So, I was told to not use Signal, so all that is left is Matrix. And I am not techy enough to have my own server and neither are my relatives, so Matrix.org is the only option
Signal is perfectly fine to use.
Most packages/installs of Signal contain proprietary code. I suggest Molly-FOSS instead.
Molly also has some quality-of-life improvements - such as allowing to enter a device pairing link manually instead of scanning a QR code (thus allowing use in a VM for registration without a smartphone), or being able to use a generic Socks proxy instead of Signal’s own solution. Not only does that allow running Signal over Tor without using Orbot as a “VPN”, but is also more versatile (I wouldn’t want to set up a separate proxy just for Signal, and also their implementation is apparently inferior to some advanced obfuscation solutions).
P.S. Also idk if this has been fixed, but Signal’s app bugged out during registration and got stuck on “no google services” warning on my Graphene device, yet Molly went through flawlessly.
It is not. We are on a privacy sub on lemmy, services that require mandatory phone number are far away from been fine to use.
Can you please provide any data where Signal has been compromised? I’m not saying that the possibility doesn’t exist, but I’ve certainly never seen one single instance where Signal was compromised, so please do share.
I think there is campaign to get people to use signal, while servers are proprietary and other things are questionable.
It is a great operation for convincing the majority.
Servers are always going to be owned by someone. But the data is encrypted with keys not available to the server. Signal isn’t perfect, and I don’t like some stuff they do, but it’s the best design out there that is also relatively user friendly and doesn’t have holes that are easy to exploit by the server owner.
For normal end user average usage signal is the best option available, specially for family since they may already be used to the flow and UX of it. Simple and straight forward. All the “bad” things you read are about nerds being annoying and not liking a very particular specific thing and thinking that specific thing should be the only focus.
So just make people use signal. It’s the best and simplest way with the most common features for individuals and small groups. A simple download, in a common known place on a store without confusing people with differences between a protocol and a client and with and onboarding experience most are already familiar and ok using.
Even so you still need to make sure that the app does not have battery optimizations turned on, but that applies to all apps used for communication that are not blessed in specific phones (like facebook and whatsapp already having that setting by default because vendors make it so).
I have made so many people use Signal now. I sell it as, “I’m on Android. Signal gives us all of the features of iMessage and facetime” no need to mention the privacy concerns unless they are the kind of person who cares.
Who told you to not use Signal, and what reasons did they give? I’m very curious.
It uses phone numbers and is centralized. I personally dont use it cus of those reasons. Also wouldnt switch cus my folk already use matrix so im nt making a bunch of people get another app lol
Matrix is centralized too in practice … & syncs even more metadata than Signal so I wouldn’t call that an upgrade—especially when you see how slow the clients & servers are.
Matrix is centralized too in practice
There are plenty of different available homeservers and you can host yours.
Signal is most likely a fed honeypot.
They are super shady, blocked some important security researchers that found a vulnerability from them on all platforms, and they offer no explanation on why using a phone number is MANDATORY for signup.
No reason to trust signal IMO.
When signal publishes their client source, you’ll need to explain how E2EE on open source clients can be a honeypot
The open source client doesn’t mean jack shit dude. Telegram also has open source client. Your data lives on their servers not clients and also, even if the server code is open source, there are many ways for a backdoor and violations of privacy in the infrastructure. When you give up your phone number, there is no privacy.
Private against who?
Privacy communities need to really drill in the idea of threat models instead of pretending privacy is some linear scale and the ultimate goal is to bury your phone and computer in a lead-lined concrete block underground. Privacy and security are meaningless concepts unless you know who your are protecting it from and what their capabilities might be. I don’t need to hide from NSA Tailored Access Operations because I’m not trying to x the y of the USA. I do need to protect myself from basic scam attackers, copyright trolls and neo-nazi stalkers. And Matrix, along with certain basic opsec guidelines, does that and more for me.
simplex is good as an alternative
SimpleX has some interesting ideas, but also some shortcomings for people who want a practical messaging service. For example:
- It is funded by venture capital, which calls into question its longevity, and even if it does manage to stick around, suggests that it will be leveraged to exploit people once the user base is large enough.
- Its queue servers delete messages if they are not delivered within a certain time frame (21 days by default). Good luck if you take a vacation off-grid for a few weeks.
- No multi-device support. (This means a single account accessed concurrently from multiple independent devices.) The closest it comes is locally tethering a mobile device to a computer.
- Establishing new contacts requires sharing a large link or QR code, which is not always convenient.
- No support for group calls.
I would not recommend it for talking to family members and people in general, which is what OP requested.
