this post was submitted on 27 Mar 2025

523 points (96.4% liked)

Privacy

36475 readers

241 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

523

Signal is not the place for top secret communications, but it might be the right choice for you – a cybersecurity expert on what to look for in a secure messaging app (theconversation.com)

submitted 1 week ago by florencia@lemmy.blahaj.zone to c/privacy@lemmy.ml

108 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] unknowing8343@discuss.tchncs.de 64 points 1 week ago (5 children)

EVERYONE SHOULD DOWNLOAD SIGNAL for PHONE-NUMBER-based communication, tho. Proper RCS is not here yet (and won't be in a long while), so let's try to mobilize people to Signal.

DeltaChat is cooler for non-phone based communications, IMO, and decentralization makes it way sexier and worth this tradeoff.

[–] 9tr6gyp3@lemmy.world 20 points 1 week ago (2 children)

Actually RCS has encryption in the new spec now, and we could see encrypted RCS messages implemented on iOS and Android within a year.

But even so, use Signal.

[–] Supernova1051@sh.itjust.works 42 points 1 week ago (1 children)

RCS still leaks metadata like a sieve. Encryption, considering the platforms that exist today (Signal and SimpleX), should not be the minimum requirement. Plain-text messaging should not even be possible in modern secure messaging platforms. The platform should be open source and be engineered to mitigate the collection of metadata - like Signal and SimpleX.

[–] 9tr6gyp3@lemmy.world 2 points 1 week ago (2 children)

Seeing as RCS with encryption based on the MLS standard hasnt been deployed yet, can you show exactly what metadata is leaking?

[–] Supernova1051@sh.itjust.works 2 points 6 days ago

MLS only deals with encryption and key management, which is great but that's been a "solved" problem since TextSecure (now Signal) introduced the TextSecure Protocol (now the Signal Protocol) in 2013.

What I'm aware is missing with RCS / MLS compared to Signal (someone with more recent knowledge please correct me):

Sealed sender so only the recipient knows who sent the message.
Not storing metadata or logs.
No built in crash reports.
Private contact discovery.
Published government requests providing evidence that they don't have any data.
Open source client.
Looking at the Google Play store, Google's Messenger shares precise location data with third parties, Signal doesn't.
Also on the Google Play store, Google's Messenger app list a lot of data collected. Signal only lists phone number.

[–] poVoq@slrpnk.net 2 points 6 days ago* (last edited 6 days ago)

Well, instead of leaking metadata to Signal, AWS, Cloudflare, Google/Apple and your ISP, like Signal does, RCS only leaks it to your ISP /s

[–] BakedCatboy@lemmy.ml 5 points 1 week ago

I think they mean that it'll take time for everyone to get it. My carrier still doesn't even have RCS at all.

[–] breadguy@kbin.earth 13 points 1 week ago (2 children)

xmpp is like if deltachat was good

[–] unknowing8343@discuss.tchncs.de 3 points 6 days ago

What I dislike about XMPP is that the client ecosystem is definitely weaker than DeltaChat. DeltaChat "just works", and it works incredibly similar and efficient across devices.

But yes, I wouldn't mind if the world used XMPP instead, honestly.

[–] socsa@piefed.social 1 points 6 days ago (2 children)

It also just gets blocked by autocratic firewalls. Deltachat is clutch because it can theoretically run on top of any email host so it's way more difficult to block.

[–] poVoq@slrpnk.net 4 points 6 days ago* (last edited 6 days ago) (1 children)

You can easily redirect xmpp to port 443 which is not blocked by most firewalls. If you have problems with firewalls or public wifis your xmpp server is misconfigured.

[–] socsa@piefed.social 1 points 6 days ago* (last edited 6 days ago) (1 children)

China will definitely block xmpp on any port. I know this because I have tested this very specifically from my own server. It lasted about a day and a dozen messages before it was blocked, and the box got absolutely slammed with vulnerability scans.

[–] poVoq@slrpnk.net 2 points 6 days ago (1 children)

This is odd because I know a few mainland Chinese people that use XMPP without problems (and afaik without a VPN).

Sounds like your server got blocked for another reason?

[–] socsa@piefed.social 1 points 6 days ago

I can almost guarantee you they are using it through a VPN or they have a western SIM card. If not I'd love to know what server they use, as I've tested this a bunch of times on several public and private servers and it's always the same result. If it isn't blocked on day 1 it will be blocked quickly.

[–] breadguy@kbin.earth 2 points 6 days ago

how is that different from how xmpp (or matrix) is distributed

[–] amanneedsamaid@sopuli.xyz 12 points 1 week ago (2 children)

Isn't DeltaChat just PGP encrypted email? Could be wrong

[–] themadcodger@kbin.earth 7 points 1 week ago

Kinda, but that's the gist of it.

[–] breadguy@kbin.earth 1 points 1 week ago

yeah basically, and gcs work like text message or email chains, theres no way to moderate that

[–] shortwavesurfer@lemmy.zip 7 points 1 week ago (1 children)

I use signal myself but I also use simple X. I can't use delta chat because I use proton for my email and therefore can't use delta.

[–] SatyrSack@feddit.org 5 points 1 week ago (1 children)

Delta Chat is not associated with your email account, as far as I can tell. Am I wrong?

[–] shortwavesurfer@lemmy.zip 3 points 1 week ago (1 children)

https://delta.chat/en/

⚡️ Sign up to secure fast chatmail servers or use classic e-mail servers

[–] SatyrSack@feddit.org 6 points 1 week ago (1 children)

You don't have to use a "classic email server", or even link your account to your current email address at all. The default onboarding procedure actually creates a new anonymous account for you on the default chatmail server. Reading through the site, I can't actually even tell why someone would want to use their preexisting email address.

[–] shortwavesurfer@lemmy.zip 3 points 1 week ago (1 children)

Ah, okay. I think I heard about it at an earlier point where it was only using your current email.

[–] themadcodger@kbin.earth 3 points 1 week ago

Yeah, that's when I first used it too, it had to go through your email. Now it just uses the email backbone to send messages back and forth. Also, self-contained webxdc apps you can use with people in your chat, which is kinda cool.

[–] themadcodger@kbin.earth 3 points 1 week ago (1 children)

The self-contained webxdc apps are a pretty cool bonus to what already feels like a normal chat app. I primarily use Signal, but given the current climate of governments trying to force backdoors in to encrypted apps, and the fact it's a US server, I wanted a decentralized backup. And email isn't going anywhere, so it seems like a good option.

[–] breadguy@kbin.earth 3 points 1 week ago

monocles chat and cheogram have webxdc as well