191
Tried session? Anyone have comments on it? Nice to be able to skip the phone and easily use vpn, though I haven’t spent enough time on that.
this post was submitted on 11 May 2025
191 points (86.6% liked)
Privacy
37806 readers
740 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
SimpleX
And it uses same tech as Signal.
However getting friends to join Simplex is complicated by two annoyances:
(1) It gets confused by an invite URL coming from facebook (it doesn't know to strip the appended Facebook tracking code - as trivial as it is).
(2) When the invite is via a QR code you must scan it with SimpleX not your native camera app. Invitees just give up.
load more comments
(2 replies)
load more comments
(5 replies)
SimpleX is coming nicely along. Should be good to switch next year once they got their desktop apps polished up
Simplex has a bad user experience and needs a lot of work before it's ready for normies.
Last time I tried Simplex, the battery drain was unbelievable. Maybe I'll give it another go and see what happens, but I'm not optimistic.
Maybe I am being too simplistic here. But I have never received a spam message to my XMPP account and I don't know how a spammer would find it.
In a phone-based system a spammer can spam a list of numbers, or use contact lists that are easily shared via phone permissions. There are several low-effort discovery processes.
For e-mail, you get spam when you you input your personal e-mail into forms, websites, or post it publicly.
But for something like XMPP... It seems rather difficult to discover accounts effectively to spam them. And, if it is an actual problem, why not implement some kind of 'identity swap' that automatically transmits a new identity to approved contacts? A chat username does not need to be as static as an e-mail or a phone number for most people.
I just don't see 'spam' as such a difficult challenge in this context, and not enough in my view to balance out requesting a phone number. Perhaps a spammer can chip-in?
Privacy ≠ anonymity
Is it possible to use a voip based SMS for registration?
Those are a little easier to get anonymously then physical sim cards.
load more comments
(1 replies)
Because their founder (Marlinspike) is probably under a National Security Letter, maybe it's just that, maybe he's done some crimes they're also holding over him. If you look at his behavior it's that of someone very paranoid that they're going to be found out to be cooperating with the feds and get hit with charges for not upholding the bargain, someone straddling one or two big lies that have to be maintained to keep their life going. Very controlling of things they should be open about if they care about privacy as they claim. But exactly the behavior of someone under an NSL who's terrified of getting hit with charges for that and maybe other things but who is expected to front and run a purported privacy first messenger. The secrecy, the refusal to allow others to operate their own servers, the antagonism towards federation, the long periods without publishing source code updates.
This doesn't necessarily mean that signal message content is compromised, the NSA primarily scrapes metadata and would most care about knowing who is talking to who and to put real names to those people and building graphs of networks of people. Other things like what times they talk can be inferred from upstream taps on signals servers without their knowledge or cooperation via traffic observation and correlation especially when paired with the fourteen eyes global intercept network. With a phone number it's also a lot easier to pinpoint an exact device to hack using a cooperating (or hacked) telecom. Phone numbers can also be correlated to triangulated positions of devices, see who in a leftist protest network was A) heavily sending messages and B) attended that protest and left last and begin to infer things about structure and particular relationships.
And those saying it has to do with spam prevention, that's kind of nonsense. First I still get the occasional spam, second a phone number that can receive a confirmation text is something all these criminal organizations have access to which the average person doesn't. Third it's possible to prevent spam just by looking for people (especially new accounts under 120 days old) sending very small amounts of messages (1-3) to a very large amount of other users especially in a short amount of time. Third there's no reason to keep the phone number tied to the account, a confirmation text could be required with a promise to delete the phone number immediately after (would still be technically useful to the NSA though less useful for keeping track of people changing numbers or using a burner for this who might be higher value targets).
Secret sender invalidates your metadata argument
I have never received spam on Signal.
I have exactly once as did a couple of my friends from the same stranger.
I got one one time, been using it for years. Fuckin' weird to try on people who are privacy and security conscious. My guess is that they were attempting to see what numbers are using signal in the first place if someone responds with a "fuck off" then the spammer knows they use signal.
load more comments
(1 replies)
Is there a quick explanation of what signal actually does? I don't understand the need for a phone number either. Jami doesn't ask for a phone number. It has other deficiencies that make me not want to use it, but those are technical rather than policy, more or less. Similarly, irc (I'm luddite enough to still be using it) doesn't ask for a phone number either. So this is all suspicious. There are a bunch of other things like this too (Element, Matrix, etc.) that I haven't looked into and tbh I don't understand why they exist.
It's not suspicious. It's been talked about for years. People know exactly what the phone number is used for. Easy discoverability, quick and seamless onboarding of new users by providing a way to bootstrap their social graph, and it being very similar to the process of the other biggest player that people just understand. And spam prevention. The phones are not leaked or used for anything else. The other alternatives exist and you are welcome to onboard the people you want onto them if you think it's simpler.
The code is open, if you don't trust other people and can't read the code to understand then hire someone you trust to validate the claims and assure you. But spreading FUD and saying it's suspicious is not productive to anyone.
load more comments
(7 replies)
Signal is a messenger service. You can expire messages after a certain amount of time.
They ask for a phone number to limit bots. I used my Google voice number and it worked fine. I like Telegram which banned me after a day of use for using Google Voice.
I get that Signal is a messaging system (not sure if "messenger service" has a specific meaning). What I don't understand is why I'd want to use it instead of any of the million others that are out there. I've never used Signal and don't have the slightest clue about how it operates, but apparently it tries to mess with the contact list on your phone? That sounds bad. I use Nextcloud Chat sometimes and its web design is ugly, but it works ok and you can self-host it fairly easily. It doesn't do anything with your phone contacts. Jami is distributed but (maybe unrelated) I often have trouble getting it to work at all.
It doesn't "mess with your contacts". You can choose to give contacts access if you wish to have secure contact discovery. Contacts are not uploaded.
It's robustly encrypted and quantum secure, without metadata leaks like the sender of a message.
It's recommended by Edward Snowden.
If you want to message someone, have the ability to verify there is no man in the middle attack, have perfect forward secrecy, very strong crypto, use open source software and still have all the conveniences of a modern message app, use signal.
load more comments
(7 replies)
Bots. If it makes you feel better, you can disable other people finding you via phone number and just give them your username. All messages are private.