this post was submitted on 23 Sep 2024
93 points (94.3% liked)

Technology

59378 readers
3580 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 15 comments
sorted by: hot top controversial new old
[–] [email protected] 28 points 1 month ago (3 children)

Can someone explain to me how them having my phone number and being able to find new contacts with their phone numbers doesn't lead to a whole association chain problem that can be used to repress dissension in countries inclined to do that? I have a hard time believing that the phone numbers aren't available to state actors. Requiring a phone to sign up seems fishy as fuck.

Matrix doesn't need this info and seems to work fine.

[–] [email protected] 12 points 1 month ago (1 children)

They don’t store anything about your association with other numbers; that stays on your devices. Your phone number is used as your identifier for account creation and originally for finding other people to talk with, but the only data Signal keeps associated with your number are registration timestamp and last connection timestamp. You can see that by reading the redacted subpoenas and responses that they publish.

They have recently introduced usernames so that you can avoid having to share your number to communicate with someone else.

I don’t have a good citation for this, but I believe the phone number registration requirement will remain indefinitely, likely to cut down on spam and bots. But there’s a difference between privacy and anonymity - I’m looking for privacy in my communications, not anonymity from my friends. State actors can know that you use it but not what you’re saying or to whom (unless, say, the NSA is specifically targeting you, but that compromise will be of your device as a whole rather than breaking Signal or getting data from them).

[–] [email protected] 2 points 1 month ago

Exactly:

  1. sign up w/ phone number
  2. disable phone number for discovery and create a username
  3. change username as often as you want, while keeping your contacts
[–] [email protected] 1 points 1 month ago

Yeah, if I am not mistaken, this has happened in Iran - the registration confirmation messages just wouldn't arrive.

[–] [email protected] 2 points 1 month ago

+1

Have you tried simplex?

[–] [email protected] 24 points 1 month ago (1 children)

At leath with Whatsapp you can be sure your data is used to influence your opinions.

[–] [email protected] 15 points 1 month ago (1 children)

yeah but this guy elon musk said on twitter that it's sus so at this point who knows? /s

[–] [email protected] 1 points 1 month ago

Didn't he promote it at some point?

[–] [email protected] 42 points 1 month ago (2 children)
[–] [email protected] 6 points 1 month ago (1 children)

It's not and I'm not sure how that article arrived at that conclusion. Their E2EE crypto is problematic homebrew crypto, but that's very, very different from being closed. The whole desktop client including the implementation of that crypto is fully open source and lives right on GitHub. Plenty of people have independently reviewed it and came back with a very iffy impression of the whole thing.

Really the only difference is that Telegram doesn't publish their backend, but the one Signal publishes is missing a couple of bits related to their "spam filter", which happens to take in the source & destination of messages and do anything it wants with them. That doesn't matter for either platform's E2EE properties in any case, since distrusting the server is the whole point of E2EE.

[–] [email protected] 4 points 1 month ago* (last edited 1 month ago) (1 children)

Desktop client does not even have e2e, lol. (I don't know if there are third-party options that do).

[–] [email protected] 1 points 1 month ago (1 children)

I'll freely admit I don't use that thing and was under the assumption it was feature complete. Regardless, the Android and iOS clients are also open, and I've found absolutely no indications that there's any blobs in the repo or the like.

[–] [email protected] 3 points 1 month ago

From what I've seen, there are some blobs. At least Telegram-FOSS says:

Several proprietary parts were removed from the original Telegram client, including Google Play Services for the location services, HockeySDK for self-updates and push notifications through Google Cloud Messaging. Location sharing functionality is restored using OpenStreetMap.

Same page is where I learned you cannot register from third-party clients btw. Not nearly as big of a blow as removal of desktop registration, but still gross that you'd have to touch a partially-proprietary official app first.

[–] [email protected] 19 points 1 month ago

Also no way to block people that are not on your contact list. I get a lot of spam lately by scammers and the likes.