- cross-posted to:
- news@lemmy.world
- cross-posted to:
- news@lemmy.world
You must log in or register to comment.
People hoping to get randomly added to war chats lol
i’m more curious about getting on their venmo friend list.
“hey, it’s uh, vlad. i need 200k for the um, rigging of the midterms in uh, wisconsin. thank you.”
Just send like a request for a few thousand dollars and put the description entirely I’m Russian lol
I would ruin it by posting my balls immediately
For the people who want to use Signal but are stuck in WhatsApp land because all their contacts are on WhatsApp, you should download WhatsApp business and create an automated away message that says that you are only available via Signal and with a link to your Signal account (if you use a Signal username. ) People in my contacts are slowly switching to Signal.
I did something similar with Twilio. When you call or text my number you get a message about how to reach me. The Twilio SDKs are pretty good. It’s just a few lines of code.
Ironically having a giant security breach happen in a security focused messaging app was good advertising.
Of course in this instance the breach was not because of the app, which is a good thing I guess.
“When something is made idiot-proof, they will just make better idiots.”
Gestures broadly at the federal government
Gestures narrowly at oval office and cabinet.
On Signal you can verify user identify, and you should absolutely do it if were to discuss national security maters.
This is not a hidden feature, I think it’s designed to prevent man in the middle attack. It also work against the “oops I accidentally added a journalist to my conversation no one should know of”, which is so dumb that no one saw this coming 😅
Dont use consumer apps for national security matters.
There was a vulnerability identified in Signal last year that caused the British to discontinue its use. I dont trust the british government but I am wary of what they are wary of.
vulnerability
My understanding is this has less to do with Signal than phones themselves. Signal messages are decrypted and stored on the phone itself, so a successful attack on the phone would allow access to the messages.
This is completely fine for personal use since the average person isn’t going to be a target, but for classified information, that’s unacceptable. This isn’t unique to any messenger, any app that stores data on the phone is open to it.
Yeah I was wondering what it could be myself, the notification text access was a thought. I didnt realise they were unencrypted on the phone. If I go to save a picture from a chat I am prompted with the this is going outside the sandbox dialogue.
They do seem to have experimental support for local encryption, but I don’t think it’s quite the win people will assume it is, since an attacker could conceivably pull the key from memory when you access Signal. A regular user isn’t likely to be targeted by an attack that would retrieve the encrypted messages, and a state-level attacker can work around the encryption.
It’s a hard problem to solve, and the best answer is to make sure you use hardened devices and ideally not discuss sensitive information on a handheld device in the first place.
At least it was Americans talking on an american platform. I wouldn’t be surprised if we had
frenchEuropeans leaders having occasionally this kind of discussions on Microsoft Teams or some Google chat.There was a case recently, related to Ukraine, of a general taking part in a secure video call on his hotel network and it being compromised.
It’s not a security breach per se. Someone accidentally added a journalist to the group. Signal is still as safe as it’s ever been.
PEBKAC
Everyone hoping to get accidentally added to a government group chat.
Bad actors are sowing distrust by implying that Signal is not secure. Always remember that the powers that be don’t want the public to have encrypted comms and would love to ban private messaging apps altogether. I could also be completely wrong and Signal is in fact a fed honeypot…
The code is open-source though, and I’m hoping that individuals more learned than I would surely alert us if there were any backdoors/exploits…
Bad actors are sowing distrust by implying that Signal is not secure. Always remember that the powers that be don’t want the public to have encrypted comms and would love to ban private messaging apps altogether.
Wrong logic, trying to guess what they are doing. I mean, if you were a god-level poker player, then maybe, but most people are not and god-level players lose too.
and Signal is in fact a fed honeypot
Being competitive and protected from network effects (decentralized, p2p, federation, one standard and many implementations, all that) can hurt being secure. The complexity of being both may not be practical.
The point of Signal is academic level security. It has a clear model and is not doing anything to make it more complex.
Which is why it is centralized, leading to suspicions and accusations of being a honeypot.
The code is open-source though, and I’m hoping that individuals more learned than I would surely alert us if there were any backdoors/exploits…
That’s a wrong hope in any case.
