Greetings!

A friend of mine wants to be more secure and private in light of recent events in the USA.

They originally told me they were going to use telegram, in which I explained how Telegram is considered compromised, and Signal is far more secure to use.

But they want more detailed explanations then what I provided verbally. Please help me explain things better to them! ✨

I am going to forward this thread to them, so they can see all your responses! And if you can, please cite!

Thank you! ✨

  • Aria@lemmygrad.ml
    36·
    14 hours ago

    Signal is USA government approved. Definitely don’t trust it. Use Matrix.

    • dengtav@lemmy.mlEnglish
      21·
      13 hours ago

      This is unfortunately completely wrong, since you can learn from the homepage of matrix very own client Element, that its supported an trusted by a whole bunch of NATO Armys, including the US of course…

      I don’t mean by that you shouldnt use matrix, but arguing against signal with matrix is, in so many means, hilarious.

      The arguable, but professional cryptographer soatok discribes from a mathematical/cryptographical point of view, what it needs to be a Signal competitor, where matrix (and others) dont catch up (unfortunately)

      • Aria@lemmygrad.ml
        2·
        12 hours ago

        Used by a bunch of NATO armies isn’t the same as promoted by or made by. It just means they trust Element not to share their secrets. And that blog post is without merit. The author discredits Matrix because it has support for unencrypted messaging. That’s not a negative, it’s just a nice feature for when it’s appropriate. Whereas Signal’s major drawback of requiring your government ID and that you only use their servers is actually grounds to discredit a platform. Your post is the crossed arms furry avatar equivalent of “I drew you as the soyjack”. The article has no substance on the cryptographic integrity of Matrix, because there’s nothing to criticise there.

      • Aria@lemmygrad.ml
        11·
        13 hours ago

        Sure. You can trust your own fork. Just don’t use the official repos or their servers. The client isn’t where the danger is.

          • Aria@lemmygrad.ml
            2·
            10 hours ago

            Your client talks to their server, their server talks to your friend’s client. They don’t accept third party apps. The server code is open source, not a secret. But that doesn’t mean it isn’t 99% the open source code, with a few privacy breaking changes. Or that the server software runs exactly as implied, but that that is moot since other software also runs on the same servers and intercepts the data.

            • Hadriscus@lemm.ee
              1·
              3 hours ago

              Do you mean the servers aren’t guaranteed to be running the exact code that’s on github ?