If you’re being targeted by 5 eyes and you and your group don’t know enough about tech to set up your own local communication servers or going serverless / not using internet, you’re already caught or known about
Comment on What's the deal with Signal?
boonhet@lemm.ee 11 hours agoIf you ARE targeted by 5 eyes, you’d probably want to not be using your phone for communications, but Signal sorta requires you to, even if there’s a desktop client.
However, I don’t presume to know what would be the best option. SimpleX maybe, as the servers don’t keep messages? Otherwise, I use Matrix because it’s a lot more common and very easy to set up your own homeserver. However, again, if I had to hide something from a 5 eyes threat actor, they’d just find some vulnerability in my server config or, hell, maybe they can somehow sneakily get root access through the VPS provider itself, as I’m not hosting on my own hardware.
Honestly, meeting in person might be the most private solution if you’ve got that kind of a threat model.
Lumisal@lemmy.world 6 hours ago
Irelephant@lemm.ee 11 hours ago
Signal doesn’t keep messages on their servers either. The only data they have on you is your phone number and the unix time you made your account in.
boonhet@lemm.ee 11 hours ago
How do you know that?
It’s what happens in the publicized source code, yes, but how do you know that’s what’s running in their servers? How do you know that all requests aren’t saved?
Luckily Signal has e2ee and client side code is easy to verify, so they’d only have access to encrypted messages anyway, but if you’re talking state level actors of the highest caliber, they might be able to crack Signal’s encryption eventually.
Look, I’ll agree that Signal is probably secure enough. It’s definitely secure enough for me, I only run Matrix as a hobby because I like decentralization, my Matrix server is probably less secure than Signal. But I’m just saying we can never know for sure what code is running in THEIR servers, therefore we can never trust is 100%.
Irelephant@lemm.ee 10 hours ago
signal.org/bigbrother/ Its all they claim to have at least.
boonhet@lemm.ee 10 hours ago
And I hope for sure that they’re never quietly forced to change that.
But again, if there were 3 letter agencies and gag orders involved with Signal, they probably wouldn’t give regular law enforcement or courts any of the data they have.
Really, my only problem is that with a centralized service, there’s no way to ever know for sure. There’s luckily no evidence of anything nefarious happening at least.