• Draconic NEO@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    40
    arrow-down
    29
    ·
    7 months ago

    Remember kids, if someone makes a centralized app or messaging claiming to be a savior of privacy and security, you should be skeptical of them and their integrity. Really you should be skeptical of anyone making grand promises of privacy and security, especially boastful ones. Though decentralized services are less risky than centralized ones, and that’s why I recommend people use Matrix instead of Signal.

    Matrix still has problems but it being decentralized eliminates many of the corruption issues by simply using a server not affiliated with the creators.

    • Onomatopoeia@lemmy.cafe
      link
      fedilink
      English
      arrow-up
      25
      arrow-down
      2
      ·
      7 months ago

      Their claim that they dropped sms support because engineering costs causes me to question them.

      There are free sms apps. Android handles SMS, an app just reads/writes the SMS database via an API.

      • easily3667@lemmus.org
        link
        fedilink
        English
        arrow-up
        15
        arrow-down
        1
        ·
        7 months ago

        They also claimed they couldn’t leave bubbles in different colors because of the engineering effort. They had to make the android bubbles look gross like apple bubbles to reduce their test and maintenance costs.

        • root@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          7 months ago

          I’m glad someone still remembers. I reported that as a bug when it first happened because it seemed like such a bad choice that I assumed it was in error. Colored chat bubbles were great

      • Takumidesh@lemmy.world
        link
        fedilink
        arrow-up
        14
        arrow-down
        10
        ·
        7 months ago

        I thought they dropped it because sms is fundamentally antithetical to a secure messaging platform and their view was that sms inclusion was causing confidence issues for their users who weren’t sure if a message would fall back to an unencrypted sms message.

        • easily3667@lemmus.org
          link
          fedilink
          English
          arrow-up
          17
          arrow-down
          3
          ·
          7 months ago

          Nope, pretty much every sms user screamed out simultaneously on reddit telling them “if you take this away I’m never going to be able to convince another soul to use signal, it’s a massive selling point that it’s all one app” and they said “but I’m better than you at knowing what you need” and did it anyway.

          • Takumidesh@lemmy.world
            link
            fedilink
            arrow-up
            9
            arrow-down
            9
            ·
            7 months ago

            I think their logic makes sense though. Signal as an SMS app is functionally pointless. If you can’t convince someone to use signal because they are just using SMS anyway, then what is the point? If you are prostletyzing encrypted communication to people, an important aspect is communicating the why’s. I think sms on the platform ultimately did do more harm than good, it confused the normal people, and presented risks for leaking data, since it was not always clear if hitting the send button would result in an encrypted message or not.

            A nice example that is always brought up with signal, is matrix, which perfectly demonstrates the issue at hand. Matrix, which is touted as a ‘secure’ platform, is actually the opposite, it requires positive action to enable and maintain encrypted messaging, and because it allows insecure communication, it opens up tons of holes, either from user error or unclear messaging from the platform. (Things like severe metadata leakage and unclear communication as to what is encrypted or not). There is a reason governments and militaries around the world use signal over other options.

            I think you only need to look at the recent Atlantic leaks to demonstrate that users don’t actually know best as well. You have a general user base that has poor security hygiene and the concept of op sec is completely foreign. Confidential group chats would be constantly compromised by one person losing a data connection resulting in the message being sent as SMS and if you don’t have automatic fail over, then SMS support offers no functional benefit, and only serves to add a workload that accomplishes nothing.

            Signal has cultivated a platform that has no unclear boundaries. If you send a message on signal, it is e2e encrypted every single time, there is no scenario where this is not the case. That’s more valuable than presenting the option to have an encrypted conversation.

            I also don’t really think that is a valid argument, none of signal’s contemporaries offered this feature and it didn’t stop them. I have never heard someone say that they can’t get people to use Messenger, Whatsapp, or Telegram because it doesn’t support SMS.

            Another counter point is that signal’s user base has only grown since they removed the SMS feature.

            Finally, I don’t think that what you are saying aligns with the previous comment anyway, in fact it seems like it was agreeing with me. The decision wasn’t done because of developer resources, it was a conscious decision they made because they believed that SMS should not be part of their product.

            • easily3667@lemmus.org
              link
              fedilink
              English
              arrow-up
              1
              ·
              7 months ago

              This is long, and there are probably valid points, but I got to a point in the middle where it was abundantly clear you never used the sms functions of signal (you described a ux event that is impossible) so I don’t really feel like taking this seriously.

              I won’t disagree that users can have bad opsec…but that’s not up to signal to decide, it’s for them to improve.

              Matrix has iirc one checkbox to enable encryption by default and it’s been set for a while unless I’m mistaken (noone I know uses matrix). Yes you have to set it for groups, but large online group discussions usually don’t need encryption on. There’s also still the self-hosted option where a group chat with your friends on your server doesn’t need encryption at all.

