“When you use Signal, your data is stored in encrypted form on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on.”
This isn’t an ad, I wasn’t paid for this post. Just to clear the air: fuck facebook, fuck elon musk and twitter, fuck anyone who thinks this is a paid advertisement. I wish I was paid for this shit, I just wanted to spread the word. Thank you. 😀 👍
I have to say that some of the points on that site are outright ridiculous.
First off, they quote the privacy officer of the German protestant church, who has no technical background according to his own bio:
Not sure what that’s supposed to mean, because the GDPR applies based on user location and not company location. Although I’m going to grant that having servers in US jurisdictions may be a concern.
And he goes on to say that Threema (for profit, proprietary server code and (at the time) client code) and SIMSme (for profit, fully proprietary) are preferable over Signal because of the jurisdictions they’re in. Not sure about anyone else, but I’m going to trust the open source software more, regardless of what jurisdiction the servers are in.
I do have to give him credit for recognising a “self-hosted messenger service based on established and freely available protocols on federated servers” as the best option, though.
Fair, but how many other messaging services publish server code at all?
I suspect there’s very little overlap in the Venn diagram of people who use (or even know of) Signal and people who don’t speak English.
This boils down to users trusting Signal as a certificate authority and not verifying their contacts “security number”. Fair point, but a user can still choose to use Signal in a way that removes those weaknesses.
Of course, since we’re on a federated service, I expect people to jump on the chance to recommend Matrix/XMPP instead, but realistically, I’ve had much more success getting people to use Signal. And apart from federated messengers, I’m not aware of anything better than Signal.
The GDPR applies to companies looking to utilise the software. So the church or any other entity bound by the GDPR cannot use the software due to it’s closed structure with servers in the US. This is absolutely a concern since business is conducted over messenge apps nowadays. I must’ve broken GDPR when communicating with my students about tutoring over WhatsApp. Our midwife must insist on threema with no alternatives. For the church this means they cannot communicate amongst themselves over Signal.
The site has a German audience in mind so the fact that the privacy policy not being accessible to non-English speakers is an obvious concern. I don’t understand how “well only few non English speakers use it” is an excuse.
And lastly the fact that Signal is the only CA means that they can use a machine- in-the-middle attack on their own users and there is no way to protect against it.
As I mentioned in my comment, it doesn’t - if the users verify each other’s “security number”.
The theory fails once it meets reality.
https://eprints.cs.univie.ac.at/4799/
All the other points stand as well.
I’ve been using Signal for what seems like years now.
I’ve got 4 contacts (5 if you include a martial arts school I no longer attend), and only char with 2 of them regularly: my brother and sister.
I’ve downloaded and installed Briar, Session, and Simplex, and keep meaning to test them out with the help of my wife ('s phone) to see what they’re like.