There are many things you can complain about when it comes to signal, but overall it’s a huge improvement from unencrypted messengers like discord and definitely a
stepleap in the right directionYou have to be very tinfoil hat to believe that this current administration is capable of anything so sophisticated as a misdirection.
Next up:
- Signal getting banned in US govt
- Signal getting banned in the US
- Signal servers seized, devs detained
- Signal protocol repos removed from M$hub
Good. It’s the only encrypted channel I trust right now.
I’d consider using them if I didn’t need to use a phone number to register. My friends and family stick with Briar as a result.
Hey man, if you can convince anyone to use Briar, do that. I have better luck getting people to use Signal because it’s way more popular and easier to sign up. And if I want to know if someone uses it, I can find out instantly.
After years of trying, I finally got my wife to use signal!
I text with her the most so it’s a big win for me (and her even if she doesn’t realize it.)
I’ve gotten a couple dozen people chatting with me on Signal at this point, including my parents.
Convenience vs security
Security vs having someone to message.
I’ve tried to get everyone I know on Signal, so far my mom is the only one who uses it and that’s only when she accidentally taps the wrong icon when she intended to send me an SMS.
And then there’s my stepsister who complains about not being able to have a unified chat because she and family are apple while most of the rest of us are android. Signal Diane, it’s a cross app platform that solves your problem…but no it’s not apple so it won’t work…🤬
How about this:
- Tell everyone signal is the best way to contact you because it works on all your devices (phone, laptop, desktop)
- When someone messages you on signal, be really responsive
- When someone messages you on SMS, be really slow, and occasionally mention how sorry you are about missing it
Sadly it’s just not working. I’ve spent time evangelizing Signal, I’ve responded to SMS with invite links to Signal and a message that I’d prefer to use Signal. Just a bunch of no’s and one “just grow up and text me back”.
It reached the point where I could tell I was pissing people off so I gave up. Now if messaging apps come up during a family gathering I just say “you know I recommend Signal” and leave it at that.
I’ve had people refuse to do or adopt something just out of spite because I pushed too hard, I don’t think they would go that far here, but better safe than sorry.
Yes and no, Signal is more convenient but convenience doesn’t play into a scenario where I have no way to message someone on a given platform. And most people aren’t interested in a conversation about which messengers they’re using.
Matrix is also an option and heavily audited+ federated. And unlike Signal not based in the US.
And the best? You can easily selfhost a bridge to signal and WhatsApp.
How well do the signal and whatsapp bridges work? Have you used them yourself? I tried setting up a discord bridge years ago and it was terrible. Is it better now?
I’m just learning this is an option, but Matrix Signal Bridge.
Best I can tell from the documentation, we add the Matrix server bot to a signal account, and it relates messages between the two platforms.
Yes, exactly. That’s why it’s preferable to use them self-hosted as the E2E of course ends on the server.
They have been,well, complicated and uncomfortable, a few years back but gradually improved. I use both and they are alright. The WhatsApp Bridge works flawlessly for me, no issues at all, the signal bridge has occasional issues that require a restart of the container (as in “once every one to three months”),but that’s more on the signal end of things. While they are not ideal they are the best option at the moment.
deleted by creator
The chat space is problematic.
- There are a lot of apps that don’t encrypt at all (e.g. Google chat, discord, etc)
- There are apps that encrypt but they are subject to jurisdictions that can or may in the future force backdoors (e.g., Chinese apps, possibly telegram, possibly US apps in the future)
- There are apps that encrypt, are in countries that are privacy focused but are not for free (e.g., threema)
This contributes to a fragmentation that makes WhatsApp the app that-you-must-have
Sure it is supposedly encrypted but I would not bet my money that is without back doors
Whatsapp to messengers is what internet explorer was to browsers lol. Slow, bloated, unfree, universally hated, but still somehow universally used
Ain’t that the truth
I mean honestly, feature wise, it’s pretty good in my opinion. It has some very useful features Signal lacks (e.g. live location sharing) and it’s not slow or badly designed in my opinion.
I still prefer Signal since I don’t like Facebook, but realistically speaking WhatsApp is pretty good.
WhatsApp
Not in the US, pretty much nobody uses it here. Which is really odd to me, since it’s so prevalent elsewhere.
IIRC it’s because US cell carriers don’t charge as much as others for sending and receiving SMS
That makes sense, SMS is essentially free here.
