this post was submitted on 21 Sep 2021
15 points (100.0% liked)

Asklemmy

1452 readers
53 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
mekhos@lemmy.ml
tmpod@lemmy.pt
14specks@lemmy.ml
15
How to share confidential information? (lemmy.ml)
submitted 3 years ago by yxzi@lemmy.ml to c/asklemmy@lemmy.ml
11 comments fedilink hide all child comments
 

I'm using Signal, but after I found out that it's not as privacy-friendly as it claims, I'm uneasy about sharing my address there. I trust the person who asked for my address, but not the service. What's a safe way to share? I was thinking of something like a self-destructing pastebin, but surely you have better ideas.

top 11 comments
sorted by: hot top controversial new old
[โ€“] PM_ME_UR_PCAPS@lemmy.ml 15 points 3 years ago (1 children)

Which of Signals privacy claims are false?

[โ€“] dessalines@lemmy.ml 3 points 3 years ago (1 children)

Pretty much everything about it is unverifiable, because its a centralized service and you ultimately don't know what the server is running. Contrast that with self-hostable apps which must pass verifiability checks, because people can host their own instance.

[โ€“] ancom@lemmy.ml 11 points 3 years ago (1 children)

Clients are open source. Independent clients exists and they work. So the server must kind of do what signal claims, otherwise those devs would notice.

[โ€“] dessalines@lemmy.ml 2 points 3 years ago

You have no idea what the server is running. It has your phone number, ie your real name and address, and it knows who you sent messages to.

[โ€“] Azzu@lemm.ee 7 points 1 year ago

Matrix and even Signal you reject for some reason work fine with no one being able to see the content of your message except the one you sent it to.

[โ€“] Fleecer74@lemmy.sdf.org 4 points 1 year ago

Signal is trustworthy

[โ€“] crunchpaste@lemmy.dbzer0.com 3 points 1 year ago* (last edited 1 year ago)

I guess you can use wormhole to transport the data to your peer, and if you're extra paranoid encrypt it asymmetrically with something like age.

Then again you can just encrypt it with age and send it over Signal. There should be no risk involved in sharing public keys even if you don't trust their servers.

[โ€“] bebboIsTalking@lemmy.sdf.org 2 points 1 year ago

When I need extreme security and privacy, I use qTox

[โ€“] treadful@lemmy.zip 2 points 1 year ago

https://1ty.me would be described as a "self-destruting pastebin." I'd generally be careful about what you can put in there (e.g. put partial information in it with no context) but it seems to do the job.

But the real answer is probably PGP/GPG.

[โ€“] dessalines@lemmy.ml 2 points 3 years ago

Use briar.

[โ€“] privsecfoss@feddit.dk 1 points 1 year ago

XMPP / Jabber with OMEMO encryption. Lots of free servers and clients.