Who told you to not use Signal, and what reasons did they give? I'm very curious.
this post was submitted on 02 Feb 2025
52 points (100.0% liked)
Privacy
800 readers
67 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
It uses phone numbers and is centralized. I personally dont use it cus of those reasons. Also wouldnt switch cus my folk already use matrix so im nt making a bunch of people get another app lol
Matrix is centralized too in practice … & syncs even more metadata than Signal so I wouldn’t call that an upgrade—especially when you see how slow the clients & servers are.
Signal is most likely a fed honeypot.
They are super shady, blocked some important security researchers that found a vulnerability from them on all platforms, and they offer no explanation on why using a phone number is MANDATORY for signup.
No reason to trust signal IMO.
When signal publishes their client source, you'll need to explain how E2EE on open source clients can be a honeypot
All it takes is a hardware bakdoor.
The open source client doesn't mean jack shit dude. Telegram also has open source client. Your data lives on their servers not clients and also, even if the server code is open source, there are many ways for a backdoor and violations of privacy in the infrastructure. When you give up your phone number, there is no privacy.
simplex is good as an alternative
SimpleX has some interesting ideas, but also some shortcomings for people who want a practical messaging service. For example:
- It is funded by venture capital, which calls into question its longevity, and even if it does manage to stick around, suggests that it will be leveraged to exploit people once the user base is large enough.
- Its queue servers delete messages if they are not delivered within a certain time frame (21 days by default). Good luck if you take a vacation off-grid for a few weeks.
- No multi-device support. (This means a single account accessed concurrently from multiple independent devices.) The closest it comes is locally tethering a mobile device to a computer.
- Establishing new contacts requires sharing a large link or QR code, which is not always convenient.
- No support for group calls.
I would not recommend it for talking to family members and people in general, which is what OP requested.
It’s worth following the project but it’s a bit too new & the funding aspect leads me to question how it will work in the long run (& being written in Haskell is neat, but boy does it have a lot of churn & maintenance issues in its ecosystem).
Why would Matrix be the only option? XMPP is significantly better. You can either sign up on a public server or pay a small sum to have your own private server for you and your family for example on https://snikket.org/ or I think https://jmp.chat/ also includes optionally a small server in the subscription.
load more comments
(12 replies)
Private against who?
Privacy communities need to really drill in the idea of threat models instead of pretending privacy is some linear scale and the ultimate goal is to bury your phone and computer in a lead-lined concrete block underground. Privacy and security are meaningless concepts unless you know who your are protecting it from and what their capabilities might be. I don't need to hide from NSA Tailored Access Operations because I'm not trying to x the y of the USA. I do need to protect myself from basic scam attackers, copyright trolls and neo-nazi stalkers. And Matrix, along with certain basic opsec guidelines, does that and more for me.
Probably yes, it depends on your threat model.
If you are using E2EE on a matrix.org account then your message content, attachments (images) and most other traffic isn't accessible to anyone but the people in the chat. However Matrix isn't the most private option, it has a number of leaks such as reactions and chat topics (these are being worked on but aren't close to happening).
For most people Matrix is a very private and secure option and the fact that it is federated is a huge plus. If you want something more secure you are probably looking at Signal (which you don't want to use and isn't federated) or Simplex Chat (which doesn't have multi-device support).
In signal, You can turn off phone number visibility and make it so that you are only searchable by username or qr code. Yes, it's centralized, but signal is a nonprofit project with generally good guiding ideals. I use matrix for some things and signal for everything else.
Yeah, but it is still just one account per number, so it would make managing alts annoying. Not only is the main client (as well as the major unofficial ones, haven't found one that doesn't do that) not support multiacc directly, forcing use of profiles or VMs, but you're also at risk of whoever rents the associated phone number after you deleting the account (that or you could pay a recurring fee just to retain the number, which is just wasteful).