It is elsewhere now it’s just in the past it used to be stupidly expensive to send SMS.
It’s wjere text speak came from, I believe they used to actually charge by the character so if you wanted to tell somebody you’ll “be at the train station in 15 minutes” that’s quite a lot of characters, so that became “@ stn n 15” which is almost incomprehensible these days.
When WhatsApp became available everybody went over because suddenly you could communicate like humans, after the phone company’s realized that the jig was up they lowered text prices but by that point everyone had gotten used to just using WhatsApp. Then Apple came along with iMessage and no one could see the point because it only worked on iPhones whereas WhatsApp work for everyone.
Text speak mostly came from typing on dumb phone number pads to enter text. Like if you wanted to type “hi” you would have to enter “4-4 pause 4-4-4” As you might expect 5 putting presses with a pause between some of them just to say “hi” got painful. Thus the shortening.
Text messages were always charged per message. But each message was limited to 160 ascii characters or less if you were using other encodings. You could send 1 character or 160 characters but it cost 20 cents (at least where I grew up) either way.
This is all separate from l33t speak which is a whole different thing.
T9 made this way better.
Oh yeah, I remember realizing my new razr had that and started going text crazy.
I felt the same way the first time I discovered swipe-to-type on a smartphone! 🤣
I’m not sure why this had 0 votes, but it’s true. I’m old enough that my first cell phone experience was a bag phone from the 1980s.
Texting wasn’t even a thing for a while, but once it started, it was charged per message with like a 16 character limit. Then that limit was expanded, but it was always per message, not per character.
But, actually typing out a message was a pain the ass. There were no keyboards at first. You used the letters on the number pad to send your messages.
When T9 texting debuted that was a GOD SEND. Only needing to tap a lil number once to guess your word? Holy crap!
That is if you stay within one country. I still get some insane charges if I text someone 60 kilometers away because it’s international.
It still expensive to use your phone abroad that hasn’t improved
It did actually. I don’t pay for sending a message or calling my neighbour if I go to the next country or Bulgaria. The EU made it law that roaming is free.
What still costs money is if you send a message in the NL to the NL if you have a Belgian number for example, which makes it so that you still have to get a new number each time you move countries. Or rather the bigger pain is calling my mom who lives in a different member state, that I can’t really do without incurring insane charges.
We did the same here (US), but I guess texting got cheaper faster than in the EU? Because free text was generally a thing before smartphones really took over. Another interesting metric might be data costs, data was super expensive for a long time, while texting was essentially free, so I think people just didn’t want to switch to an app like WhatsApp. Data is pretty cheap now, but I guess the culture never really changed.
I remember my parents flipping shit over a $0.50 fee for a handfull of messages before text was unlimited.
That’s definitely part of it, but I think a bigger contributor is iMessage. iPhones have a dominant market share in the US and iMessage has been the gold standard for a long time and it doesn’t even use the SMS system.
So who exactly is downloading the app as a result of this latest government scandal? I’m going to guess it’s the maga crowd because they are this as an endorsement from their new king. But hopefully I’m wrong and it’s a broad sweep of different users from across the political spectrum.
Why should it matter if the new users are all magas or not?
You wouldn’t want the Signal brand to become linked to it.
“I’m on Signal, would you like to chat there?”
“What, on the MAGA Nazi app, are you joking? Of course I’m not talking to you there!”
Ideally you want a broad spectrum of people.
I know it shouldn’t make a difference and people should base their views strictly on the technical and usability aspects of the app, but real life doesn’t work that way. Perceptions matter.
TBH this is why I’ve never used Telegram.
Telegram is a great piracy app tbh.
Perceptions matter.
And this frustrates me to no end.
Yeah, I get it, you don’t want to associate with bigoted people. But I wish people would take a step back for a minute and think. If everyone runs away the moment conservatives take interest in something, that means conservatives get an undue amount of power over you.
If we all largely ignore trolls, bigots, and bullies, they’ll lose their power. I’m not saying to be tolerant of intolerance, I’m saying we shouldn’t let them have power over us. Content moderation should take care of intolerance where it makes sense. On platforms like Signal, this means accepting that privacy means protection for both you and things you dislike. Yes, the platform will be used to arrange drug deals, facilitate pedophiles, and enable Nazis to communicate, but it also protects whistle blowers, people living under repressive regimes, and LGBT communities. Privacy means privacy, and that has value in itself.
