Privacy Guides
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
- We prefer posting about open-source software whenever possible.
- This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
- No soliciting engagement: Don't ask for upvotes, follows, etc.
- Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
- Be civil, no violence, hate speech. Assume people here are posting in good faith.
- Don't repost topics which have already been covered here.
- News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
- Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
- No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
- No misinformation: Extraordinary claims must be matched with evidence.
- Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
- General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
Additional Resources:
- EFF: Surveillance Self-Defense
- Consumer Reports Security Planner
- Jonah Aragon (YouTube)
- r/Privacy
- Big Ass Data Broker Opt-Out List
Thank you, I'll check this out.
I like Element.
It's a matrix client. Polished and nice. It's ok all the platforms under an Apache license. No phone number required. You've got federation on matrix as well, so just sign up on any server.
Polished? No… don‘t bother with element if you want a good user experience. It‘s a buggy mess
Element has come a LONG way during the pandemic. If you haven't tried it recently, I'd encourage you to give it another shot.
I use it everyday on 3 different devices and it‘s a mess. :D
I mean I don‘t want to discourage anyone from trying it out. I believe that the protocol is the future of messaging and I really want this to be the next big thing. But you need some masochism to acutally use it day to day. It‘s just not there yet. But give it a shot.
It used to be very buggy, but it's gained a lot of polish recently, especially if you haven't used it since Spaces were introduced. Sometime before then I think the cross verification/signing user flow for E2E key management also greatly improved with the introduction of QR and emoji based cross-device verification for syncing encryption between existing signed-in sessions to newly signed in devices. The only bug I ever notice these days is the "mark as read" quick action in android notifications being broken on notifications older than a couple hours.
I use it everyday and it‘s still an absolute mess of a service.
Literally nothing works reliably :D
To be fair it might work a little bit better on android than on iOS and Desktop but the people I chat with that use android complain about the same shit.
Oh? Tell me more. How is it buggy if I may ask?
First of all it‘s slow. Like really slow. Sometimes loading a room takes 20 seconds.
Nothing really works reliably. Currently I‘m unable to leave a chat for whatever reason. Sometimes (like twice a week) the encryption just breaks. Every single message gets marked with a red excalmation point, saying that the keys are missing. The app keeps telleing me that I have unread messages even though i‘ve read all messages. I then have to mark every chat as read a couple of times. Sometimes only clearing the cache of the app helps. That happens every day.
There is probably more but that‘s what came to my mind first
Oh yeah…the service has privacy issues too when it comes to meta data. I feel like the bottom line here is, that Matrix/element are not there yet. It‘s very much alpha software that is not suitable for everyday use outside of nerds that enjoy the pain.
XMPP. It's an old standard, there are servers you can get an account with or you can host your own. And with OMEMO encryption everything is end to end encrypted.
thank you! i was surprised not to see that one way more often. i guess it is, because ios doesnt have such a good client as conversations for android.
I've heard of Briar. I'll check it out but I worry it might be a little barebones for my parents.
Matrix is great, Element has a really nice UI for it. ~~Signal also does work without a phone number, in fact it doesn't really work for SMS anymore. Signal provides P2P for any communications with another Signal user. Matrix supports P2P as long as you set it up (encrypt a channel) and I think DM's are P2P~~
Edit: So Matrix is cool, End to End, NOT P2P, and probably the right decision for OP.
Yup, a Matrix client (especially Element) is a great choice.
How do I use Signal without a phone number? Whenever I booted the app it needed a number.
I guess Matrix would be your best option then. I use Schildichat as client, which is a fork of Element with some extras.
But if you can't get a plan, why not get a prepaid burner SIM? You can buy a prepaid card for minimal amount and you generally keep the number at least for a year, and you put in 5~10 euro each year you can keep it active endlessly.
A lot of things require a phone number. Here, the goverment needs you to have one, but also most workplaces and even the DHL. Getting a cheap trow-away sim isn't a bad option. Especially since pre-paid SIMs aren't connected to your name like those on a plan are.
