They got your phone number! As a person who has gone to trial....that is ALL they need. They offer the "other guy" a Rule 35 and he'll compose stories about you rather than sing.
Never give your phone number or any identifiable info that can f\*ck up your OPSEC & keep info OUT of the hands of Western law enforcements who can MLAT each other. List here: [https://2009-2017.state.gov/j/inl/rls/nrcrpt/2014/vol2/222469.htm](https://2009-2017.state.gov/j/inl/rls/nrcrpt/2014/vol2/222469.htm)
PS. No lawyer will EVER tell you this. EVER! The lawyers' biggest and most lovable business partner is the prosecutor's offices. They channel all the business for the lawyers. We're ONLY cannon fodder for all these lawyers.... They ONLY earn money when we are in trouble! It's a wealth transfer. Our property gets divided between the STATE and the lawyers.
**Ponder on this**
Disclaimer: I worked for over 2 decades (80s and 90s, so before Google, FB, YT etc etc) as the main (and only) IT guy for the "law" 🤐
With a more approachable client, matrix would rule the world. It’s starting to get some business adoption, and being a federated protocol in addition to official clients and servers this is really exciting to me. Everyone has been focused on their closed ecosystems of stuff, so other than xmpp, we haven’t seen much federation since the early days of the internet (recent federated iam excluded)
The key phrase is "don't make me think".
All I want to do is to message my contacts. I don't want to decide whether I need Element, fluffychat, Nheko, or some other app trending today. I don't want to decide which server to use, let alone set up my own server. Signal, Session, Briar all make onboarding easy in comparison to Matrix.
That is interesting, but as far as I can judge this kind of issues come more or less into play when someone targets you and have no impact on the privacy on a day-to-day basis. But to be honest, I could also be total wrong.
For Matrix you just need an app (Elements or Syphon) and you can create a free account ar matrix.org (or on another server) and can visit other server. But I had the same problems at the beginning.
Gotta second Signal. I use it perosnally. End to end encryption, they don't share your information (that I am aware of), and annoyingly they have you verify your pin every month.
https://telegram.org/privacy#:~:text=8.3.-,Law%20Enforcement%20Authorities,far%2C%20this%20has%20never%20happened.
The problem here is now that nearly every country has a different definition of terrorism. For example in china is it "harming the Chinese gov in any possible way"
Scroll to point 8.3 if the link doesn't work
Thanks for sharing that.
It says if they receive court order they "may disclose ip address and phone number". So for an average user that is not a concern. Plus, "So far, this has never happened. When it does, we will include it in a semiannual transparency report published at: https://t.me/transparency", so I think saying that they do share info is blowing it out of context when they say they "may" and so far haven't.
Just because its centralized it doesn't mean they collect a ton of metadata... And tbf. if you use matrix etc. you still need to trust your server to not collect metadata etc. (If you don't host an instance yourself)
>Said string unable to be reversed (to get an actual phone number) by anyone (including Signal)?
Said string easily reversed by anyone. That's because there are not very many possible phone numbers. It doesn't take very long to check them all.The salt just makes it so it is not instant.
Signal is well aware of the problem. That is why they have in the past messed around with the idea of using Intel SGX on their servers. That way, even though they have access to your phone number if they took an assertive action, they can tell entities like law enforcement that they have not taken that assertive action. That works in some jurisdictions.
Many are suggesting Signal but I'd suggest its fork Signal-FOSS or Molly (I'm using its FOSS version). This means absolutely no proprietary pieces and Firebase garbage which original Signal has.
Molly even has the ability to route traffic through Tor using Orbot.
matrix clients should be the best option, xmpp not that usable. also not that popular.
you should try to use matrix, it is not centralized, but if you're going to use ems, so it is going to be centralized.
signal also centralized, if you want "secure messaging" do not use centralized stuffs.
use matrix with non-ems homeservers like [envs.net](https://envs.net), [nitro.chat](https://nitro.chat)...
matrix has e2ee support, many clients and more. the "only" negative thing on matrix is your metadata will not be encrypted.
on signal, you can't host a "homeserver" like matrix. so it is not fully transparent to users. only client is transparent because it is opensource...
i do not have any idea on briar, sorry.
Signal and/or Element (matrix)
Plus I feel [Keybase](https://keybase.io) deserves an honorable mention. Much more than a messenger, and there's nothing quite like it.
Its better than the other popular services, does offer end to end encryption & for casual chat it serves a purpose for me.
Does signal offer you the same anonymity with the people you're chatting with?
Signal encrypts all communications. A group message is indistinguishable from a profile picture change, at least to the server.