              I guess my point is there’s really more nuance here than I care to argue about, but the SMS tooling in signal was nowhere near as big of a point of confusion as you think it was, and I have not gotten a single new person onto signal since they took it out.

              • Takumidesh@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                7 months ago

                I remember multiple times my chat switching to SMS when I did not have a stable data connection, though, admittedly, it’s been years since signal dropped support and I don’t remember the specific mechanics of the situation, but I specifically remember the same message chain would have both sms and signal messages in it.

                I’ve used signal for at least 6 years now, and I remember online discourse being centered around why signal included SMS in the first place, with most of the discussion being around how people dislike the false sense of security comingling insecure data with secure data provided. The discourse didn’t change until after signal announced they were dropping support and suddenly people came out of the Woodwork talking about how horrible signal is for adopting good security practices.

                Why doesn’t telegram or Whatsapp get the same treatment?

        • Reddfugee42@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          2
          ·
          7 months ago

          Their claim that they dropped sms support because engineering costs causes me to question them.

          There are free sms apps. Android handles SMS, an app just reads/writes the SMS database via an API.

          • Laser@feddit.org
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            7 months ago

            It wasn’t about sending SMS, it was about sending SMS securely, and whether this actually provided an improvement offer not offering it anymore. TextSecure came out when mobile data wasn’t as prevalent. But times have changed

      • lambalicious@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        8
        ·
        7 months ago

        They didn’t drop them because of money costs, where did you get such a statement?

        In any event they didn’t really have much of a choice, even if they dropped the ball by not simply resurfacing the old SMS product they did and do have. Having SMS and have people assume it was private because it was on Signal had already caused various issues, of the kind that causes bad mouth-to-mouth for your service. Signal’s response, while adequate, was also lazy.

        • something_random_tho@lemmy.world
          link
          fedilink
          arrow-up
          13
          arrow-down
          10
          ·
          edit-2
          7 months ago

          https://spec.matrix.org/latest/#room-structure

          The content of the messages can be encrypted. Who is in a room and who sent each message is not. See the “shared data” section of the chart.

          Encrypting that data would require something like Sealed Sender (like Signal), and that is entirely absent from the spec and any implementation.

          Edit: to the people downvoting, this is the literal Matrix spec upon which all the implementations rely. You are asking me to prove the absence of something in it. If you could, point me to the section that comments on the encryption of metadata in the spec. You may not like the answer (I’d love for it to encrypt metadata too!) but that doesn’t change the fact that it doesn’t encrypt metadata at this time.

          • easily3667@lemmus.org
            link
            fedilink
            English
            arrow-up
            4
            ·
            7 months ago

            I’m not downvoting but I can say I was definitely hoping for more a study where data is probably leaking (ie theory vs practice). I know there had been some things like this the better part of a decade ago hence my time restriction, but maybe nothing new.

            Looking at the shared data section you mentioned I don’t really get how it’s possible to avoid the system knowing who is in a room – except by limiting yourself to safe servers. Signal does that with a central system, but matrix certainly would allow self hosting such that this data doesn’t leak between servers.

            The weird thing about that section to me is it says the messages are listed as json objects but…I don’t see how that works with room encryption. I suppose the json objects include the encryption data but I thought they had to do something weird for room encryption to make the double ratchet perform well.

      • EngineerGaming@feddit.nl
        link
        fedilink
        arrow-up
        4
        ·
        7 months ago

        However, unlike Signal, you can exclude external participating servers entirely.

        (I heavily prefer XMPP to Matrix tho, even though I host both)

      • Swedneck@discuss.tchncs.de
        link
        fedilink
        arrow-up
        4
        arrow-down
        2
        ·
        7 months ago

        yeah, no shit, it’s decentralized.

        If you don’t want that metadata visible then host your own server and require your organization to use only that server, there are settings specifically to enforce this use-case.

        the french government uses matrix for communications, it’s fine.

    • Telorand@reddthat.com
      link
      fedilink
      arrow-up
      13
      arrow-down
      11
      ·
      7 months ago

      …if someone makes [an] centralized app or messaging claiming to be a savior of privacy and security, you should be skeptical of them and their integrity.

      True, but that doesn’t mean you stop there, otherwise it’s just reactionism. You can literally go and inspect the Signal code, compile the client yourself, and use it. You can verify that the E2EE claims are correct and that Signal can’t decrypt messages it relays.

      The only thing you can’t know with 100% certainty is whether they’re storing encrypted messages or not. You can look at their track record. You can look at how they spend their money. But you can’t know that one thing.

