This is posted relatively often, and every time it is posted I feel compelled to note that said dev has not articulated any real reason to consider Signal insecure beyond an implicit conspiracy theory with no real meat to it.

"Signal's use luckily never caught on by the general public of China (or the Hong Kong Administrative region), whose government prefers autonomy, rather than letting US tech control its communication platforms, as most of the rest of the world naively allows."

When you're holding up China as an example for the world to follow for privacy, I have a hard time taking ANYTHING else you're claiming seriously.

I think a lot of these points have been made better elsewhere.

The extended discussion of hypothetical US interference just because of a tenuous chain of connection to the CIA is just typical US-badism. The US frequently funds tools which they think further geopolitical goals and this doesn't inherently mean its untrustworthy, just that their methodology of control is more resilient to uncensored speech; the best example of this is TOR, decentralized, anonymous, and created by Naval Research and DARPA. The author can't concede this point as it'd bring up they're unsubtly simping for a different colonial power, one who does require such censorship.

Signal's centralized nature has always been a major criticism (and it's reasonable), however as a trade off it's easy to on-board the tech illiterate. It's nontrivial to set up a Matrix server and I've seen the difficulty of migrating activist groups there. It's good as a long term goal, but one also has to recognize that a person struggling with housing has different concerns and will prefer to use whatever their friends and family do.

Lemmy devs don't have a lot of ground to complain about services being insecure imo.

One important thing to keep in mind is that Signal is for private not anonymous communication.

I'm just waiting for the EU's Digital Markets Act (DMA), that requires interoperability between protocols (messenger, whatsapp, that apple thing, signal, matrix, etc., to kick in. Once that happens, I'll take a closer look at matrix.

Matrix is also being rewritten in Go and one day, they'll hopefully support decentralised identities (aka your identity isn't tied to a server). When both are implemented, I think they'll be superior to many things out there.

As to the article: yawn. Proof is lacking everywhere and the "it requires a telephone number" argument just keeps cropping up. Without a telephone number, what is the best way to discover your friends and family on a new network? If someone can respond with a viable alternative that doesn't involve sending a message to everybody over some insecure medium, I'm all ears.

In January 2021, after WhatsApp, the most popular messaging app in the world, became acquired by Facebook, and announced its sharing of data with its new parent, Signal became the top downloaded app in > 70 countries.

Errr…

WhatsApp was acquired by meta back in 2014.

2021 was when WhatsApp released updated terms of service that allowed them to connect to Facebook servers and share the data they needed/wanted to.

This article seems like the average low effort hit piece against signal that keeps on popping up.

I still think signal is the easiest messaging app out there for the average user to gain a little more privacy in their digital lives.

I disagree with a lot of things in this message, a server will always know who communicates with whom and when, because it needs to deliver these messages.

We know that Pegasus can infect any device without anyone really noticing and fully taking over. No message service could ever get around that meaning that as long as you use a phone you could always be the target of surveilance.

That means there is an inheritated problem with privacy on phones because no matter what a app will never be safe.

End to end encryption just ensures that there wont be a party constantly monitoring all data and enable mass surveilance.

In theory they infected everyone with Pegasus send the traffic somewhere whwre they could analyze that traffic.

https://www.politico.eu/article/eu-commission-to-staff-switch-to-signal-messaging-app/

The EU commission who are actually targets of nation states recommend to switch to signal. Also it was tested in court and the data wasn't there to give.

If you are a target they will go for the weakest link either hack the device or they will go for the other participants device to get the conversation there. They don't need to break the encryption.

Watch out... last time I liked to this article people started to say that I was spreading misinformation...

For privacy ? Element or FluffyChat

Many great answers in here but can someone address this point?

Signal could very well be another Crypto AG-style honeypot: the Swiss company which provided secure communications services to ~120 governments throughout the 20th century, and was secretly ran by the CIA and West German Intelligence.

I personally recommend Session. Which is like signal but better. It is 100% zero user knowledge with no accounts emails or phone numbers. It just goes “here’s your ID have fun” and that’s it. Love it.

If someone wants to use Sigbal without Google dependancies, have a look at Molly.

Does anybody know what's happening about Signal creating usernames to add people instead of numbers?