• Brayd
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    7 months ago

    Signal can’t see who is texting who. They can’t see which groups you are part of. Those information are end to end encrypted, same as your chats itself, your profile picture, your stories, etc.

    Signal doesn’t store message timestamps either.

    What Signal itself knows of you is your phone number, the timestamp of your registration, the timestamp of your last connection to the server. That’s it.

    Yes metadata is critical but Signal handles metadata very well. Indeed, even though I’m a fan of Matrix, better than Matrix. Matrix is a metadata nightmare due to it’s centralized structure and the way the protocol works.

    • Dessalines@lemmy.ml
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      7 months ago

      Signal can’t see who is texting who. They can’t see which groups you are part of. Those information are end to end encrypted, same as your chats itself, your profile picture, your stories, etc.

      This is completely false. They can absolutely see who is texting who, in fact they need it to be able to route messages. They have message timestamps, and phone numbers stored in their database.

      Question, why do you “trust” signal? You can’t see what code their centralized server is running, unlike matrix which you can self-host and build from source. You don’t have to “trust” matrix, you can verify it for yourself.

      • Brayd
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        7 months ago

        Signals server is open source. You can run a server. You just can’t connect to the main net because each server is it’s own thing so it doesn’t make sense besides for development purposes.

        Please don’t spread misinformation.

        • Dessalines@lemmy.ml
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          7 months ago

          They went over a year without publishing their server updates. And how do you know signal is running the code they say they are? Do you trust them?

          • Brayd
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            7 months ago

            The good thing here is that you don’t need to trust the server in order to have a secure communication since your clients decrypt and encrypt and not the server.

            Yes they can optimize with things like this but that doesn’t make it insecure. It’s still the most secure solution that the average person can use.

            Threema doesn’t even have the server open sourced at all, are for profit and their encryption has been compromised.

            Session is shady.

            Matrix is a metadata nightmare due to it’s federated aspects.

            SimpleX is the only thing that is secure, anonymous and good in this regards but it has some small details left that prevents people from switching. I.e. simple things like the fact that you can’t see an overview of your images and videos sent in a chat without scrolling up all those messages. It seems trivial but for the average user stuff like that is important since they know it and use it every day in other messengers.