Signal Messaging Protocol/ Service

Recently, in an effort to move my normy friends/ relatives away from WhatsApp/ Facebook Messenger/ Snapchat/ Instagram/ BotNetServiceOfTheMonth, I've been recommending them signal and taking a firm "I'll either be on signal, irc, or email and that's it" stance. I chose to die on the hill of signal for its obvious reasons, that is supposed client-to-client encryption, open sores, etc.
Anons, what's your opinion on the Signal Protocol? Furthermore, is there any reason to not to use their service they provide, for insecure, non-misson critical discussion?

Attached: Signal_Blue_Icon.png (1024x1024, 14.59K)

Other urls found in this thread:

securechatguide.org/effguide.html#
github.com/signalapp/Signal-Android/issues/127
briarproject.org/how-it-works.html
infosec-handbook.eu/blog/signal-myths/
github.com/LibreSignal/LibreSignal/issues/37
tommy86.bandcamp.com/track/derelicts-a-war-took-place-here
wire.com/
f-droid.org/packages/im.vector.alpha/
compliance.conversations.im/
homebrewserver.club/picking-modern-xmpp-clients.html
anonfile.com/QfE7Rbs9n5/SecureComms1063871.html_pdf
signal.org/blog/private-contact-discovery/
securechatguide.org/centralizedapps.html#keybase
twitter.com/NSFWRedditGif

Riot > Signal

It's not supposed to be an anonymous messenger, simply secure communication between people who trust each other.

There's no reason not to use it, except some people feel offended that they have to use another app, which is so incredibly demanding.

Signal uses a centralized server that is entirely closed off from inspection. Signal also used to require the use of google services, then reluctantly released a secret fork to the github commenters that didn't need it. Moxie (NSA team) created a hidden page on their site with a download link to the fork. I'm not sure if the current version of signal in app stores works without google services actually. Maybe they're still making two versions. There were several years of debates on the github page for Signal where Moxie attacked and decried the open source community. He repeatedly said how much he hates them and liked to stifle their efforts. Signal apks only even became available outside of jewish app stores pretty recently. The debates would go like this:
Moxie: You lazy retards should fork Signal if you don't like it. I will never de-google it, and you're all retards for thinking that's a bad thing.
Crowd: Ok, that's a weird response. I guess you want your app to be shitty and insecure. We forked it to make it more privacy-oriented.
Moxie: How fucking dare you fork Signal?! You're going to split the user base and kill the project! If you dare use my server, I'm going to attack you and find ways to block you and take legal action.
Crowd: The fuck? Wow, that was odd. I guess we'll use our own server then. We already set it up.
Moxie: Are you serious?!
Moxie a week later: Good news! I created a new version of Signal that doesn't require google!


It was actually a had developer of CopperheadOS that created the Signal fork that worked with his own server, and that made Moxie de-google Signal.


Riot is still in beta and is resource intensive. It crashes on my phone. Riot will be the best when it's ready, but it's not there yet. Also, Signal works on Mac, Windows, Linux, Android, Apple, etc. It's not phone-only anymore.

The name "Moxie Marlinspike" should have been a massive red flag. Aside from how retarded you have to be to call yourself that, changing names like this is a great way to hide a past that would be inconvenient to your anarchist crypto h4x0r cred (e.g. being a former TLA contractor). They usually say it's for privacy and like fuck the state mang, but why would they officially change names? The state knows about that. It only means that YOU don't know who they are.

Matthew Rosenfeld

I don't trust anything made or run by antifa

...

Just don't use the matrix.org home server

securechatguide.org/effguide.html#

Pretty thorough comparison chart here. Signal looks good, I'd check out Wire, too.

it's shit and amatuer but far better than other boomer-skid bullshit like Telegram. the official implementation is a webscale piece of shit

Decided to ask about this, and I was linked the original thread

github.com/signalapp/Signal-Android/issues/127

Briar seems interesting. Anyone tried it?
briarproject.org/how-it-works.html

You are a simple-minded idiot. hurr durr, they disagree with my political views!

