this post was submitted on 02 Nov 2023
170 points (95.7% liked)
Privacy
31859 readers
313 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm using molly for several months now it is really nice but recently I dive myself in XMPP and it is superior to molly/signal just because XMPP servers are auditable amd you can actually see if the server is using encryption or not while signal servers are closed source unfortunately, it's their only flaw
The signal source code is open source, it is hard to prove that the servers are running the source code that's published, and we know they have admitted to having source code they don't publish for anti-spam purposes.
But you could take the signal server source code and stand up your own signal servers today.
impossible*
The Signal protocol is built in a way where you don't have to trust the server. The servers could be run by the NSA, it wouldn't matter. Especially now that the Signal protocol uses post-quantum cryptography.
And how do I tell may client to use only a specific server?
If your going to run a independent signal server cluster, you will also need to modify the client applications to connect to your cluster.
You probably would find the molly developers happy to accept a push request to have some configurable backend selection.
Session demonstrates this is possible.
If yo run your signal server does it come with the new quantum E2EE?
Good question, check with the signal github
I don't know man, seems to me XMPP is more secure (unless you trust Signal) and simple to use because you have to jump less hoops
By all means, go with the platform you like better!
https://www.privacyguides.org/en/real-time-communication/
Are all perfectly acceptable options
AFAIK it's entirely done in the client. The server doesn't perform any encryption/decryption other than TLS.
Your client encrypts and decrypts everything, so it is actually not a privacy concern regarding message content when we don't know what the server does.
The server could decrypt or could be machines attached to the server that store data
Your private key stays at the client, the server doesn't get it. Verifiable by the source code of your client
Ook thanks
The Signal servers don't do the encryption, it's done on your phone. That's how end-to-end encryption works. Also, Signal's Server code is FOSS: https://github.com/signalapp/Signal-Server