Yeah, sure. But Matrix is decentralized and federated. So you can pretty much join any instance and be able to talk with anyone on any instance. So why not select another instance ~~or maybe even self host one yourself?~~
edit: didn't read the text till the end
If it's low privacy needs (ie you don't have a state threat model), Signal is completely fine. I use it to talk to my friends. I also use Matrix, though federated Matrix isn't the best for privacy either due to the amount of metadata that leaks through federation. But federated Matrix is also fine for the kinds of things you would use eg Discord or IRC for.
If you do have a state threat model, I personally think SimpleX is ideal for that, but it doesn't have as much of a userbase so you probably need people who care enough (eg people actively under threat) to switch to a new platform. Whereas most people I know are already on either Signal or Matrix, and I'm not having particularly sensitive conversations with them either so both work fine.
I am really concerned about the dominance of the central instance on Matrix. It has visibility into pretty much every groupchat - if not in content because of encryption, then in all the metadata. I'd rather use another public homeserver.
you don't need to use matrix.org. there are several open homeservers, like chat.mozilla.org, but also there are people who host services for others to use. you may have a look at current lemmy hosts, and their other services if they have them.
AFAIK, chat.mozilla.org was set up on modular.im, now element.io, which if it still using the same host, is owned by Matrix.org. So even using a different host means Matrix.org might still have your metadata.
Signal is fine to use. These days I mostly recommend Delta Chat though. Delta Chat is free, encrypted, open source, audited, decentralised & federated in the same way as email is as it literally is email, it just looks like a chat, and it will work almost out of the box for anyone who has an email address (which is most people). This includes gmail/icloud/outlook etc. There are also chatmail servers you can sign up on if you'd prefer that.
It is no more complicated to configure than it is to configure any other email client. It has group chats, you can even share applications in the chat such as playing games or collaborate etc, all within the security of knowing your email provider can not read your conversations, whilst you still get the benefit of using the existing infrastructure of email.
Check it out: delta.chat/en/
PS. I'm not affiliated with them in any way. In fact, I have no idea if/how they make money. The service "just works" though.
PPS. They are also present in the Fediverse at @delta
why did they told you not to use signal
Matrix/Element is pretty private, but not wide spreaded. For the use with friends and Family is more realisticto use Signal or any other decentralized Chat.
Matrix.org is centralized like Signal (you can say Matrix is not centralized on paper, but in practice this isn’t remotely true). Both are stockpiling metadata in the West… what’s worse is Matrix’s eventual consistency model means syncing metadata to all servers is a by-design requirement (& also why all servers & clients are slow). There are options like Snikket to take all the hard parts of self-hosting out of the equation, but finding someone you can trust to host a server might be worthwhile. I would be wary of anything centralized.
both are good, even Signal. For private conversations, you only need to avoid Telegram and other obvious ones
Matrix isn't more secure/private than Signal. Both have advantages and disadvantages. Signal has a centralized server, but has no access to the keys to decrypt any of the data flowing through them. Matrix chat rooms live on servers that would theoretically be able to access the data in the rooms, so you need to trust the server owners. Advantage is that multiple servers are involved so no one sever can kill your chat room. With Signal, the disadvantage is if you join a chat room, you can't see any past messages because those are encrypted with keys you don't have access to. Similarly if you move to a new device, that device won't have any of your past conversations because the new device doesn't have the keys for those messages. (though migration is now somewhat possible but done poorly IMHO).
So, they address different concerns. Is your concern keeping your conversations private, or keeping your conversations from being censored? Signal is more secure and private, but more centralized and easier or to fail. Matrix can be secure if you host your own server or explicitly trust the owners of all servers that house your chatrooms to keep them secure and to not sell their servers in the future. Matrix is more distributed, so more difficult to be censored or have your data lost by a single point of failure.
Is it "secure enough" depends on what your concerns are. If you host your own, then it's as secure as you are technically able to keep them secure yourself. Otherwise it depends on the server owner.
Matrix and Simplex is fine but I would recommend Signal for family and friends. Threema is also option but not user friendly for friends and family who wants easy user discovery than sharing userIDs.