat. My OS is what brings my notifications together, and makes clear distinctions between the different apps I utilize. I don’t need one app to do everything. I use signal for sensitive business, having conversations about projects and sending credentials to coworkers. I use Teams for general work conversations. I use iMessage for nearly all other casual conversations - of those maybe 30% are SMS.
deleted by creator
no reason
I mean, you can see at least one reason I’m sure
As an Android user, all I have to say is fuck iMessage. Dark pattern, anticompetitive piece of shit.
I think you mean Apple. Apple is an anticompetitive. They don’t want people to leave their ecosystem the moment they’ve bought a signal apple product.
I only communicate with two people in signal. I still use it because I genuinely despise Android messenger.
2 people, one of which is your relative and the other drug dealer I imagine
Downvoted but the only people I know who used signal were drug dealers/users
Interesting. I use signal with my family, coworkers, and some friends. Never once done drugs, and only a couple people I know that use it did drugs in the past, and didn’t use signal then.
Cuz, it was about killing functionality in order to grow their market share. Just go listen to the new lame ass Signal CEO. It’s capitalism that ruined Signal like it does everything
What are you talking about? Where did they say that? How does capitalism ruin a non-profit organization? It makes absolute sense for them to have removed SMS. Here’s their statement about the removal: https://www.signal.org/blog/sms-removal-android/
Sadly, I think they saw the writing on the wall with Google’s RCS push, and the decided lack of RCS APIs for Android apps to implement an RCS interface outside of Google. SMS has a lot of staying power, so it won’t happen overnight. But there’s a good chance that third-party RCS apps on Android will never be a real thing, or will forever end up hobbled. I think the Signal product folks imagined they had a LOT more clout than they actually had in the community. Sort of a less disastrous version of the Twitter and Reddit changes this year, trying to lock folks in.
The RCS issue hits the nail on the head I think. It’s really the biggest stumbling block for everyone at this point.
Still fascinates me how many folks in the US use SMS. It’s been dead for over a decade now over here. I mean I would have expected it to stay with a lot of folks using feature phones. But that also not the case as far as I know.
Because it’s a universal standard. It doesn’t matter if they have an android, and apple, a microsoft phone, some LG flip phone- SMS Just Works.
And the fact that Signal has dropped support for it is why Signal no longer works and has lost basically it’s entire US/European market, because it’s now just another walled garden that needs people to get people- and it doesn’t have the people.
I thought most parts of Europe are the ones that dropped SMS
Yeah this same thing happened to me. I rarely get messages in signal anymore and can’t reliably know who still has it installed. It’s great for folks you are in regular communication with though.
I made it easy by making it the only messenger I use. Sure, you can send me a sms, but that’s not gonna work for pictures and especially videos.
This was always the hardest part of these types of apps for me… getting people who just want something to work and already have a working thing are pretty impossible to get to swtich
Yupp. Had been working for a while on getting people to Signal, and then they dropped SMS, and they moved to other things and i couldn’t realy recommend it anymore.
Not only that, it makes people less likely to move to something new. I had almost everyone moved to signal. Now there’s one left, because it doesn’t work for SMS. Great choice they made. I haven’t even been able to convince one of my contacts to install simplex, and I doubt I’ll ever be able to. I had one shot, and wasted it on signal. I’m kind of salty.
Yup, I used Signal for years, it was my standard “messager” for everyone, people with Signal too or regular SMS. since they dropped SMS, I dropped Signal…
I removed it immediately because of this. It’s inconvenient to try and remember who I can communicate with through signal, and who I have to use a different app for. Signal jumped the shark.
The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on."
Ahem, and a list of contacts, they’ve improved since, but it used to be that this was a simple hash of the phone number which is obviously vulnerable to a very easily generated rainbow table.
and a list of contacts, they’ve improved since
I’m confused. Are you saying they still store contacts but with better encryption or that they no longer store contact information?
If only they still supported sms…
Doesn’t your phone already have a sms app?
Its immensely difficult to convince your circle to download yet another app to message a handful of people. It is much easier to convince them to replace their SMS app.
I got rid of Signal after they added cryptocurrency to their app.
While I have no issues with cryptocurrency itself, it was a reminder that they have full control over the app. Now I happily use XMPP and Matrix for communication with friends and family.