Stop throwing babies out with the bathwater.
Sure, but that was before almost every app was a Nazi app.
people who react like that are giving them power
It’s not just perception, it’s mindless tribalism and it’s a form of bigotry in itself. It’s no better than doing things to “own the libs” or whatever.
And the irony, some express this attitude on lemmy, which unlike signal is an actual platform, not a chat app, and with tankie roots to top it off.
It is what it is, I suppose.
I wouldn’t go as far as saying it’s bigotry to dislike Nazis, but you do you mate.
It matters though. Like in Germany telegram is associated with hard right wings groups. Telling someone you use telegram makes them assume that you are a part of hard right ideologies.
It’s a shame as the telegram app is really snappy. You always have to say that you are on telegram but are not right wing. Even then people can be suspicious.
It just about always comes down to user error. The White House trusting Signal is very indicative of the effectiveness of the app’s underlying protocols and the organization’s commitment to privacy. This is definitely huge publicity and I hope Signal endures the limelight.
LOL what kinda bullshit comment is this?
The people in the White House are idiots. They choose Signal because they’re either dumb/negligent -or- because they have been intentionally avoiding record preservation requirements.
Signal is a solid app for sure, but these dipshits didn’t choose it for being the right tool for the job here, as it certainly is not.
-or- because they have been intentionally avoiding record preservation requirements.
It’s this one
dipshits didn’t choose it for being the right tool for the job here, as it certainly is not.
It was, actually. If they weren’t dipshits it wouldn’t have been a problem.
Signal, on your personal device, is fine for personal use. It is absolutely not fine for classified communication as the VP or head of DoD, as there are billions of dollars dedicated to compromising your phone.
The encryption doesn’t mean shit if they breach an endpoint or account.
If it was strictly personal chat, yeah, no problem, but they just have to assume the messages are being read by other nations.
That’s absolutely correct. Everyone seems to fixate on the encryption, but hackers are lazy and they’ll attack whatever is weakest. In this case that means the storage on the phone after it’s decrypted.
Don’t store classified information on your phone, regardless of what you use to transmit it.
Or better yet, do whatever the heck security experts tell you to do. I can only imagine what’s standard procedure for the president’s cabinet.
Exactly. I can guess as to what decent OPSec looks like, but that’s not my job and I’m not an expert. If you’re in a sensitive position, listen to the experts. If you’re a hobbyist, do whatever strikes your fancy.
It’s not the right tool for their job but still a good tool for the laws they were trying to break…
I wholeheartedly agree the White House is full of morons. I was just saying that Signal is a solid app for me to securely share bullshit with my family. Its definitely not the right tool for government officials to use. But its plenty safe for sharing memes and pics of my dog.
The white house trusting signal is nice, but using it to circumvent official communication tools which document messages for the archives is not the way it should be used - they used the “disappearing messages”-feature as well. This usage is more in line with criminal organizations like the mafia or yakuza.
I believe some people have been ordered to archive the chat so that it can be presented to Congress in the future. Trouble is, looking at the screenshots it’s already gone as they had the message lifetime set to a week.
I wonder if this will be seen as destroying evidence .
i’m pretty sure that there are laws regarding required archival, but laws seem optional for this administration.
There very much are law requiring archival, but now it’s been ordered in the hearings as well. This makes it much more obvious that it’s a problem.
Signal has been with me for a decade. Have had Matrix/Element installed for years but no one i know uses it
hmm havent heard of this one yet. Looks promising, gonna try it later. Thanks!
For people seeking an interface similar to signal, I suggest Session. It’s a fork of signal that onion-routes the messages (they have their own onion routing network, not TOR). There are no user IDs stored anywhere, you message people through their public keys. From the user experience side of the coin, it’s a little on the slow side tho.
But definitely find out beforehand whether there were any security gaps or anything else. I followed the whole thing at the beginning of the tox protocol and the clients were not yet fully developed. But since I couldn’t get people away from WA, I forgot about it over time. So I can’t say anything about the security.
I know session… well i have read about it… Didnt test it because i would fail at the same point like with tox.
