this post was submitted on 15 Jul 2023
98 points (82.2% liked)

Privacy

32120 readers
541 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
98
Signal. Privacy. (upload.wikimedia.org)
submitted 1 year ago* (last edited 1 year ago) by FarLine99@lemm.ee to c/privacy@lemmy.ml
 

Link to article from main Lemmy❤️ developer about Signal privacy. Mostly fair points. I kinda distrust so centralized services but basically we have no other options (Matrix is buggy in many aspects). What can you say about this article?

you are viewing a single comment's thread
view the rest of the comments
[–] Evoke3626@lemmy.fmhy.ml 4 points 1 year ago (4 children)

I personally recommend Session. Which is like signal but better. It is 100% zero user knowledge with no accounts emails or phone numbers. It just goes “here’s your ID have fun” and that’s it. Love it.

[–] KLISHDFSDF@lemmy.ml 8 points 1 year ago (2 children)

Sessions developers dropped Signal's Perfect Forward Secrecy (PFS) and deniability [0] security features. Personally I would not trust a product that drops an end-user security feature for the sake of making the developer's life easier [1] .

Using existing long-term keypairs in place of the Signal protocol massively simplifies 1-1 messaging.

For those unaware, PFS protects your data/messages from future exploits and breaches. With PFS, each message's encryption is isolated, preventing compromise of current and past interactions [2].

A simple example to illustrate why PFS is beneficial. Lets assume any 3 letter agency is collecting all Signal/Session messages - on top of the tons of data they're already capturing. The great thing is that your messages are encrypted, they can't see anything - YAY - but they're storing them basically forever.

Two ways they may be able to compromise your privacy and view ALL your messages:

  1. A flaw is discovered that allows them to crack/brute force the encryption in weeks instead of years/decades/eternity. If you were using Sessions, because you use the same key for every message, they now have access to everything you've ever said. If you were using Signal, they have access to that one message and need to spend considerable resources trying to crack every other message.

  2. Your phone is compromised and they take your encryption keys. If you were using Sessions, this again gives them access to your entire message history. If you were using Signal, because the keys are always rotating (known as ephemeral) they can only use them to unlock the most recent received messages.

It's important to state that both cases above only really matter if you delete your messages after a certain time. Otherwise, yes, all they have to do is take your phone and get access to your entire message history - which is why ephemeral messaging (i.e. auto deleting messages after a certain time) is crucial if you suspect you may be targeted.

[0] https://getsession.org/blog/session-protocol-explained

[1] https://getsession.org/blog/session-protocol-technical-information

[2] https://www.signal.org/blog/advanced-ratcheting/

[–] Evoke3626@lemmy.fmhy.ml 2 points 1 year ago

I absolutely hate my cell being tied to signal though. And thoughts there? Is it really a non issue?

[–] Evoke3626@lemmy.fmhy.ml 2 points 1 year ago

An excellent point I was unaware of! Thanks for the detailed response.

[–] FarLine99@lemm.ee 3 points 1 year ago

Calls are in beta and buggy. Lacks features, translations. Good concept but not mature realization.

[–] cultsuperstar@lemmy.ml 1 points 1 year ago

Isn't Threema like that?

[–] Lemmchen@feddit.de 1 points 1 year ago

There are dozens of us!