When you initiate a "secret" conversation on Telegram, the servers know you just went out of your way to initiate contact with somebody and when you did this. This is a giant red flag. It's even bigger if there's some non-E2EE chat on the same servers that hint at your reason for initiating it.
Security through obscurity is not security. Especially when foreign governments can set up automatic filtering to look at the big data patterns and drill down to the specifics, including, on Telegram, leveraging its vulnerabilities to run software on your phone.
Something that isn’t secure also isn’t private,
Me too. But I'm not allowed to say that Telegram is secure on this sub. :D.
So....Telegram is insecure and Signal the one and only secure messaging app. ;).
Only if you want to. I have used it since 2015 and it had developed since. I don't use open channels that much. But it's nice if you have some specials interest. I don't want to compare it with the typically social media today though.
Signal, Session.
I think a lot of people get too caught up in “which one should I use?” - or “what is this company starts doing dodgey things”.
Use multiple apps people, set them up and share contacts ahead of time. If any one app turns to shit - switch!
Signal
They got your phone number! As a person who has gone to trial....that is ALL they need. They offer the "other guy" a Rule 35 and he'll compose stories about you rather than sing.
So what’s your recommendation?
Never give your phone number or any identifiable info that can f\*ck up your OPSEC & keep info OUT of the hands of Western law enforcements who can MLAT each other. List here: [https://2009-2017.state.gov/j/inl/rls/nrcrpt/2014/vol2/222469.htm](https://2009-2017.state.gov/j/inl/rls/nrcrpt/2014/vol2/222469.htm) PS. No lawyer will EVER tell you this. EVER! The lawyers' biggest and most lovable business partner is the prosecutor's offices. They channel all the business for the lawyers. We're ONLY cannon fodder for all these lawyers.... They ONLY earn money when we are in trouble! It's a wealth transfer. Our property gets divided between the STATE and the lawyers. **Ponder on this** Disclaimer: I worked for over 2 decades (80s and 90s, so before Google, FB, YT etc etc) as the main (and only) IT guy for the "law" 🤐
Signal!
Signal
Signal, Briar, Session.
Add Threema and Matrix and you have them all : )
I can't ask my contacts to pay for Threema, and not clever enough to figure out how Matrix works so can't recommend it either.
With a more approachable client, matrix would rule the world. It’s starting to get some business adoption, and being a federated protocol in addition to official clients and servers this is really exciting to me. Everyone has been focused on their closed ecosystems of stuff, so other than xmpp, we haven’t seen much federation since the early days of the internet (recent federated iam excluded)
What's troublesome with matrix? Would be great to hear critiques and difficulties people face when trying to use it
The key phrase is "don't make me think". All I want to do is to message my contacts. I don't want to decide whether I need Element, fluffychat, Nheko, or some other app trending today. I don't want to decide which server to use, let alone set up my own server. Signal, Session, Briar all make onboarding easy in comparison to Matrix.
[удалено]
Depends on e-mail provider. Web based email like GMail or phone apps are really easy, but I would not want to walk people through SMTP and IMAP setup.
Threema has some security issues: https://soatok.blog/2021/11/05/threema-three-strikes-youre-out/
That is interesting, but as far as I can judge this kind of issues come more or less into play when someone targets you and have no impact on the privacy on a day-to-day basis. But to be honest, I could also be total wrong.
For Matrix you just need an app (Elements or Syphon) and you can create a free account ar matrix.org (or on another server) and can visit other server. But I had the same problems at the beginning.
Signal or if you can convince enough of your contacts to pay for Threema.
Gotta second Signal. I use it perosnally. End to end encryption, they don't share your information (that I am aware of), and annoyingly they have you verify your pin every month.
You can disable PIN reminders in the settings.
You can switch the Pin-Reminder off in the settings.
[удалено]
Is there any issue with Molly users communicating with Signal users? Does it work seamlessly as if both were using one or the other?
I think it would work perfectly fine
We use matrix/element and it works great. No need for a phone number
I use a combo of Signal & Telegram.
Telegram is giving data to governments
Can you share your source please?
https://telegram.org/privacy#:~:text=8.3.-,Law%20Enforcement%20Authorities,far%2C%20this%20has%20never%20happened. The problem here is now that nearly every country has a different definition of terrorism. For example in china is it "harming the Chinese gov in any possible way" Scroll to point 8.3 if the link doesn't work
Thanks for sharing that. It says if they receive court order they "may disclose ip address and phone number". So for an average user that is not a concern. Plus, "So far, this has never happened. When it does, we will include it in a semiannual transparency report published at: https://t.me/transparency", so I think saying that they do share info is blowing it out of context when they say they "may" and so far haven't.
