Signal is not the place for top secret communications, but it might be the right choice for you – a cybersecurity expert on what to look for in a secure messaging app
Signal is not the place for top secret communications, but it might be the right choice for you – a cybersecurity expert on what to look for in a secure messaging app
Keeping your chats secure is a good idea, but end-to-end encryption is just the beginning of the list of options to consider when picking a messaging app.
You're viewing a single thread.
EVERYONE SHOULD DOWNLOAD SIGNAL for PHONE-NUMBER-based communication, tho. Proper RCS is not here yet (and won't be in a long while), so let's try to mobilize people to Signal.
DeltaChat is cooler for non-phone based communications, IMO, and decentralization makes it way sexier and worth this tradeoff.
Actually RCS has encryption in the new spec now, and we could see encrypted RCS messages implemented on iOS and Android within a year.
But even so, use Signal.
RCS still leaks metadata like a sieve. Encryption, considering the platforms that exist today (Signal and SimpleX), should not be the minimum requirement. Plain-text messaging should not even be possible in modern secure messaging platforms. The platform should be open source and be engineered to mitigate the collection of metadata - like Signal and SimpleX.
Seeing as RCS with encryption based on the MLS standard hasnt been deployed yet, can you show exactly what metadata is leaking?
Well, instead of leaking metadata to Signal, AWS, Cloudflare, Google/Apple and your ISP, like Signal does, RCS only leaks it to your ISP /s
MLS only deals with encryption and key management, which is great but that's been a "solved" problem since TextSecure (now Signal) introduced the TextSecure Protocol (now the Signal Protocol) in 2013.
What I'm aware is missing with RCS / MLS compared to Signal (someone with more recent knowledge please correct me):
- Sealed sender so only the recipient knows who sent the message.
- Not storing metadata or logs.
- No built in crash reports.
- Private contact discovery.
- Published government requests providing evidence that they don't have any data.
- Open source client.
- Looking at the Google Play store, Google's Messenger shares precise location data with third parties, Signal doesn't.
- Also on the Google Play store, Google's Messenger app list a lot of data collected. Signal only lists phone number.
I think they mean that it'll take time for everyone to get it. My carrier still doesn't even have RCS at all.
xmpp is like if deltachat was good
What I dislike about XMPP is that the client ecosystem is definitely weaker than DeltaChat. DeltaChat "just works", and it works incredibly similar and efficient across devices.
But yes, I wouldn't mind if the world used XMPP instead, honestly.
It also just gets blocked by autocratic firewalls. Deltachat is clutch because it can theoretically run on top of any email host so it's way more difficult to block.
You can easily redirect xmpp to port 443 which is not blocked by most firewalls. If you have problems with firewalls or public wifis your xmpp server is misconfigured.
China will definitely block xmpp on any port. I know this because I have tested this very specifically from my own server. It lasted about a day and a dozen messages before it was blocked, and the box got absolutely slammed with vulnerability scans.
This is odd because I know a few mainland Chinese people that use XMPP without problems (and afaik without a VPN).
Sounds like your server got blocked for another reason?
I can almost guarantee you they are using it through a VPN or they have a western SIM card. If not I'd love to know what server they use, as I've tested this a bunch of times on several public and private servers and it's always the same result. If it isn't blocked on day 1 it will be blocked quickly.
how is that different from how xmpp (or matrix) is distributed
Isn't DeltaChat just PGP encrypted email? Could be wrong
Kinda, but that's the gist of it.
yeah basically, and gcs work like text message or email chains, theres no way to moderate that
I use signal myself but I also use simple X. I can't use delta chat because I use proton for my email and therefore can't use delta.
Delta Chat is not associated with your email account, as far as I can tell. Am I wrong?
⚡️ Sign up to secure fast chatmail servers or use classic e-mail servers
You don't have to use a "classic email server", or even link your account to your current email address at all. The default onboarding procedure actually creates a new anonymous account for you on the default chatmail server. Reading through the site, I can't actually even tell why someone would want to use their preexisting email address.
Ah, okay. I think I heard about it at an earlier point where it was only using your current email.
Yeah, that's when I first used it too, it had to go through your email. Now it just uses the email backbone to send messages back and forth. Also, self-contained webxdc apps you can use with people in your chat, which is kinda cool.
The self-contained webxdc apps are a pretty cool bonus to what already feels like a normal chat app. I primarily use Signal, but given the current climate of governments trying to force backdoors in to encrypted apps, and the fact it's a US server, I wanted a decentralized backup. And email isn't going anywhere, so it seems like a good option.
monocles chat and cheogram have webxdc as well