Interesting page, I've been seeing a bit of keybase recently. Does anyone here use it? I need a god damn encrypted group messaging service that will still be around in two years in order to convince friends to stop using dickscord. When there's 50 different competing standards and everyone's using the 1 shittiest one it's pretty hard to get them off of it unless you're reasonably sure the better one will eventually be more popular.

I think you're the idiot here, the Left is the status quo and it wants a bigger state. Si far, it only complains about abuse and surveillance because they're not the one in power.
Just look at Silicon Valley, a bunch of leftist dictators running companies.
I don't know who associated Leftism with Freedom in the past, but the two concepts are incompatible.

You could argue about Anarchism being compatible, but then you would regress to an era of slavery, as a state of Anarchism is unsustainable and soon feuds and power starts to concentrate.

There are still anarcho-communists you retard, they didn't all disappear or start worshipping the state when Obama got elected (though presumably some of them did). Riseup may be a bunch of commie LARPers but they are likely genuinely opposed to the establishment (or at least they believe themselves to be, which is all that matters).

Attached: I_Could_ve_Written_Any_Dethklok_Song_Metalocalypse_Adult_Swim-NvtHClOMw-A.webm (480x360, 3.3M)

Man, you guys really should read Neolithic and Bronze Age history.

This is a false myth

infosec-handbook.eu/blog/signal-myths/

Matrix.org/Riot.im was recently hacked

Signal has proprietary Google blobs and Moxie hates libre forks that use his servers. (see LibreSignal[0])

[0] github.com/LibreSignal/LibreSignal/issues/37

...

Sure it's not the best protocol in the world, requires GCM for notifications and the servers are closed-source but at least it's somewhat better than botsapp while at the same time being pretty userfriendly.

I'm doing the same, i use the app AutoResponder for WA to redirect those that contact me on WA to Signal. If someone is interested in talking to you will take 2 minutes of his time to download an app. Those that aren't well they were probably using you or wanted to get something and not give nothing back.

Maybe in the future i will redirect people to Matrix, but at the moment the protocol seems to me half backed and most of the clients, expecially the mobile ones, really suck.

It wasn't the Protocol's fault, they were using an old Jenkins installation on their servers and using some very bad practices to secure their servers. Now they fixed the issue and probably will pay more attention in the future. Shit happens. Only because it was hacked once doesn't means that you shouldn't be using it anymore.

Imagine all the embarrassment you could have avoided here conflating social democrats with the left if you had simply took some time away from your busy shitposting schedule and read a book for once.

What’s the degoogled fork of signal?

You have to meet up with the person first, so that's not very usable for me. Otherwise it's great.


You can self-host rocket.chat, I believe. Not sure if it has the push-to-talk capability. Mumble definetly has it. And there is also Riot, but it's unfinished.

You're sad, just sad.

Whoa.

I recommend Derelicts, by Tommy '86
tommy86.bandcamp.com/track/derelicts-a-war-took-place-here

Wire
wire.com/

Riot
f-droid.org/packages/im.vector.alpha/

...

10 minute sms

etc. why should i pay for a phone number to access some stupid webshit network? i can just disregard it as non-internet

(((pure coincidence)) I presume.

Wow, 1) retard newfag doesn't know who Francis E. Dec is, 2) he puts Politics into it

Anonymous, encrypted communication for

Look up the IPs that you connect to when using Wire. They're hosted by (((Amazon))).
Use XMPP for encrypted chat
compliance.conversations.im/
homebrewserver.club/picking-modern-xmpp-clients.html

gay

If you can't run it yourself then it's kiked.

All you have to do is disable Javascript and disable CSS and you can get back web pages that take no time to load. 20 years ago, the CSS technology was limited and Javascript programs were minimal.

