migrating from #WhatsApp to another centralized platform is not a real solution, that's why we are here in the #Fediverse and not in #BlueSky
Migrate from #WhatsApp to #DeltaChat and other decentralized alternatives, break free out of the silos once and for all and stop feeding billionaires/CEO incubators
#ArcaneChat #XMPP #Matrix #SimpleX #Session #decentralization #encryption
Questa voce è stata modificata (2 mesi fa)
reshared this
Rob
in reply to adb • • •l
in reply to Rob • • •@rob
It has better availability, which is part of security. You never hear "email network went down" and you can use multiple email addresses to avoid the case when your only email provider is unavailable or blocked.
Signal requires a phone number and the connection between your account ID and phone number is in their database (proprietary Amazon DynamoDB service actually, Signal does not run its own database). It can be requested even if you only get in contact with usernames.
@adbenitez
𝙶𝚑𝟶𝚜𝚝𝚣𝟶𝚡 likes this.
Rob
in reply to l • • •@link2xt
I use Signal heavily. To my knowledge and since I started using it years ago, including to make many international phone calls from the US to Australia and New Zealand, I have never observed any downtime that impeded my use.
I will research the phone number issue.
Here's my point: asking to move from a proven secure network, to an unproven, claiming to be secure network is not something I do lightly.
l
in reply to Rob • • •@rob
More common case for availability is that if the country blocks Signal, you can lose access to such contacts if they don't have knowledge to bypass the block. Signal "censorship circumvention" is implemented differently on Android and iOS and is not available for desktop. It has failed to work in some countries on iOS in the past while working on Android.
@adbenitez
𝙶𝚑𝟶𝚜𝚝𝚣𝟶𝚡 likes this.
Rob
in reply to l • • •@link2xt
I'm getting the idea that this is not for me. This is a chat app for doing things I do not do - which is ok.
Thanks for answering all my questions.
adb
in reply to Rob • • •@rob it is ok if you don't need Delta Chat, but I would be more careful about your mentality of considering #Signal the most secure and private app ever, because it isn't, but since I guess you are not a person at risk or activist getting on the bad side of US gov. probably it is safe enough for you? otoh, to send some memes to your family, any other decentralized app would do and you don't need to use a central service like Signal then?
@link2xt
Rob
in reply to adb • • •@link2xt
Who can answer that question today? The US government is shifting under my feet as we speak.
The last time #DirtyT was president, my city burned to the ground.
The direct answer to your question is “yes” today. But I am concerned about the future and want to take reasonable security precautions. That’s why I asked in the first place.
You’ve more than answered my questions and I am grateful for all your answers. Thank you.
adb
in reply to Rob • • •Rob
in reply to l • • •@link2xt
I have a relative that called me from Viet Nam on Signal and it worked fine. We talked for over an hour and it worked great. I even saw some video during the call.
That said, the people on this chain appear to be far more global than the average person with fears, desires, skills and needs that are greater than my own.
l
in reply to Rob • • •@rob
Regarding phone numbers, you can of course do your own research and read the source code, but otherwise there is an article theintercept.com/2024/03/04/si… which is based on a talk with Signal representatives.
@adbenitez
Signal’s New Usernames Help Keep the Cops Out of Your Data
Micah Lee (The Intercept)Rob
in reply to l • • •@link2xt
This is a really good article. Thanks for this.
It looks like, if you needed to, there is a path for defeating the subpoena outlined here in the article.
I also don't use my SIMs phone number for Signal, which is another way to obscure your identity. That said, if the FBI was investigating me, they would have my "fake" number. I use it to defeat spammers.
Rob
in reply to l • • •It's because of people like you @link2xt that I ask questions and also love #mastodon.
I really appreciate your time to educate me. Thank you.
adb
in reply to Rob • • •@rob Some advantages:
- Decentralized, you can use different servers or host your own without having to follow the rules of a single company in the US
- No phone number or any private data required to register, totally anonymous
- You can have as many accounts as you want, even across different servers each, ex. one for family another for work, etc
- You can create or use bots to improve the experience
- in-chat mini-apps ex. collaborative editor
- good multi-device support
- and MORE!
Δж➂
in reply to adb • • •> without having to follow the rules of a single company in the US
what does this mean? you have to follow rules of any service provider (email) you use regardless of jurisdiction, no? eu and the us are in bed with each other as far as sharing intel/data. cryptography helps with this.
that one id i connected with you on as a test was in the us. i own the physical server so it's my rules.
adb
in reply to Δж➂ • • •@ax3 that if Signal decides to ban you because rules in the US, ex. recently they added Cuba to the "terrorist countries" list, imagine how easy would be for US to tell Signal to not allow any Cuban phone number, that is not possible with decentralized platforms where users can use the provider of their choice and also countries can use their own server and be more resilient/independent while still federating with the rest of the world
@rob
𝙶𝚑𝟶𝚜𝚝𝚣𝟶𝚡 likes this.