Signal is great, Element (matrix) is great, but I personally think SimpleX did a fantastic job so far, and I really want them to succeed.
Simplex, element(or most matrix compatible messengers) session, bchat. If the goal is to get your family to switch over though good luck.
Thank you! XD They're actually quite open to it which I'm thankful for. My dad has used Signal in the past so he's cool with it and I've been slowly introducing FOSS alternatives to my mom. I got my dad off of Spotify and Mom off of Amazon music using ViMusic. I'm actually quite happy with my parent's foray into open source life! :D
Table comparison of many messengers: https://www.messenger-matrix.de/messenger-matrix-en.html
I mostly use Signal but also Threema for a few contacts (you don't need a phone number for Threema, but it is not free - around 4-5 € one-time-payment).
Love your profile pic BTW. Screw u/spez!
Protonmail? Matrix?
Isn't ProtonMail an email client? Correct me of I'm wrong. I do use Tutanota to subscribe to all my Newsletters. A few other people mentioned Matrix so I'll check that out.
It is. But you can tell your family to use it and you get notifications and can chat, I guess. It's not a chat app but it is, indeed, a messaging app 😂
Self host your own istance of Matrix
You could try Session. It makes a session ID like this
. This can be used to contact people or for people to contact you. I’ve used it to talk to my SO a bunch of times.
I do have something against signal! Phone number, removing SMS support, MobileCoin, lack of federation...
Sadly, my friends/family are sick of swapping and I've found element/session to be unreliable or overly complex, so I stick with Signal because it's still much better than SMS.
I'd suggest SimpleX, personally! Not only does it not rely on phone numbers, but because you add people through single-use links instead of using identifiers, there is no contact information of yours to be shared without you actively choosing to share it with someone yourself. I'd say it's pretty approachable, and the actual messaging experience is packed with a nifty feature set.
Yeah I think I'm going to try SimpleX! It looks the most promising. Private with no identifiers (that's quite a feat!) and pretty enough with UI that my parents can use it.
Session
Not free, but (finally) open source: Threema Libre
Does anyone have any recommendations for Element chat groups to join? All I find when I DuckDuckGo it is recommended clients that use Matrix, coding stuff, or weird sounding mathematical principles. Any groups involving FOSS discussions or ttrpgs would be great!
Xonotic's offtopic for geopolitics ;)
Jk, it's a chat for the foss game on pc
If you have to give up your phone number to register why would you get Signal over Telegram? All the people you aren't supposed to talk to are on Telegram and not Signal, so if you're giving up your phone number, why pick Signal? Because it's FOSS? What's the difference in outcome? Both end in a phone number request from the government that the service will comply with.
Because the threat isn't getting your number stolen, it's about the content of your messages. While the goverment cóuld ask your phone number, they likely already have it unless you got a prepaid trow away that you keep replacing regularily. And even then it cóuld be traced when used anywhere. What they can't get, is your messages. At least not decrypted unless you give it to them yourself. And those are way more interesting. But it's not even about the goverment per se, it's for everything from data hungry companies to your old crazy ex.
Telegram sends everything plain text and stores that on their servers. One man-in-the-middle and we got everything you've said.
WhatsApp says they have E2EE but is propietary and non-checkable, and from Meta who has a rep for finding ways to secretly and unlawfully grab data. Even if you (foolishly) trust them, they do grab metadata from your messages.
Signal isn't about it being FOSS, but about privacy. FOSS just means it's checkable, which is good for security and privacy. They have E2EE not only on message content but also on metdata (unlike most alternatives who only do message contents), do external audits, and are part of a non-profit (which means showing how money is received and spend).
Not the OP, but from a privacy perspective, I would pick Signal over Telegram. They both have some issues, but Telegram is not E2EE by default and is a bit if a pain to use E2EE consistently. And yet, Telegram claims to be super secure, etc. There are a bunch of other issues there as well. I'm not saying Signal is the best privacy tool out there. But, between the two, I trust Telegram a lot less.