Recently, in an effort to move my normy friends/ relatives away from WhatsApp/ Facebook Messenger/ Snapchat/ Instagram/ BotNetServiceOfTheMonth, I've been recommending them signal and taking a firm "I'll either be on signal, irc, or email and that's it" stance. I chose to die on the hill of signal for its obvious reasons, that is supposed client-to-client encryption, open sores, etc.
Anons, what's your opinion on the Signal Protocol? Furthermore, is there any reason to not to use their service they provide, for insecure, non-misson critical discussion?
Signal Messaging Protocol/ Service
Nolan Price
Other urls found in this thread:
securechatguide.org
github.com
briarproject.org
infosec-handbook.eu
github.com
tommy86.bandcamp.com
wire.com
f-droid.org
compliance.conversations.im
homebrewserver.club
anonfile.com
signal.org
securechatguide.org
twitter.com
Juan Morgan
Riot > Signal
Nicholas Roberts
It's not supposed to be an anonymous messenger, simply secure communication between people who trust each other.
There's no reason not to use it, except some people feel offended that they have to use another app, which is so incredibly demanding.
Aiden Rodriguez
Signal uses a centralized server that is entirely closed off from inspection. Signal also used to require the use of google services, then reluctantly released a secret fork to the github commenters that didn't need it. Moxie (NSA team) created a hidden page on their site with a download link to the fork. I'm not sure if the current version of signal in app stores works without google services actually. Maybe they're still making two versions. There were several years of debates on the github page for Signal where Moxie attacked and decried the open source community. He repeatedly said how much he hates them and liked to stifle their efforts. Signal apks only even became available outside of jewish app stores pretty recently. The debates would go like this:
Moxie: You lazy retards should fork Signal if you don't like it. I will never de-google it, and you're all retards for thinking that's a bad thing.
Crowd: Ok, that's a weird response. I guess you want your app to be shitty and insecure. We forked it to make it more privacy-oriented.
Moxie: How fucking dare you fork Signal?! You're going to split the user base and kill the project! If you dare use my server, I'm going to attack you and find ways to block you and take legal action.
Crowd: The fuck? Wow, that was odd. I guess we'll use our own server then. We already set it up.
Moxie: Are you serious?!
Moxie a week later: Good news! I created a new version of Signal that doesn't require google!
It was actually a had developer of CopperheadOS that created the Signal fork that worked with his own server, and that made Moxie de-google Signal.
Riot is still in beta and is resource intensive. It crashes on my phone. Riot will be the best when it's ready, but it's not there yet. Also, Signal works on Mac, Windows, Linux, Android, Apple, etc. It's not phone-only anymore.
Isaac Sullivan
The name "Moxie Marlinspike" should have been a massive red flag. Aside from how retarded you have to be to call yourself that, changing names like this is a great way to hide a past that would be inconvenient to your anarchist crypto h4x0r cred (e.g. being a former TLA contractor). They usually say it's for privacy and like fuck the state mang, but why would they officially change names? The state knows about that. It only means that YOU don't know who they are.
Justin Barnes
Matthew Rosenfeld
Dylan Diaz
I don't trust anything made or run by antifa
Jaxson Wright
...
Adrian Diaz
Just don't use the matrix.org home server
Jacob Murphy
securechatguide.org
Pretty thorough comparison chart here. Signal looks good, I'd check out Wire, too.
Logan Murphy
it's shit and amatuer but far better than other boomer-skid bullshit like Telegram. the official implementation is a webscale piece of shit
Carter Ramirez
Decided to ask about this, and I was linked the original thread
Michael Barnes
Briar seems interesting. Anyone tried it?
briarproject.org
Carson Gray
You are a simple-minded idiot. hurr durr, they disagree with my political views!
Oliver Bennett
Interesting page, I've been seeing a bit of keybase recently. Does anyone here use it? I need a god damn encrypted group messaging service that will still be around in two years in order to convince friends to stop using dickscord. When there's 50 different competing standards and everyone's using the 1 shittiest one it's pretty hard to get them off of it unless you're reasonably sure the better one will eventually be more popular.
Nicholas Morales
I think you're the idiot here, the Left is the status quo and it wants a bigger state. Si far, it only complains about abuse and surveillance because they're not the one in power.
Just look at Silicon Valley, a bunch of leftist dictators running companies.
I don't know who associated Leftism with Freedom in the past, but the two concepts are incompatible.
You could argue about Anarchism being compatible, but then you would regress to an era of slavery, as a state of Anarchism is unsustainable and soon feuds and power starts to concentrate.
Andrew Russell
There are still anarcho-communists you retard, they didn't all disappear or start worshipping the state when Obama got elected (though presumably some of them did). Riseup may be a bunch of commie LARPers but they are likely genuinely opposed to the establishment (or at least they believe themselves to be, which is all that matters).
Brandon Evans
Brody Harris
Man, you guys really should read Neolithic and Bronze Age history.
Carter Brown
This is a false myth
Zachary Stewart
Matrix.org/Riot.im was recently hacked
Signal has proprietary Google blobs and Moxie hates libre forks that use his servers. (see LibreSignal[0])
Luis Hernandez
...
Charles Sullivan
Sure it's not the best protocol in the world, requires GCM for notifications and the servers are closed-source but at least it's somewhat better than botsapp while at the same time being pretty userfriendly.
I'm doing the same, i use the app AutoResponder for WA to redirect those that contact me on WA to Signal. If someone is interested in talking to you will take 2 minutes of his time to download an app. Those that aren't well they were probably using you or wanted to get something and not give nothing back.
Maybe in the future i will redirect people to Matrix, but at the moment the protocol seems to me half backed and most of the clients, expecially the mobile ones, really suck.
