Follow

Updated reminder of why is far from optimal:

- No : every account is tied to a phone number
- Not , until recently. Server source code was undisclosed for a year to hide their plans to turn Signal into a bank
- No
- Dark UI pattern: The PIN feature (enabled by default) uploads your contacts to the cloud without informing the user, albeit encrypted.
- Tries to be a bank

Original: chaos.social/@hut/105985100215

Great alternatives to that check all the boxes (, , , , -free):

- : briarproject.org
- : delta.chat
- : matrix.org
- / : xmpp.org (It aged very well, supports signal-like encyption and battery-efficient mobile apps now. If you dismissed it in the past, I encourage you to give it another try.)

@hut i appreciate jwz rants about signal very much:

"It is clear from its design and behavior that Signal's priority is to be a social network first and an encryption tool second."

jwz.org/blog/2021/04/signal-ho

@hut
That's not true! To use Matrix you have to fill out Google reCaptcha. And no, running your own Server isn't user-friendly.

@tpheine Perhaps there's another public matrix server that doesn't require you to use Google reCaptcha?

Either way, this is a much smaller roadblock to anonymity/privacy than e.g. mandatory phone number entry. You could e.g. boot up for registering. Or am I misunderstanding your problem?

@hut
I don't have a problem. You just lied when you said "Great alternatives to #Signal that check all the boxes (#decentralization, #privacy, #opensource, #anonymous, #cryptocurrency-free)", because Matrix isn't anonymous hence doesn't respect privacy.

And in my opinion it's way more worse to give a 3rd party like Google, that has nothing to do with Matrix at all, your credentials, than a Foundation a phone number, whose service you are willing to use.

All I want is honesty!

@tpheine Unfortunately I can't edit the toot, but thank you for warning the readers with your follow-up.

@hut
I respect your reaction and communication! More people should be like you. Thank you very much, I tip my hat to you!

@jpaul Threema seems like a nice company, but then again, so did the Signal Foundation. What do you do when they try to abuse their power?

@hut
Would that be the same level of risk with any host? I'm not in a position to self-host.

@jpaul What if your email provider or mastodon server goes nuts? You can simply switch servers/providers, and still talk to the same people, using the same protocol. You don't have to self-host to get the advantages of decentralization. :)

@hut

I would add also Jami to that: Jami.net
P2P, distributed, multi device

@pronto
Jedyny plus to taki, że można przenosić konto na inne urządzenie.
Wg mnie lepszym jest #Briar. Jest to rozbudowany tox chyba z własnym protokołem. Niestety nie można go przenieść na nowe urządzenie. Przynajmniej ja nie umiem.
@hut

@hut What about @session ? I believe it checks all the boxes too, I really like this app, no phone numbers, tor network to deliver messages, etc …

@an0n @session Session seems definitely interesting. Why I didn't include it in the list:

1. Under the hood it runs on cryptocurrencies. Not sure what to make of that. It sure adds a profit incentive to everything they say and do.
2. Did you try using Session in a decentralized way? As in, setting up your own Session network and using that instead of the main one? The app doesn't even have a feature for changing the network. Not sure what to make of that either.

@hut

okkkk, thank for the link and the explanations ^^

@hut I agree with you on some of those points. Anonymity and privacy are not the same thing though and #signal never claimed to offer anonymous messaging. This is the first time I hear about the dark UI pattern. Do you have a source for that?

@ilyess Well I never claimed that Signal claimed to offer anonymous messaging :) I claimed that it's not optimal.

Here's links on the PIN:

- vice.com/en/article/pkyzek/sig
- androidpolice.com/2020/05/29/m

In short, Signal used to store the minimum amount of data on the cloud. Then they added a mandatory PIN feature that quietly uploads your contact list. It later became possible to disable the PIN, but still there's no warning that it's used for cloud storage of contacts.

Not a huge deal, but still shady.

@hut Sorry I didn’t mean to put words in your mouth ^^’ I just meant that it’s for private communications and not anonymous ones. I’ve been waiting so long for that to change .. ahem.. usernames. Instead it turned out they were focused on cryptocurrency 🤦‍♂️

Thank you very much for the links. I’ll definitely check that out.

@ilyess No worries, I just wanted to clarify :)

I've been waiting for the username feature too... And now I wonder if they haven't added it on purpose, because it would result in a slower growth of the app, and therefore potentially less value of their cryptocoin. :-/

@hut Oh you think? At this point, I wouldn’t be surprised if that were the case. It was supposed to be a non-profit though... why #signal? Why? :(

Sign in to participate in the conversation
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community