      However, Matrix instances may store encrypted messages. Just because it’s federated doesn’t mean it’s therefore more private; it’s just resistant to capitalist fuckery. You have to look at the entire implementation, and that becomes difficult when the way in which instances participate is voluntary, not mandatory.

      I agree that people should be skeptical, but skepticism is a verification philosophy, not the act of simply rejecting claims.

      • Draconic NEO@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        11
        ·
        7 months ago

        I think the story of Whatsapp should’ve taught people that capitalist fuckery and living long enough to become the villain are bigger threats than people give credit for, and Signal is just as vulnerable to this as WhatsApp was. They’ve also fought against any ways that it could be mitigated, they fought and are still fighting unofficial clients (moxie himself went around harassing people to stop), they fought any form of decentralization or interoperability with other servers and self-hosting.

        All things that could make signal a bit more resistant towards something like what happened with WhatsApp, yet they’ve all been rejected in favor of exclusive control on the app (and for a long time it was GMS tied on the PlayStore) and exclusive control of the the network. Two things that don’t exactly bode well for the future.

        • Telorand@reddthat.com
          link
          fedilink
          arrow-up
          8
          arrow-down
          3
          ·
          7 months ago

          Signal is just as vulnerable to this as WhatsApp was.

          No, they’re not. Whatsapp was never controlled by a 501©3. Selling everything off to a for-profit company isn’t a simple transaction, or else OpenAI would have tried that already.

          They’ve also fought against any ways that it could be mitigated, they fought and are still fighting unofficial clients (moxie himself went around harassing people to stop), they fought any form of decentralization or interoperability with other servers and self-hosting.

          If you go and read the reasoning, it makes sense. Part of it is the enforcement of their internal standards (like not storing chats for longer than it takes to deliver them) and part of it is that it would require rebuilding almost everything. It was never designed with ad hoc server participation or self-hosting in mind; you can’t just drop in an API on top of existing software.

          I agree that centralized chat is a potential chokepoint for capitalists to enshittify things, but people are crucifying Signal for something that hasn’t even remotely happened.

          If it does, there’s lots of options out there that are getting better all the time. My backup plan is SimpleX. But Signal still seems to be delivering what they claim, and it’s a lot easier to get non-technical people on board with encrypted chat via Signal than many of the other options, currently.

    • root@lemmy.world
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      7 months ago

      I think it’s more of “would you rather SMS or Signal grandma?” Because Signal is so easy adopted, it’s preferred for less technical users. I use Matrix as well but that’s for the technical friends

    • monkA
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      7 months ago

      Blegh. Use literally anything decentralized but Matrix.

    • lambalicious@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      17
      ·
      7 months ago

      Matrix

      I hope you mean XMPP / Jabber? Matrix is as open and chatty as Trump is when servicing Musk.

        • EngineerGaming@feddit.nl
          link
          fedilink
          arrow-up
          3
          ·
          7 months ago

          My issue is that it is just much heavier. My XMPP server consumes a fraction of RAM and CPU that my Matrix server does.

          • Swedneck@discuss.tchncs.de
            link
            fedilink
            arrow-up
            7
            ·
            7 months ago

            synapse is notoriously dogshit because they’ve ended up needing to constantly focus on developing it rather than finish getting dendrite (the actually optimized server software) feature-complete so it can take over as the reference implementation.

            like, jesus christ, synapse is written in python! entirely unsurprising it has terrible performance.

            • EngineerGaming@feddit.nl
              link
              fedilink
              arrow-up
              2
              ·
              7 months ago

              They even admitted this, lol. “Oopsie, our flagship server implementation doesn’t scale. Here, we made a commercial version for your bigger deployments”.

    • EvenOdds@lemm.ee
      link
      fedilink
      arrow-up
      6
      arrow-down
      13
      ·
      7 months ago

      Matrix has other issues, something like session might be more equivalent to signal.

      • easily3667@lemmus.org
        link
        fedilink
        English
        arrow-up
        16
        arrow-down
        3
        ·
        7 months ago

        Such as? If you want to write lackluster information-free messages like that, you should at least provide your list of things with zero issues whatsoever so we can compare. Session definitely doesn’t have zero issues whatsoever.

        • EvenOdds@lemm.ee
          link
          fedilink
          arrow-up
          1
          arrow-down
          2
          ·
          7 months ago

          Fair call. Other people have commented on issues with matrix so I won’t dilute the thread by repeating that. I mentioned session as an alternative because it meet the criteria set for the poster by being decentralised. It’s also E2EE and routes messages via onion so encourages anonymity.

          There are a heap of comparisons available on the different encrypted messaging apps, but they all put different weight on various features which can skew perspectives. Here’s one for consideration:

          https://www.securemessagingapps.com/

          Personally I use signal, matrix and session, and think they all satisfy the requirements for my threat model.