Meredith Whittaker reaffirms that Signal would leave UK if forced by privacy bill::Meredith Whittaker, the president of the Signal Foundation, the organization that maintains the Signal messaging app, spoke about the U.K.'s controversial new privacy bill at TC Disrupt 2023.

  • Varyk@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    1
    ·
    1 year ago

    Thanks very much for the breakdown. I was totally unaware of the keys being stored in the cloud, that seems like a terrible idea for a privacy based messaging system.

    Are there more secure alternatives?

        • SimplePhysics@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Almost every chat platform uses encryption by default, including telegram. If you are talking about E2EE, you have to enable that manually for each chat.

      • orca@orcas.enjoying.yachts
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Do you still have to consciously enable encryption in Telegram? That was the gripe people had with it for a while. Chats weren’t encrypted by default.

      • SirEDCaLot@lemmy.fmhy.net
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        3
        ·
        edit-2
        1 year ago

        Matrix is really awesome and I hope it becomes the gold standard. However, if I were a Snowden, I would pick signal over matrix for the simple reason that signal doesn’t store your conversations on the server. Matrix does. Those conversations are encrypted client side with a key the server doesn’t have, but they are still stored centrally. That has advantages and disadvantages. It is much better for usability, because you can log in from any device and you see all of your conversations in one place. Unlike signal, there are no primary and linked devices, you can run matrix on desktop, laptop, phone, tablet, or straight from a web browser. When logging in from a new device, you need your username, password, and to either authenticate the session from another device, or manually put in your encryption key to decode the chats. That also means there is no need for backup or restore of anything other than your encryption key. For that reason, I am more frequently pushing people to install matrix than signal these days.

        However if security is more important than usability, signal wins, if only because there is never a question of storing anything on any server. Start a chat with somebody, make the messages disappearing, and you can be pretty sure that as long as neither of your devices are captured while the chat is in progress it will never be seen by anybody.

        • orca@orcas.enjoying.yachts
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          1
          ·
          1 year ago

          This breakdown makes me much more hesitant to ever use Signal over Matrix. Signal is storing the keys themselves, where as Matrix is storing messages that can’t be decrypted and no keys. If the keys on Signal’s servers are ever stolen, you can kiss all of your message privacy goodbye. If a Matrix server is hacked, the user can’t do anything with the messages because they’re encrypted and no keys are stored.

          You also have the option to host your own Matrix server and have more control—something that is not an option with Signal.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      1 year ago

      Yes. But signal is the gold standard, it’s going to be hard to get your contacts onto any other platform.

      https://www.privacyguides.org/en/real-time-communication/

      Reviews the options nicely, I use briar, it’s rough around the edges. But it does the job.

      I’ve been meaning to try simple x, but I haven’t given it a go yet.

      You can follow the privacy guides guide on hardening signal, it’s useful. Net net the easiest thing to do is disable your PIN, and ask any friends you’re speaking with to disable their PIN.

      https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/#signal-pin

      • AbidanYre@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Simplex is working pretty well for me. One of the people I chat with has an apple device so briar wasn’t an option, otherwise that’s probably what we would be using.

      • Varyk@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Okay, thanks. I’ll read both of those articles and for now disable my pin on signal and talk to my contacts.