Privacy

36712 readers

417 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

JWZ weighs in on Signal again (www.jwz.org)

submitted 5 days ago by [email protected] to c/[email protected]

82 comments fedilink hide all child comments

JWZ previously:

See also: Why not Signal?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 18 points 5 days ago (2 children)

~~most~~ some of the stuff on that list isn't even true (at least not anymore) lol

[–] [email protected] 3 points 5 days ago (1 children)

What specifically isn't true?

[–] [email protected] 4 points 5 days ago

4/5, and partially 1 bc mobcoin doesn't use pow or pos.

disclaimer: I don't fw signal or cryptocurrency of any kind

[–] [email protected] 1 points 5 days ago* (last edited 5 days ago) (4 children)

There are six bullet points. Which ones are no longer true?

The only one I know of is point 4, in that you can now choose not to share your phone number. But, IIUC, the app uses the dark pattern of forever nagging you to share it, hoping you’ll eventually accidentally click the wrong choice.

[–] [email protected] 15 points 5 days ago (2 children)

Point 2 is mostly not true, in that Molly exists and you can do reproducible builds with either implementation.

[–] [email protected] 7 points 5 days ago* (last edited 5 days ago) (1 children)

Unless Signal's policies recently changed, Molly is not interoperable, since Signal does not allow third-party clients to use their servers/network. That would make point 2 correct.

If that policy has changed, then someone please link the announcement so I can update my notes.

[–] [email protected] 10 points 5 days ago (1 children)

They've been allowing Molly to continue to function for multiple years. Notably, from Molly's readme:

Molly connects to Signal's servers, so you can chat with your Signal contacts seamlessly.

I looked over the terms of service linked there and don't see anything specifically calling out third party clients. Is that elsewhere in another terms page somewhere or is it just not being specifically mentioned?

[–] [email protected] 5 points 5 days ago* (last edited 5 days ago) (2 children)

It was a few years ago when I read Signal's statement about this, so I'm afraid I don't have a link for you.

I believe you when you say Molly functions, but it's important to note that without Signal's blessing, anyone using Molly can be locked out of the network (and their chats and contacts) at any moment. It's not the same as official interoperability.

I wonder if the Digital Markets Act will eventually force it.

[–] [email protected] 1 points 4 days ago

If they have such "security concerns" with third-party clients, a compromise would be to mark profiles using unofficial clients, and make it possible to see what client it is. Because it's audacious to disapprove of third-party ones while your own lacks features people find important! Such as:

Allowing an arbitrary proxy rather than just their own solution (because not only is their own solution inferior to some of the more advanced censorship-evading technology, but this is the field that needs multiple options when one stops working. Also if a person uses a proxy for everything else anyway, making them set up a whole separate solution or find someone else's proxy just for your app is pointless.
UnifiedPush.
Allowing tying a desktop client by typing a code rather than scanning a QR code, which is important when registering on an Android VM (because again, Signal just arbitrarily disallows account creation on a desktop, nevermind that most phones are very hard or impossible to make private!)

[–] [email protected] 2 points 5 days ago* (last edited 5 days ago)

Absolutely, and I'm not trying to say they don't own their infra or have the ability to cut off the Molly users. Luckily, if that were to happen, you could use the automated backups to restore back into Signal, since they're functionally the same.

Regardless, both apps have reproducible builds. It's the infra that isn't reproducible.

[–] [email protected] 4 points 4 days ago

To be fair, from Signal's attitude it seems that Molly is tolerated rather than welcomed. And that it may be shut off if it gets big enough.

[–] [email protected] 10 points 5 days ago

I use the Signal a lot and have never been nagged to share my phone number.

[–] [email protected] 10 points 5 days ago

4 and 5, from what I remember you have to opt into being discoverable by number even if you give it your contacts. that said I don't fw signal for the other reasons stated, it's basically just the easiest secure alternative to texting.

[–] [email protected] 8 points 5 days ago

2 is probably wrong. Molly exists. Trademark cannot be used to prevent other implementations, just the use of the name or other dress. What may not be open is the server side code and federation is not supported.