Privacy

37690 readers

1489 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

TM Signal (lemmy.world)

submitted 2 days ago* (last edited 2 days ago) by [email protected] to c/[email protected]

31 comments fedilink hide all child comments

The scariest part of this recent news is that TM Signal seem(ed) to be interoperable. People using TM Signal could interact with actual Signal users. How are you to know whether or not your groups have people using bastardized versions of Signal? Are things like Session interoperable with Signal?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 9 points 2 days ago (1 children)

The direct answer to your question is: verification of the security of the platform that the other party is using is outside of the scope of the Signal protocol. Anything you send to the other party can be taken off of their device. Signal only concerns itself with securing the message over the network and making it hard for an adversary with network dominance to build a social graph. It doesn't protect from all SIGINT.

Additionally, since the server is open source and the protocol is open an publicly documented, it is completely possible to build your own Signal client and give it whatever capabilities that you'd like.

There are several open source packages available that allow you to interface with Signal without using the official Signal client:

https://github.com/AsamK/signal-cli

https://gitlab.com/signald/signald (also, https://signald.org/articles/clients/ )

[–] [email protected] 7 points 2 days ago

Those third-party clients have some essential, basic functionality that the official ones for some reason lack. Signal-cli allows registering from desktop without any smartphone, Molly allows an arbitrary Socks proxy instead of being limited to just Signal's own proxy solution, tying a desktop client with a link instead of scanning a QR code (thus allowing easy registration from an Android VM), and maybe most importantly for some - Notifications not relying on Google (Molly-Socket allows it to use UnifiedPush).