Jackson Rivera
It wasn't the Protocol's fault, they were using an old Jenkins installation on their servers and using some very bad practices to secure their servers. Now they fixed the issue and probably will pay more attention in the future. Shit happens. Only because it was hacked once doesn't means that you shouldn't be using it anymore.
Adrian Rodriguez
Imagine all the embarrassment you could have avoided here conflating social democrats with the left if you had simply took some time away from your busy shitposting schedule and read a book for once.
Levi Smith
What’s the degoogled fork of signal?
Dylan Evans
You have to meet up with the person first, so that's not very usable for me. Otherwise it's great.
You can self-host rocket.chat, I believe. Not sure if it has the push-to-talk capability. Mumble definetly has it. And there is also Riot, but it's unfinished.
Angel Jenkins
You're sad, just sad.
Joshua James
Whoa.
Nathan Sanders
I recommend Derelicts, by Tommy '86
tommy86.bandcamp.com
William Nelson
Gavin Young
...
Nathaniel Morgan
10 minute sms
Michael Rogers
etc. why should i pay for a phone number to access some stupid webshit network? i can just disregard it as non-internet
Grayson Gonzalez
(((pure coincidence)) I presume.
Ethan Jenkins
Wow, 1) retard newfag doesn't know who Francis E. Dec is, 2) he puts Politics into it
Jace Gonzalez
Anonymous, encrypted communication for
Brandon Cruz
Look up the IPs that you connect to when using Wire. They're hosted by (((Amazon))).
Use XMPP for encrypted chat
compliance.conversations.im
homebrewserver.club
Nathan Gonzalez
gay
Levi Reed
If you can't run it yourself then it's kiked.
Eli James
All you have to do is disable Javascript and disable CSS and you can get back web pages that take no time to load. 20 years ago, the CSS technology was limited and Javascript programs were minimal.
Dylan Ramirez
"Anarcho-communism" doesn't exist.
Noah Murphy
In a similar realm, here's a PDF of the recent page "Secure comms" that was archived after a couple days. Perhaps there's some info in it that the controllers of 8ch don't want others to know about. That it was halted so quickly could indicate that 8ch isnt a place for agencies to watch, but is under their control, and especially in regards to projects that allow us untraceable movements.
Jace Ward
Literal botnet.
Jordan Gonzalez
not as botnet as mega. its all javascript and you have to install their botnet programs to download most things and the site uses heavy javascript for everything so it wont work in a non botnet browser.
Grayson Brown
I too have been trying to get my friends who are stuck on snapchat to move to a real messenger. I've been looking into Telegram, mostly because it's already reasonably popular, but I know the servers are proprietary.
There's also Jami (formerly Ring), it's directly GNU-associated and distributed, but I don't know how stable and reliable it is. If anyone has been using it I'd like to hear your experience, it seems very promising.
Nolan Brooks
Using it was a pain in the ass thanks to routers censoring UDP, but they have recently added TCP support and implemented static code analysis of the daemon, should work better now. Also the project has just 3 years now, but it is getting more stable everyday.
Just improved:
p2p file sharing, peer discovery on a local network
Should be done soon:
group chat, merging GNU/Linux and Windows client web chat view, so they'll have less code to maintain
Gabriel Turner
That really isn't a trustworthy reference:
"Myth" 1: Contacts
I know from personal experience that old versions of iOS Signal refused to run without access to your contacts. You'd get a popup with the choice of:
A) go to Settings to allow Contacts access
B) quit Signal
Sure, after backlash they now allow you to run without Contacts access, but this does not make it a myth
"Myth" 2: phone number
They don't misrepresent the argument:
They just completely ignore it by pretending people only care about sharing a phone number if it's their personal number.
This is asinine, having a burner number that you have to maintain active for a particular app is stupid. It's worse than Google/Facebook/Twitter asking for a number, because there it is at least only a one-time thing.
TLDR:
Myth 3: just like Whatsapp
This is the only actual myth here, Signal is notably different from Whatsapp, which is:
* Facebook owned
* not open source
whereas Signal:
* operated as a non-profit
* open source
* sealed sender
* minimal metadata storage
* testing using SGX to increase privacy of phone number search
The SGX thing is talked about here: signal.org
Though whether you trust SGX is a different thing entirely.
Still, Signal is clearly better than Whatsapp, but that's not saying much.
Cooper Young
The fact they have an "Ephemeral Messages" messages category is concerning. Self-deleting messages are pure security theater, it really should not be listed.
The "foolproof" category is a good idea, but should be called something less sensational/deceptive; maybe "always-encrypted"?
Still, interesting list, worth a look-through.
securechatguide.org
I'd really want to see what's their reasoning behind this
Owen Peterson
Every celebrity "hacker" is an informant. Wasn't this guy infamous for something before signal? I feel like I remember his name from way before then. Of nothing else, having puff pieces written about you before you've even done that much in your career warrants suspicion.
PGP over email is actually pretty OK. Dead dropping encrypted text on an image board is probably viable. Really, it's not like you can't have discreet comms, but you can't do it on some whiz-bang Google/Apple/Amazon/Facebook service. We don't have to actually reinvent anything.
The signal app ignores the fact that Google or Apple has access to your input at a hardware level. Google keyboard doesn't care if what you typed gets encrypted later.
Ian Cooper
I used it back when it was Ring. It's pretty shit: the video call would only properly display one side (the other had a static image instead), the video quality was dogshit, and some of the messages would get dropped. Not recommended.
Mason James
Ok so if signal is so baste redpill me on this
Grayson Smith
Oh also this. I why the fuck should I enable this.