Comment on What's the deal with Signal?
AtHeartEngineer@lemmy.world 19 hours agoAccurate. And if you are being targeted by 5 eyes, your phone is probably fucked, one app vs another probably won’t make a difference
Comment on What's the deal with Signal?
AtHeartEngineer@lemmy.world 19 hours agoAccurate. And if you are being targeted by 5 eyes, your phone is probably fucked, one app vs another probably won’t make a difference
boonhet@lemm.ee 14 hours ago
If you ARE targeted by 5 eyes, you’d probably want to not be using your phone for communications, but Signal sorta requires you to, even if there’s a desktop client.
However, I don’t presume to know what would be the best option. SimpleX maybe, as the servers don’t keep messages? Otherwise, I use Matrix because it’s a lot more common and very easy to set up your own homeserver. However, again, if I had to hide something from a 5 eyes threat actor, they’d just find some vulnerability in my server config or, hell, maybe they can somehow sneakily get root access through the VPS provider itself, as I’m not hosting on my own hardware.
Honestly, meeting in person might be the most private solution if you’ve got that kind of a threat model.
Irelephant@lemm.ee 13 hours ago
Signal doesn’t keep messages on their servers either. The only data they have on you is your phone number and the unix time you made your account in.
boonhet@lemm.ee 13 hours ago
How do you know that?
It’s what happens in the publicized source code, yes, but how do you know that’s what’s running in their servers? How do you know that all requests aren’t saved?
Luckily Signal has e2ee and client side code is easy to verify, so they’d only have access to encrypted messages anyway, but if you’re talking state level actors of the highest caliber, they might be able to crack Signal’s encryption eventually.
Look, I’ll agree that Signal is probably secure enough. It’s definitely secure enough for me, I only run Matrix as a hobby because I like decentralization, my Matrix server is probably less secure than Signal. But I’m just saying we can never know for sure what code is running in THEIR servers, therefore we can never trust is 100%.
Irelephant@lemm.ee 13 hours ago
signal.org/bigbrother/ Its all they claim to have at least.
Lumisal@lemmy.world 9 hours ago
If you’re being targeted by 5 eyes and you and your group don’t know enough about tech to set up your own local communication servers or going serverless / not using internet, you’re already caught or known about