EDIT: To be 1000% clear, they should not be using personal cell phones for this, which they probably did because everyone in this admin is braindead gutter trash. I’m suggesting that self-hosted Signal over government servers is probably fine for security with potentially some tweaks to the app. Something I neglected to think of however is that this sidesteps record keeping, and probably deliberately so. My contention here was solely about security, but this fact makes Signal use unconscionable in my book because it impedes accountability.
Okay, let’s just be clear here: Signal isn’t just another “private app”; the amount of information they have about your communications is zero (0) with the exception that I believe they can see if you have an account and the last time you connected to the server. Governments absolutely do rely on Signal. The Signal protocol is open and highly robust, the app code is FOSS and has eyes from a shitload of security researchers globally due to its importance, its server code is FOSS (although you don’t have to trust this due to the robust E2EE, and you can even self-host IIRC due to the FOSS server code), and it has reproducible builds.
This fuck-up was strictly due to the fact that they’re incompetent morons just randomly inviting people to group chats and shit with no guardrails. If I had to guess, they’d probably want to self-host the fork the Signal app and make it so that you can only invite people with some form of clearance, but this last thing is total speculation on my part. I’m sure there’s some way to sanely do this. The part about Signal being secure is just objectively true; it’s audited like absolute crazy, both the FOSS app and the protocol. I would trust it more than whatever the US government could homebrew, even.
If you, as a citizen, are looking for secure, private messaging, Signal should be at the very top of your list of possible candidates alongside Matrix, SimpleX, and Session (keep in mind that Element and Session do not yet support forward secrecy, although the Matrix protocol does).
There’s been a few articles recently about Session authors starting with Signal protocol, and then continuing without clear understanding what they do, thus that Session shouldn’t be used.
Matrix is a compromise, it’s not as much about security as it is about just modern FOSS chat.
Just that I haven’t heard of it being as praised as Signal, and since it appears to be intended for chat rooms more than for privacy, there’s natural suspicion that something is missed there.
EDIT: To be 1000% clear, they should not be using personal cell phones for this, which they probably did because everyone in this admin is braindead gutter trash. I’m suggesting that self-hosted Signal over government servers is probably fine for security with potentially some tweaks to the app. Something I neglected to think of however is that this sidesteps record keeping, and probably deliberately so. My contention here was solely about security, but this fact makes Signal use unconscionable in my book because it impedes accountability.
Okay, let’s just be clear here: Signal isn’t just another “private app”; the amount of information they have about your communications is zero (0) with the exception that I believe they can see if you have an account and the last time you connected to the server. Governments absolutely do rely on Signal. The Signal protocol is open and highly robust, the app code is FOSS and has eyes from a shitload of security researchers globally due to its importance, its server code is FOSS (although you don’t have to trust this due to the robust E2EE, and you can even self-host IIRC due to the FOSS server code), and it has reproducible builds.
This fuck-up was strictly due to the fact that they’re incompetent morons just randomly inviting people to group chats and shit with no guardrails. If I had to guess, they’d probably want to self-host the fork the Signal app and make it so that you can only invite people with some form of clearance, but this last thing is total speculation on my part. I’m sure there’s some way to sanely do this. The part about Signal being secure is just objectively true; it’s audited like absolute crazy, both the FOSS app and the protocol. I would trust it more than whatever the US government could homebrew, even.
If you, as a citizen, are looking for secure, private messaging, Signal should be at the very top of your list of possible candidates alongside Matrix, SimpleX, and Session (keep in mind that Element and Session do not yet support forward secrecy, although the Matrix protocol does).
There’s been a few articles recently about Session authors starting with Signal protocol, and then continuing without clear understanding what they do, thus that Session shouldn’t be used.
Matrix is a compromise, it’s not as much about security as it is about just modern FOSS chat.
Pray tell. Granted again that Element doesn’t yet support forward secrecy, but describe what you see as specifically wrong with Matrix, please.
Federated with huge load on servers. I’d prefer something like old Skype with auth servers part interacting via activitypub or something like that.
Do you see anything wrong with it security-wise? The wording of your previous comment has me confused where you fall on this.
Just that I haven’t heard of it being as praised as Signal, and since it appears to be intended for chat rooms more than for privacy, there’s natural suspicion that something is missed there.
The clowns in this administration, sure. But the NSA knows what they’re doing when it comes to cryptography.