"Anarcho-communism" doesn't exist.

In a similar realm, here's a PDF of the recent page "Secure comms" that was archived after a couple days. Perhaps there's some info in it that the controllers of 8ch don't want others to know about. That it was halted so quickly could indicate that 8ch isnt a place for agencies to watch, but is under their control, and especially in regards to projects that allow us untraceable movements.

anonfile.com/QfE7Rbs9n5/SecureComms1063871.html_pdf

Literal botnet.

not as botnet as mega. its all javascript and you have to install their botnet programs to download most things and the site uses heavy javascript for everything so it wont work in a non botnet browser.

I too have been trying to get my friends who are stuck on snapchat to move to a real messenger. I've been looking into Telegram, mostly because it's already reasonably popular, but I know the servers are proprietary.
There's also Jami (formerly Ring), it's directly GNU-associated and distributed, but I don't know how stable and reliable it is. If anyone has been using it I'd like to hear your experience, it seems very promising.

Attached: logo-jami.png (300x121, 14.51K)

Using it was a pain in the ass thanks to routers censoring UDP, but they have recently added TCP support and implemented static code analysis of the daemon, should work better now. Also the project has just 3 years now, but it is getting more stable everyday.
Just improved:
p2p file sharing, peer discovery on a local network
Should be done soon:
group chat, merging GNU/Linux and Windows client web chat view, so they'll have less code to maintain

That really isn't a trustworthy reference:

"Myth" 1: Contacts
I know from personal experience that old versions of iOS Signal refused to run without access to your contacts. You'd get a popup with the choice of:
A) go to Settings to allow Contacts access
B) quit Signal
Sure, after backlash they now allow you to run without Contacts access, but this does not make it a myth

"Myth" 2: phone number
They don't misrepresent the argument:
They just completely ignore it by pretending people only care about sharing a phone number if it's their personal number.

This is asinine, having a burner number that you have to maintain active for a particular app is stupid. It's worse than Google/Facebook/Twitter asking for a number, because there it is at least only a one-time thing.

TLDR:

Myth 3: just like Whatsapp
This is the only actual myth here, Signal is notably different from Whatsapp, which is:
* Facebook owned
* not open source
whereas Signal:
* operated as a non-profit
* open source
* sealed sender
* minimal metadata storage
* testing using SGX to increase privacy of phone number search

The SGX thing is talked about here: signal.org/blog/private-contact-discovery/
Though whether you trust SGX is a different thing entirely.

Still, Signal is clearly better than Whatsapp, but that's not saying much.

The fact they have an "Ephemeral Messages" messages category is concerning. Self-deleting messages are pure security theater, it really should not be listed.

The "foolproof" category is a good idea, but should be called something less sensational/deceptive; maybe "always-encrypted"?

Still, interesting list, worth a look-through.


securechatguide.org/centralizedapps.html#keybase
I'd really want to see what's their reasoning behind this

Every celebrity "hacker" is an informant. Wasn't this guy infamous for something before signal? I feel like I remember his name from way before then. Of nothing else, having puff pieces written about you before you've even done that much in your career warrants suspicion.


PGP over email is actually pretty OK. Dead dropping encrypted text on an image board is probably viable. Really, it's not like you can't have discreet comms, but you can't do it on some whiz-bang Google/Apple/Amazon/Facebook service. We don't have to actually reinvent anything.

The signal app ignores the fact that Google or Apple has access to your input at a hardware level. Google keyboard doesn't care if what you typed gets encrypted later.

I used it back when it was Ring. It's pretty shit: the video call would only properly display one side (the other had a static image instead), the video quality was dogshit, and some of the messages would get dropped. Not recommended.

Ok so if signal is so baste redpill me on this

Attached: obscura1563219643905.jpg (360x569, 118.22K)

Oh also this. I why the fuck should I enable this.

Attached: obscura1563238336835.jpg (360x640, 43.1K)