Is anyone here aware of some alternatives to mentioned instant messaging applications ? Alot of people keep mentioning Signal , however since it is US based I am not going to entertain it as a possibility.
Is anyone here aware of some alternatives to mentioned instant messaging applications ? Alot of people keep mentioning Signal , however since it is US based I am not going to entertain it as a possibility.
From which year is that claim?
Today. Matrix does not encrypt your metadata like Signal does. The server can easily build a social tree.
The Signal server and a Matrix server, of course, have the same metadata visibility.
No they don’t. Signal does not get any metadata. Matrix servers get everything and more than any other messenger. Not even the profile is encrypt with Matrix.
Flat put lie anyone reading this thread can easily disprove by searching online.
Well then search and share it. I feel like you’re some kind of shill that’s payed to say these things. You have no technical understanding of how this works and you also won’t share any sources whatsoever.
Yeah no, that’s not how it works. The closed source Signal server by definition gets the meta data on your chats. It’s simply needed for it to do its job. When receiving the encrypted message contents the Signal server, at the moment of the IP connection, knows the identity of the sending party. It also must know the identity of the receiving party, else it would be very difficult to make sure the message reaches them.
That’s the user graph right there. Now Signal says they don’t log it, and I’m sure they don’t (here’s where you look up what a National Security Letter is btw). If I run my own Matrix server for me and my friends, I can prove that it doesn’t log.
https://signal.org/blog/sealed-sender/
https://signal.org/blog/signal-profiles-beta/
I’m not aware of any equivalent implementation on Matrix.
Before making an uneducated comment you should at least read the source I shared and read the corresponding whitepaper explaining it. Your comment is a bit embarressing.
If you use a VPN (hiding your IP), Signal cannot build a social tree.
If you have any questions in particular feel free to ask.
I don’t need to ask questions, I do this for a living.
I doubt that based on the little technical understanding you show.
But if you do, explain to us how they are able to build a social tree when the users involved use a VPN? (Note that Sealed Sender is enabled by default). If there is any novel security insight that you discovered please share it!
I highly suggest getting third party reviews instead of competitor reviews which are ALWAYS SLANTED. Not to mention Matrix based like Element and Fluffychat are Open Source. Unlike Signal. Not to mention Signal provided info to US authorities fairly recently.
Signal is open-source. Signal did not provide info to the US. They don’t have any info to share anyways. And you can confirm that as their code is open-source. Them sharing data is mathematically impossible.
What are you on about? You seem to have no idea what you’re talking about. Stop spreading unreferenced misinformation. If you have something that we don’t know about share a source or prove it!
They had no choice due to a warrant. They did provide login information to the court and sat on it for a year before telling everyone.
Did you know that with Matrix based clients you can run your own server and instance for just you and your buddies? And the cops could confiscate your server at your house but can’t get anything, period, due to it being encrypted and yours.
Rmind us all again… is Signal on a centralized server?
Also, why are you pushing Signal from California?
You mean IP address? That’s literally all they had. This is no breach. Your IP is public information when you use the internet. What are you saying exactly?
The same goes for Signal. They don’t have any of your data and less metadata than Matrix. If the cops raid my Matrix instance they get profile information and social trees of all my users. They don’t get that when raiding the Signal servers because of Sealed Sender and other precautions that Matrix doesn’t implement. **It does not matter that Signal is centralized. **It changes nothing.
Making a service decentralized does not change anything about security. In fact, because of the constraints of federation, it’s even less secure and private in some ways that cannot be avoided.
Also, I’m not pushing Signal. I’m responding to the misinformation being shared here.
Sorry, ignoring as you literally defended authoritarianism in another comment.
You cannot prove that the code they release is the same as the code being run on their server.
What’s a National Security Letter?
Yes you can prove the client! And for the server, you don’t need to prove it! They can run extremely malicious code and it wouldn’t change anything. That’s the whole idea behind zero-trust security. You only need to verify that the client is secure and encrypts everything.
You shouldn’t talk about things so confidently if you don’t know the technical details of how it works.