43 points
*

Well, she’s not wrong that we need more influential people fighting back against this latest push in the global coordinated effort to put an end to communications privacy. It’s really quite alarming how little attention it seems to get most of the time. Civil society seemed much more robust when it fought off similar attacks in the 1990s. I do hope that the “VC community” isn’t our only hope.

But of course Signal can’t interoperate with another messaging platform, without them raising their privacy bar significantly

Signal is supposed to be free software. You could probably manage to interoperate at least with other operators of actual Signal-Server instances, if you wanted to.

permalink
report
reply
8 points

There’s already something like this and it’s called SimpleX. Messages are sent through relays and a very familiar form of ratcheting encryption is used.

It’s still in its infancy, but anyone can run and use their own relay.

permalink
report
parent
reply
3 points

Simplex is a great example of why trying to force apps to work with each over is bad for a number of reasons.

Simplex chat would be massively compromised as a messager if it was required to work with Telegram. Imagine the amount of spam you would get if nothing else.

permalink
report
parent
reply
1 point

IMO a better example is Matrix bridging - in order for an app like Signal to work on your Matrix account, you do have to compromise your Signal messages on it.

But otherwise, yeah, I definitely agree with your assessment. Even if Signal and SimpleX used an identical protocol, the nature of sealed sender messages would make spam prevention and server abuse more difficult to handle IMO. SimpleX is still relatively obscure, and I’m not sure what scaling up will look like for it.

permalink
report
parent
reply
8 points

The problem with trying to be compatible with everything is that no one can agree on what a good protocol should be. Trying to force apps to work together is problematic as you end up creating a large attack surface.

I appreciated what they want to do but the GDPR has kind of gone over the top in my opinion.

permalink
report
parent
reply
6 points

I run a matrix server that interoperates with signal, whatsapp and discord so people who need to use those platforms are able to use one app instead of three and also keep their info private.

permalink
report
parent
reply
5 points
*

How’s that keep people’s info private? Every Signal-Matrix integration I’ve seen decrypts the data and just holds it unencrypted on a (Matrix) server.

permalink
report
parent
reply
2 points

I‘m talking about apps like discord or whatsapp that have a lot of info on you when you open them. The open source clients are a lot less data hungry afaik.

But yes, the encryption between the apps is not seamless so you‘d need to activate encryption again for this if you want it.

permalink
report
parent
reply
2 points

free software doesn’t necessarily mean federating with other services.

They have stated their reasons why they don’t wanna do it. You might disagree with them or not. But the technology they built is still open. Anybody could take what they created and use it as a foundation that does federate.

permalink
report
parent
reply
-1 points

I have been disappointed by signal so much that I’m not suprised by this. There is no legitimate justification to why they don’t distribute on F-Driod.

permalink
report
parent
reply
28 points

Why is Signal not on FDroid, or heavily use Google services?

permalink
report
reply
38 points
*

Signal doesn’t “heavily use Google services”. They only use proprietary libraries and integrations for 2 purposes: Donations and push notifications. Signal uses the platform’s native way of handling push notifications, on iOS it’s APNs and on Android it’s FCM. This is also the reason why it’s not available on F-Droid. You can use a fork of the app like Signal-FOSS or Molly. These remove all proprietary dependencies and you can download them from their custom F-Droid repositories.

permalink
report
parent
reply
14 points

Molly is wonderful but I use signal-foss because it shares openstreetmap location by default 🤩

permalink
report
parent
reply
4 points
*

Molly claims to use OSM in their FOSS builds: https://github.com/mollyim/mollyim-android/blob/main/README.md#dependency-comparison. I can’t confirm this because I never use any Signal features that require map integration.

permalink
report
parent
reply
2 points

I have to be misunderstanding what you’re saying because it sounds like you’re happy that app shares your location by default? Or do you mean it uses that format by default when you decide to share a location?

permalink
report
parent
reply
17 points

there is a fork with proprietary dependencies removed called Signal-FOSS, whose repo you can add to F-Droid if you decide to trust it

permalink
report
parent
reply
15 points

There are several Signal forks on f-droid that remove the need for Google services iirc.

permalink
report
parent
reply
13 points
*

To answer your second question: they advertise Signal as a secure and private messenger, so heavily using Google services would be kind of counter-productive. To answer your first question: here.

permalink
report
parent
reply
-1 points
*

Because they don’t seem to care about free software I guess

You can use Molly if you want more freedom. I do wish that Signal would build in orbot to avoid censorship.

permalink
report
parent
reply
-4 points

Because signal doesn’t care about privacy or anonymity

permalink
report
parent
reply
-17 points

Might as well use whatsapp in that case which is debatably on par or better than signal for encryption.

permalink
report
parent
reply
11 points

We don’t have any clue on how good whatsapp encryption is. It’s closed source.

permalink
report
parent
reply
-14 points
*

The whitepaper explains it in detail. Closed source doesn’t mean worse by default. In a lot of cases the opposite since professionals were hired and paid for their work and the company thinks they have an edge on the competition. Open source is more of a grab bag. Commercial use of open source is plagued by abandoned projects and lack of support obligations, even though it might be better in certain instances.

permalink
report
parent
reply
9 points

This is the best summary I could come up with:


AI is “not open in any sense,” the battle over encryption is far from won, and Signal’s principled (and uncompromising) approach may complicate interoperability efforts, warned the company’s president, Meredith Whittaker.

“We’re seeing a number of, I would say, parochial and very politically motivated pieces of legislation often indexed on the idea of protecting children And these have been used to push for something that’s actually a very old wish of security services, governments autocrats, which is to systematically backdoor strong encryption,” said Whittaker.

” ‘Accountability’ looks like more monitors, more oversights, more backdoors, more elimination of places where people can express or communicate freely, instead of actually checking on the business models that have created, you know, massive platforms whose surveillance advertising modalities can be easily weaponized for information ops, or doxing, or whatever it is, right?

One specific such proposal is comes via the Investigatory Powers Act in the United Kingdom, under which the government there threatens to prevent any app updates — globally — that it deems a threat to its national security.

“And honestly,” she added, “I think we need the VC community, and the larger tech companies more involved in naming what a threat this is to the industry, and pushing back.”

But of course Signal can’t interoperate with another messaging platform, without them raising their privacy bar significantly,” even ones like WhatsApp that support end-to-end encryption and already partly utilize the protocol.


The original article contains 1,027 words, the summary contains 238 words. Saved 77%. I’m a bot and I’m open source!

permalink
report
reply

Privacy

!privacy@lemmy.ml

Create post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

Community stats

  • 4.3K

    Monthly active users

  • 2.9K

    Posts

  • 78K

    Comments