hahha, hilarious
this post was submitted on 26 Mar 2025
266 points (99.6% liked)
Privacy
3026 readers
263 users here now
Welcome! This is a community for all those who are interested in protecting their privacy.
Rules
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
- Be civil and no prejudice
- Don't promote big-tech software
- No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
- No reposting of news that was already posted
- No crypto, blockchain, NFTs
- No Xitter links (if absolutely necessary, use xcancel)
Related communities:
Some of these are only vaguely related, but great communities.
- !opensource@programming.dev
- !selfhosting@slrpnk.net / !selfhosted@lemmy.world
- !piracy@lemmy.dbzer0.com
- !drm@lemmy.dbzer0.com
founded 7 months ago
MODERATORS
Remember kids, if someone makes a centralized app or messaging claiming to be a savior of privacy and security, you should be skeptical of them and their integrity. Really you should be skeptical of anyone making grand promises of privacy and security, especially boastful ones. Though decentralized services are less risky than centralized ones, and that's why I recommend people use Matrix instead of Signal.
Matrix still has problems but it being decentralized eliminates many of the corruption issues by simply using a server not affiliated with the creators.
Their claim that they dropped sms support because engineering costs causes me to question them.
There are free sms apps. Android handles SMS, an app just reads/writes the SMS database via an API.
I thought they dropped it because sms is fundamentally antithetical to a secure messaging platform and their view was that sms inclusion was causing confidence issues for their users who weren't sure if a message would fall back to an unencrypted sms message.
Matrix doesn't support SMS.
Their claim that they dropped sms support because engineering costs causes me to question them.
There are free sms apps. Android handles SMS, an app just reads/writes the SMS database via an API.
It wasn't about sending SMS, it was about sending SMS securely, and whether this actually provided an improvement offer not offering it anymore. TextSecure came out when mobile data wasn't as prevalent. But times have changed
They didn't drop them because of money costs, where did you get such a statement?
In any event they didn't really have much of a choice, even if they dropped the ball by not simply resurfacing the old SMS product they did and do have. Having SMS and have people assume it was private because it was on Signal had already caused various issues, of the kind that causes bad mouth-to-mouth for your service. Signal's response, while adequate, was also lazy.
Matrix shares metadata in plaintext with every participating server: who talks to who, when and how often.
yeah, no shit, it's decentralized.
If you don't want that metadata visible then host your own server and require your organization to use only that server, there are settings specifically to enforce this use-case.
the french government uses matrix for communications, it's fine.
...if someone makes [an] ~~centralized~~ app or messaging claiming to be a savior of privacy and security, you should be skeptical of them and their integrity.
True, but that doesn't mean you stop there, otherwise it's just reactionism. You can literally go and inspect the Signal code, compile the client yourself, and use it. You can verify that the E2EE claims are correct and that Signal can't decrypt messages it relays.
The only thing you can't know with 100% certainty is whether they're storing encrypted messages or not. You can look at their track record. You can look at how they spend their money. But you can't know that one thing.
However, Matrix instances may store encrypted messages. Just because it's federated doesn't mean it's therefore more private; it's just resistant to capitalist fuckery. You have to look at the entire implementation, and that becomes difficult when the way in which instances participate is voluntary, not mandatory.
I agree that people should be skeptical, but skepticism is a verification philosophy, not the act of simply rejecting claims.
I think the story of Whatsapp should've taught people that capitalist fuckery and living long enough to become the villain are bigger threats than people give credit for, and Signal is just as vulnerable to this as WhatsApp was. They've also fought against any ways that it could be mitigated, they fought and are still fighting unofficial clients (moxie himself went around harassing people to stop), they fought any form of decentralization or interoperability with other servers and self-hosting.
All things that could make signal a bit more resistant towards something like what happened with WhatsApp, yet they've all been rejected in favor of exclusive control on the app (and for a long time it was GMS tied on the PlayStore) and exclusive control of the the network. Two things that don't exactly bode well for the future.
Signal is just as vulnerable to this as WhatsApp was.
No, they're not. Whatsapp was never controlled by a 501(c)3. Selling everything off to a for-profit company isn't a simple transaction, or else OpenAI would have tried that already.
They've also fought against any ways that it could be mitigated, they fought and are still fighting unofficial clients (moxie himself went around harassing people to stop), they fought any form of decentralization or interoperability with other servers and self-hosting.
If you go and read the reasoning, it makes sense. Part of it is the enforcement of their internal standards (like not storing chats for longer than it takes to deliver them) and part of it is that it would require rebuilding almost everything. It was never designed with ad hoc server participation or self-hosting in mind; you can't just drop in an API on top of existing software.
I agree that centralized chat is a potential chokepoint for capitalists to enshittify things, but people are crucifying Signal for something that hasn't even remotely happened.
If it does, there's lots of options out there that are getting better all the time. My backup plan is SimpleX. But Signal still seems to be delivering what they claim, and it's a lot easier to get non-technical people on board with encrypted chat via Signal than many of the other options, currently.
Blegh. Use literally anything decentralized but Matrix.
I think it's more of "would you rather SMS or Signal grandma?" Because Signal is so easy adopted, it's preferred for less technical users. I use Matrix as well but that's for the technical friends