Your friends and family use matrix? Ok, I understand, that you can pressure your family to use it, but are all your friends that geeky?
Random question as Im very interested in using XMPP: Are public homeservers fine as long as you enable encryptions? And is there a list of recommended homeservers?
Im aware you can self host, that just is not an option for me currently
You’re more than welcome to register an account on canchat.org (my server).
And yes, as long as you enable OMEMO encryption, your server provider cannot read your encrypted messages.
https://providers.xmpp.net/ is a good resource for finding a provider (homeserver) as well.
That website is awesome! Exactly what I was looking for, thank you!
they have full control over the app
Yup, this is also my problem with Signal; you’re stuck with whatever boneheaded decisions the devs make and there’s nothing you can do about it. Personally, my pet peeve is their refusal to add any kind of data export. As someone who likes backing up chat history, this is a dealbreaker for me.
Indeed. I opened the Signal app after a really long time last week and found that they had added a useless Stories feature like WhatsApp. I uninstalled the app since I never used it anyways.
Edit: Looks like Signal stories can be turned off unlike WhatsApp stories. That’s a win I guess.
Exactly. I sometimes switch my SIM card between two different phones; Signal makes that process super confusing and awful because your Signal account, on a phone, doesn’t just behave like an account, it has hooks built into your phone and messaging apps. Telegram, on the other hand, lets me set a password and use 2FA via email and then just… log in. Honestly it seems so much simpler I can’t understand what the Signal devs are up to!
They’ve had data export for a long time, I helped make exports in support of a lawsuit more than 3 years ago.
Is this on iPhone? I have regular backups enabled on my android
If you have android, Molly is great 3rd party client.
I’ve tried it, it’s definitely better. If I absolutely had to use Signal I’d use it through a Matrix bridge.
Are you fundamentally against crypto? Not all crypto are scams.
Not all crypto is currency, even. The coolest shit is just decentralized versions of things we have already.
I’m particularly interested in things like Arweave. Smart contracts are cool too, though, to be actually useful, governments need to embrace them.
Not all crypto is currency, even. The coolest shit is just decentralized versions of things we have already.
Ah didn’t know about that. That is a dealbreaker. Too bad, it always looked promising but now it just looks like a scam app.
It’s certainly not a scam, and it is a reliable, private messaging app, don’t get me wrong. It’s just not decentralized/federated, and that’s the issue for me.
Been using Signal for a very long time now, with my SO, parents, brother and a few friends. But it’s inevitable to also use WhatsApp side by side. Selling/Buying on the local marketplace? WhatsApp. Workplace colleagues? WhatsApp. That group of buddies where only 1 or 2 converted to Signal? WhatsApp.
Same thing here, only a couple of my friends have Signal. Everyone else uses Whatsapp.
WhatsApp has full E2EE and you can configure it to only store messages and backups on your device. Obviously others could save a cloud backup, but the backup is still fully encrypted as well. Messages aren’t accessible by Meta and they can’t be forced to turn them over to local governments, so it’s really not a bad messaging app overall if you have to use it.
I’d be fine with using it as my messenger of choice if they open sourced it and allowed us to run our own servers
The bridging capabilities of matrix make it unbeatable for me. I can’t make everyone switch to it, but damn has a lot more been willing to do so when I show them they can have discord, telegram, whatsapp and more in one app.
Why is it so few people care about what they use?
Cool but most people don’t want another messenger app and aren’t concerned about privacy.
I sometimes wonder who’s paying to run the servers, and where that money originates.
It kind of doesn’t matter… That’s the beauty of fully auditable open source end to end encryption.
They know the same things about me as WhatsApp. They have all contacts and all metadata. Why do you say it doesn’t matter?
There isn’t any audit on whatsapp’s side. So you are trusting they are running the code they tell you they run on their servers.
So it’s not just about metadata, I wouldn’t trust facebook not to have some kind of access to the content of the messages. Which is much worse.
Also, Whatsapp is Facebook right ? Not really an amazing track record when it comes to privacy. They said they implemented the Signal protocol but you still have to trust them to be doing so.
I think that’s what the person you are responding to was essentially saying, we do not know for sure what Whatsapp does.
