this post was submitted on 21 Jul 2024
39 points (97.6% liked)

Technology

957 readers
2 users here now

A tech news sub for communists

founded 2 years ago
MODERATORS
 

I really don't understand why so many people like Signal. It's an utter piece of shit in terms of UX, has questionable security practices, harvests phone numbers, and it's located on a central server in US.

top 21 comments
sorted by: hot top controversial new old
[–] [email protected] 8 points 3 months ago (3 children)

I wish there were a secure texting app that was as accessible to normies though.

[–] [email protected] 5 points 3 months ago

Briar works pretty good

[–] [email protected] 5 points 3 months ago* (last edited 3 months ago) (1 children)

https://element.io has a pretty easy onboarding for matrix, that's good for most platforms.

In the 90s-2000s, we had to make new accounts for every forum-type site if we wanted to use them, but nowadays it's assumed that ppl aren't smart enough to do that anymore.

[–] [email protected] 3 points 3 months ago

hey how dare you say something so hurtful yet so true

[–] [email protected] 4 points 3 months ago

would be nice

[–] [email protected] 8 points 3 months ago* (last edited 3 months ago) (4 children)

What else is free, open source, end-to-end encrypted, has better UX and security practices, and isn't located on a central server in the US?

[–] [email protected] 4 points 3 months ago

I genuinely appreciate everyone suggesting alternatives, but I'd humbly suggest that, from a normie perspective, "better UX" doesn't involve learning how to host or locate a server. There's a reason Reddit is still more popular than Lemmy. In my personal experience, getting a local org with some members that already had trouble using email and SMS onto Signal was difficult. Trying to get them onto an alternative that involved selecting a specific server or learning the technical details of different internet communication protocols would have been a nonstarter. I've gotten multiple Boomers to reliably use Signal, and they have no idea what encryption is.

[–] [email protected] 7 points 3 months ago

Matrix. It can be hosted by anyone, anywhere.

[–] [email protected] 9 points 3 months ago (1 children)

I have zero expertise in this but xmpp is an old decentralised technology with encryption available

[–] [email protected] 6 points 3 months ago

You can also layer encryption on top of xmpp like omemo and openpgp

[–] [email protected] 6 points 3 months ago (3 children)

matrix? but that is more of a discord or telegram alternative, session and tox also look interesting for chatting

[–] [email protected] 3 points 3 months ago* (last edited 3 months ago)

Isn't Signal very similar to Telegram but focused on "security" and less features? Revolt is more like Discord. Matrix feels more similar to XMPP, and I see it as a compromise between Telegram style and Discord style. Matrix works well as a one to one chat as well as a team collaboration chat, but audio and video chats are very laggy. Self-hosted Jitsi would serve as an alternative to video and audio chats.

[–] [email protected] 9 points 3 months ago* (last edited 3 months ago) (1 children)

Matrix (as a protocol) appears to be very strong end-to-end encryption and is federated/decentralized. It can do encrypted and unencrypted chats for any number of users, so it can replace discord (which is not at all private or secure) and do private 1:1 communications (which I'd say is the best use case for it). It also does not require a phone number like signal does (which is usually tied to your legal identity and can be used for geolocation).

I wouldn't trust any electron apps, which is the framework the official Matrix client, Element, is built on. It's fully open-source so there are other clients out there which may be better. Of course, the biggest weakness is probably going to be the OS/firmware of device you run it on.

Edit: The desktop element clients rely on electron (which is a webapp framework built on google chrome, which is spyware). If you're on android, the app also renders in chrome (which is spyware), but that matters a bit less because android itself is a massive pile of spyware. iOS is also spyware that openly just copies all your files to a server in the US where they are "scanned for very bad things", retained indefinitely and may be accessed by your favourite state agencies without warrant.

[–] [email protected] 5 points 3 months ago (1 children)

On android, element, and it's newer version element X, are native android, not electron at least.

[–] [email protected] 3 points 3 months ago

Thanks, I should have been more specific.

[–] [email protected] 5 points 3 months ago

Session is, fine, but the app can get really laggy at times of you are in it for a long period of time, pr especially if you scroll to an older message, this is my experience using it

[–] [email protected] 23 points 3 months ago* (last edited 3 months ago) (2 children)

Signal has always looked like a honeypot operation to me. Keep in mind, too that if you run a CIAware operating system, the key can be remotely pulled off of the filesystem or extracted from memory. It's not possible to have any secure piece of software on an unsecurable OS.

[–] [email protected] 8 points 3 months ago (1 children)

Totally agree, it has an extremely sus history too. No one should be using any US-based centralized service.

[–] [email protected] 2 points 3 months ago (1 children)

Someone should give SimpleX or Session a try

[–] [email protected] 1 points 3 months ago

I have tried session, the crypto wierds me out a little, but I could not find a terrible issue with the service. I will say Quality of Life Features where not there, most notable the messageing service would start to heavily log out if you have it open too long

[–] [email protected] 9 points 3 months ago