So, I was told to not use Signal, so all that is left is Matrix. And I am not techy enough to have my own server and neither are my relatives, so Matrix.org is the only option
Private against who?
Privacy communities need to really drill in the idea of threat models instead of pretending privacy is some linear scale and the ultimate goal is to bury your phone and computer in a lead-lined concrete block underground. Privacy and security are meaningless concepts unless you know who your are protecting it from and what their capabilities might be. I don’t need to hide from NSA Tailored Access Operations because I’m not trying to x the y of the USA. I do need to protect myself from basic scam attackers, copyright trolls and neo-nazi stalkers. And Matrix, along with certain basic opsec guidelines, does that and more for me.
Signal is perfectly fine to use.
Most packages/installs of Signal contain proprietary code. I suggest Molly-FOSS instead.
Molly also has some quality-of-life improvements - such as allowing to enter a device pairing link manually instead of scanning a QR code (thus allowing use in a VM for registration without a smartphone), or being able to use a generic Socks proxy instead of Signal’s own solution. Not only does that allow running Signal over Tor without using Orbot as a “VPN”, but is also more versatile (I wouldn’t want to set up a separate proxy just for Signal, and also their implementation is apparently inferior to some advanced obfuscation solutions).
P.S. Also idk if this has been fixed, but Signal’s app bugged out during registration and got stuck on “no google services” warning on my Graphene device, yet Molly went through flawlessly.
It is not. We are on a privacy sub on lemmy, services that require mandatory phone number are far away from been fine to use.
Can you please provide any data where Signal has been compromised? I’m not saying that the possibility doesn’t exist, but I’ve certainly never seen one single instance where Signal was compromised, so please do share.
I think there is campaign to get people to use signal, while servers are proprietary and other things are questionable.
It is a great operation for convincing the majority.
Servers are always going to be owned by someone. But the data is encrypted with keys not available to the server. Signal isn’t perfect, and I don’t like some stuff they do, but it’s the best design out there that is also relatively user friendly and doesn’t have holes that are easy to exploit by the server owner.
Matrix/Element is pretty private, but not wide spreaded. For the use with friends and Family is more realisticto use Signal or any other decentralized Chat.
both are good, even Signal. For private conversations, you only need to avoid Telegram and other obvious ones
What are the biggest threats in telegram? Corporations, widespread scams or individual ppl closer to me?
telegram has a lot of illegal stuff on it. Plus the ceo has been caught and this way, the whole thing was compromised
Who told you to not use Signal, and what reasons did they give? I’m very curious.
It uses phone numbers and is centralized. I personally dont use it cus of those reasons. Also wouldnt switch cus my folk already use matrix so im nt making a bunch of people get another app lol
Matrix is centralized too in practice … & syncs even more metadata than Signal so I wouldn’t call that an upgrade—especially when you see how slow the clients & servers are.
Matrix is centralized too in practice
There are plenty of different available homeservers and you can host yours.
Signal is most likely a fed honeypot.
They are super shady, blocked some important security researchers that found a vulnerability from them on all platforms, and they offer no explanation on why using a phone number is MANDATORY for signup.
No reason to trust signal IMO.
When signal publishes their client source, you’ll need to explain how E2EE on open source clients can be a honeypot
The open source client doesn’t mean jack shit dude. Telegram also has open source client. Your data lives on their servers not clients and also, even if the server code is open source, there are many ways for a backdoor and violations of privacy in the infrastructure. When you give up your phone number, there is no privacy.