Well now you are really insinuating a conspiracy inside Facebook. That may be happening and that would be bad.
But I’m not talking about anything like that. I’m really only focusing on what Facebook openly says what WhatsApp is doing, and monetizing. And that’s exactly about the same data that we give Signal under the flag of open source and freedom. There’s no difference, except that in the case of WhatsApp I know the business model, and for signal I don’t.
I don’t pay for Signal servers, so who does?
That information is easily found with a web search, so there is no need to cast aspersions. It’s funded by Brian Acton’s “activist” funding (interest-free loans of $100 million+ total to Signal Foundation over the years). I’d guess Acton used it as a huge tax write-off the year he sold WhatsApp to Facebook.
Other revenue sources include voluntary user donations and grants from many free press organizations whose members rely on Signal. Some years they report positive net income, and other years they report negative.
Signal Foundation tax forms, which list all general revenue sources: https://projects.propublica.org/nonprofits/organizations/824506840
What Signal says about how they operate: https://signal.org/blog/signal-foundation/ https://signalfoundation.org/en/
Signal Privacy Policy: https://signal.org/legal/#privacy-policy
All the code, including what runs on their servers and in their apps, so you don’t need to take their word for anything. You can compile the signal client from source if you like: https://github.com/signalapp
Article which talks about their audit history (this is their weakest point. The full results of the audits Signal paid for were never published): https://restoreprivacy.com/secure-encrypted-messaging-apps/signal/
However, anybody can check for any spooky stuff in their code, so I doubt they would purposely try to hide anything untoward there.
No offense, but both style and factual claims that article shout conspiracy theory.
I can’t take this piece of writing as a serious source.
Maybe, but I find it more likely to be true than false. My overarching takeaway is that if you actually care about the secrecy of a communication, don’t use signal, use gpg.
It is good for what it does, we use it at work for out of office chats.
Signal is great. I wish more people used it because I trust it more than anything that’s a product of Facebook. No matter what they claim, I always worry there’s something they aren’t admitting to.
The WhatsApp creator left Facebook early, leaving $850 million behind, because he thought they were pure evil, and then he went to the signal creators and threw money at them to not sell or turn into a shit show. He is now the interim CEO of signal. He plans to keep it as a private foundation that is using a donation model to keep it going.
Also, if you work for an employer that asks you to download signal for work communication, make sure you record all conversations by screenshots or screen video. People can wipe signal communications remotely and this can give employers deniability while putting things on the employee. Practice CYA at all times.
He plans to keep it as a private foundation that is using a donation model to keep it going.
I abandoned Whatsapp several years ago and since then have used Signal nearly every day (to keep in touch with a handful of friends), have had a recurring monthly donation set up for a couple of years now.
One on the one hand there’s the privacy, but what clinched it for me originally was the ability to seamlessly switch from my tablet to the cellphone to the desktop, all Apple. Signal was (and probably still is) better at this than Whatsapp.
nice try FBI
Questions:
- On an andriod phone Signal replaces your messaging app, right?
- Signal is NOT like Viber, Whatsapp, etc. right? No video chat, just text?
ETA: When I say “replaces your messaging app” above, I’m referring to “normal” texting on your phone, not whatsapp, viber, etc. Sorry I wasn’t clear.
Answering to 2 - signal is a bit like Viber, WhatsApp etc, but the message and metadata are encrypted from end to end, meaning signal servers can’t know exactly the content. WhatsApp included this few months ago, but not on the metadata only the content of a message
Yes and yes, It can replace Viber, Whatsapp, and etc if I am not mistaken. They also have end to end and whispers which are 24 messages if you and your recipient are both on signal.
- Yes but only for internet messing
- Correct although it’s unnecessarily introducing something like fb stories/reels whatever the name is. It’s totally optional of course.
-
They used to have that functionality (and I loved it) but they removed it due to it “not being secure enough” for their standards
-
Signal can absolutely replace WhatsApp, Viber (although I never heard of it before), etc. It supports voice and video calls, and you can even screen share from desktop
I was so bummed when they removed that feature. I didn’t really understand why viewing SMS in the app was “not secure enough”.
I guess they have some criteria for security and they don’t want to “ship” features that are below that (SMS is the most insecure you can get).
-
