I see i can find a foss version on f-droid, and that’s something not a lot of social networks can have, i don’t really like all the crypto bullshit and ads testing they’ve been up to lately, but still looks better to me compared to what Reddit have done lately or what other platforms have done in these years…
I don’t know about their privacy feature, but i wouldn’t trust their chat as for as far as i knew they were not end to end encrypted some time ago (except for secret chats).
Anyway it still looks like one of the at least still decent platforms out there, or am i wrong?
Signal is also end to end encrypted (E2EE) with decryption keys stored on device.
And how decryption key gets to other device 👀?
It’s a “basic” Diffie-Hellman key exchange that’s been a solved issue since before mobile phones were even invented[0]
.
Think of it like this:
I give you a lock that only I have they key to open it. You can secure (read encrypt) any message with it by placing it in a box and locking it with my lock, send me the box and - because I’m the only person in the world with the key to open it, we can say you’re sending me a secured (encrypted) message. It doesn’t matter if anyone can intercept this lock because all they’ll be able to do is send me secure messages from their inbox. Now, in the digital world this lock we’re giving each other is a cryptographic “public key” that you can lock a million things with (messages, images, videos) and send them to me via the internet. We can thus exchange public keys and securely message each other.
I’ve simplified it a lot, as Signal actually uses something called the “Extended Triple Diffie-Hellman” (X3DH) [1]
, but I hope this explains how it works. You can read more about it here [2]
[1]
https://www.signal.org/docs/specifications/x3dh/
[2]
https://security.stackexchange.com/questions/45963/diffie-hellman-key-exchange-in-plain-english