this post was submitted on 20 Feb 2024
153 points (100.0% liked)

Free and Open Source Software

17941 readers
22 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Finally, we can have usernames in Signal instead of giving our phone number to everybody.

you are viewing a single comment's thread
view the rest of the comments
[–] Rikj000@discuss.tchncs.de 30 points 9 months ago* (last edited 9 months ago) (5 children)

Sign-up still requires a phone number.. -.-"

Checkout Matrix/Element ~~or Session~~,
there you can actually enjoy privacy by signing-up without a phone number/email:

Edit: Due to Session's company residing in Australia,
which appareantly has bad privacy laws,
i don't feel comfortable with recommending it anymore

[–] starflower@lemmy.blahaj.zone 28 points 9 months ago

Ah yes, Signal, known anti-privacy company

[–] debanqued@beehaw.org 6 points 9 months ago

Sign-up still requires a phone number… -.-"

Thanks for the warning -- that was my first question. It is my top reason (among many other reasons) for avoiding Signal.

Checkout Matrix/Element or Session,

All 3 of the sites you linked are Cloudflare sites (thus antithetical to privacy). Yes, I know you can use some of that tech without touching CF, but when they run CF websites it reveals hypocrisy & not understanding the goals of their audience.

[–] Radiant_sir_radiant@beehaw.org 4 points 9 months ago (1 children)

If that's a concern you could also always use Threema, which has been built from the ground up to use anonymous random IDs and optionally lets you link a phone number or e-mail address to that ID. The company has also won important court cases against having to store metadata preemptively and responding to blanket requests by law enforcement.

[–] Rikj000@discuss.tchncs.de 1 points 8 months ago* (last edited 8 months ago) (1 children)

I never heard about Threema before,
quickly glanced at it's Github repo,
but I think I prefer Matrix/Element over it.

Threema seems to largely rely om GMS (Google Messaging Service),
meaning that most messages will go through Google's servers,
albeit end-to-end encrypted for now,
I would not be suprised if Google would participate in "Harvest now, Decrypt later".

[–] Radiant_sir_radiant@beehaw.org 2 points 8 months ago* (last edited 8 months ago)

There's actually an option to turn GMS off entirely if that's a concern (Settings-->About-->Advanced). It comes at the cost of slightly increased battery usage. Sadly Google does have a bit of a monopoly on mainstream Android there.
Having said that, the messages themselves should never pass Google's servers, just a packet saying "check your Threema server, there's new stuff waiting for you."

[–] Onii-Chan@kbin.social 3 points 9 months ago (1 children)

Is Session actually secure though? I know they're based in Australia, and as an Aussie myself, holy fuck would I not trust this country for even a fraction of a picosecond with anything private or sensitive. We have some of the world's most draconian and far-reaching digital privacy and surveillance laws, and I'm not ready to accept that Session hasn't been secretly compromised by the AFP, given the law against revealing government backdoors.

Happy to be proven wrong, but I always err on the side of extreme caution when it comes to Australia. Digitally, we're closer to the CCP than any of our fellow western nations.

[–] Rikj000@discuss.tchncs.de 0 points 9 months ago (1 children)

Wasn't aware of that, would love to hear about it if someome could shine some more light onto the matter :)

If that's the case, I have to stop using/recommending Session

[–] HyperMegaNet@lemm.ee 1 points 9 months ago

I'm not the person you responded to, but the Assistance and Access Act 2018 is probably a good place to start. Here is a page from the Aus Government about it, but the very short version is that the government can ask tech providers to assist them with building capabilities into their systems to allow the government to access data to help with the investigation of certain crimes. In some cases these will be voluntary requests, in other cases they will be requests that must be fulfilled, including asking providers to add capabilities that the government has developed.

There's a lot more detail about it, and the government insists that they won't ask providers to create systematic weaknesses or to decrypt communications entirely, but it's not clear to me exactly how those ideas are actually implemented. Unfortunately, much of the process (likely the entire process) is not made public, so as far as I'm aware there aren't any good examples of requests that the government has made and what sorts of things have or haven't been implemented.