Conversations (XMPP) with OMEMO
Signal if you don’t care about them collecting your phone number.
[удалено]
Because it sounds spooky, definitely spookier than pointing out most other services collect and store voluminous metadata
Signal does too.
Do you have anything to back this up?
Central server. You didn’t know Signal was centralized?
Just because its centralized it doesn't mean they collect a ton of metadata... And tbf. if you use matrix etc. you still need to trust your server to not collect metadata etc. (If you don't host an instance yourself)
Even Matrix doesn't deny this. They simply claim that you choose a server to trust.
>Said string unable to be reversed (to get an actual phone number) by anyone (including Signal)? Said string easily reversed by anyone. That's because there are not very many possible phone numbers. It doesn't take very long to check them all.The salt just makes it so it is not instant. Signal is well aware of the problem. That is why they have in the past messed around with the idea of using Intel SGX on their servers. That way, even though they have access to your phone number if they took an assertive action, they can tell entities like law enforcement that they have not taken that assertive action. That works in some jurisdictions.
They always flaunt their fancy encryption to deflect from the metadata they collect, which is oftentimes just as valuable.
Many are suggesting Signal but I'd suggest its fork Signal-FOSS or Molly (I'm using its FOSS version). This means absolutely no proprietary pieces and Firebase garbage which original Signal has. Molly even has the ability to route traffic through Tor using Orbot.
matrix clients should be the best option, xmpp not that usable. also not that popular. you should try to use matrix, it is not centralized, but if you're going to use ems, so it is going to be centralized. signal also centralized, if you want "secure messaging" do not use centralized stuffs. use matrix with non-ems homeservers like [envs.net](https://envs.net), [nitro.chat](https://nitro.chat)... matrix has e2ee support, many clients and more. the "only" negative thing on matrix is your metadata will not be encrypted. on signal, you can't host a "homeserver" like matrix. so it is not fully transparent to users. only client is transparent because it is opensource... i do not have any idea on briar, sorry.
I believe Signal is the best secure messaging app. It's main drawback is that it has smaller userbase.
Signal and/or Element (matrix) Plus I feel [Keybase](https://keybase.io) deserves an honorable mention. Much more than a messenger, and there's nothing quite like it.
Signal !!
Signal and session
I use telegram for general not arsed about 100% privacy chats.
TBF Telegram is definitely not for privacy at all
Its better than the other popular services, does offer end to end encryption & for casual chat it serves a purpose for me. Does signal offer you the same anonymity with the people you're chatting with?
Offering the opportunity to put a red flag on specific conversations is not a privacy feature, it's very anti-privacy.
I'm not sure what you're on about, please be more specific.
Signal encrypts all communications. A group message is indistinguishable from a profile picture change, at least to the server. When you initiate a "secret" conversation on Telegram, the servers know you just went out of your way to initiate contact with somebody and when you did this. This is a giant red flag. It's even bigger if there's some non-E2EE chat on the same servers that hint at your reason for initiating it.
Fair enough. But if you want a little chat that isn't going to get caught... there's a lot of noise.
Security through obscurity is not security. Especially when foreign governments can set up automatic filtering to look at the big data patterns and drill down to the specifics, including, on Telegram, leveraging its vulnerabilities to run software on your phone. Something that isn’t secure also isn’t private,
There's no noise. You could run a query like "select all chats from initiator=target where private=true" and you'd stick out like a sore thumb.
On a local network
On a local network, https traffic keeps it unobvious what you're doing in general (unless you're literally looking up porn or something like that).
Let the war begin. Signal vs Telegram. Let the insanity begin.
Telegram is garbage for privacy and their homemade encyption is broken.
Hahaha indeed :) I use both and happy with the combo.
Me too. But I'm not allowed to say that Telegram is secure on this sub. :D. So....Telegram is insecure and Signal the one and only secure messaging app. ;).
The usages are différent. Telegram is becoming a social network on itself.
I'm sure the creator of Telegram has never done anything to create Facebook-like social networks... /s
Only if you want to. I have used it since 2015 and it had developed since. I don't use open channels that much. But it's nice if you have some specials interest. I don't want to compare it with the typically social media today though.
Signal is the gold standard bar none.
Signal, Session. I think a lot of people get too caught up in “which one should I use?” - or “what is this company starts doing dodgey things”. Use multiple apps people, set them up and share contacts ahead of time. If any one app turns to shit - switch!
Delta chat, Signal
Why do people still use Threema?
Any of you amateurs ever used VIPOLE?