Δж➂
in reply to adb • • •> that if Signal decides to ban you because rules in the US, ex. recently they added Cuba to the "terrorist countries" list
i'm running through a us-based proxy at this time and i can reach cuba's website. just because there's a designation as a terrorist state doesn't mean traffic is blocked. the only networks i cannot reach are in the dprk which i have no interest in anyhow.
> imagine how easy would be for US to tell Signal to not allow any Cuban phone number,
sure, i mean it's possible that the us says "signal, don't allow cubanos" but so far there's been no example of this. i think this is speculation at the time, but yes something to keep in mind with riding other's infrastructure.
> that is not possible with decentralized platforms where users can use the provider of their choice and also countries can use their own server and be more resilient/independent while still federating with the rest of the world
what about countries that deny traffic to other countries? russia, china, and others have firewalls and dpi to inspect and block/re-route traffic.
it's absolutely possible to have issues with decentralized infrastructure. since we're talking about email, one of the chatmail servers is blocked due to ip reputation from a mail provider i've used. whether it's deltachat, fediverse, etc if a country or region notes that a certain ip space is not welcome they can block it and there's nothing we can do to change this besides hopping proxies and more hoops.
this all being said i use deltachat for personal communications, signal i keep for people who pay my bills and prefer a bit more security than sms over ss7
adb
in reply to Δж➂ • • •@ax3 that was a theoretical example, I am not saying they are doing it, but they COULD do it EASILY if they want to, they block access to a lot free software documentation pages like developer.android.com and golang.org
@rob
Android Mobile App Developer Tools – Android Developers
Android DevelopersΔж➂
in reply to adb • • •what ip space are you riding on that is getting blocked by google? google owns all the underlying ipv4 space for those two domains.
and yes, any nation could theoretically block ip space, services, etc. but the question i think about is, do i preemptively try to solve a theoretical problem or do i go with what i know and operate accordingly.
a lot of eu citizens have this distorted view that the us is some sort of gulag controlling everything. i'm an eu citizen and i can say both nations are equally fucked.
adb
in reply to Δж➂ • • •@ax3 this is going in the wrong direction, my only point is that if you can self-host or use a provider you trust more or with different policy/rules than a single ruling server it is much more powerful, I am not interested in discussing US-EU politics
@rob
Rob
in reply to adb • • •@ax3
That’s a lot of “ifs” that don’t fit needs. But I’m always looking. That’s why I ask the questions.
Rob
in reply to Δж➂ • • •@ax3
I would need a lot more information and assurance before switching to Delta Chat @adbenitez.
I'm glad it exists, and will do some research. But I am not interested in hosting my own service (that's not going to be more secure than Signal). Where I work, Signal is forbidden for business. I don't need more than one account.
The one compelling thing you've said here is "more features". But even those are unclear in their utility.
Felix
in reply to Rob • • •@rob @ax3
If you need a coherent argument for why signal is still without any meaningful match, i can really recommend this blogpost:
soatok.blog/2024/07/31/what-do…
(Not mine. but i really should write an article why most defederated services aren't that great of an option for many people)
What Does It Mean To Be A Signal Competitor? - Dhole Moments
Dhole MomentsRob
in reply to Felix • • •@newhinton @ax3
I follow @soatok and respect the work. Much of it is above my head, but I have his blog in my reader feeds.
I will take a look.
adb
in reply to Felix • • •@newhinton Signal is "open source", sure they have some code published, but that doesn't warranty that the code running in the server matches and they took already a long time to update in the repository the code they had deployed, same for the client, I was looking into it and a file in the source code was not the one actually used in production, it was being fetched from the server
#ArcaneChat fits:
- FOSS
- e2ee (forced)
- safe against MITM
@rob @ax3
Felix
in reply to adb • • •@rob @ax3
Since signal protects against itself via it's encryption and envelope protocol, it simply doesn't matter what runs on the server.
Not great that they are regularly behind, but it is simply irrelevant for the security.
adb
in reply to Felix • • •@newhinton
by @link2xt: "Signal requires a phone number and the connection between your account ID and phone number is in their database (proprietary Amazon DynamoDB service actually, Signal does not run its own database). It can be requested even if you only get in contact with usernames."
also read: fosstodon.org/@link2xt/1138955…
@rob @ax3
l (@link2xt@fosstodon.org)
FosstodonFelix
in reply to adb • • •@link2xt @rob @ax3
I have read that. The exposure of usernames is the same as phone numbers. Which means you already need to know that it exists. So not much gained there. Also, what does this have to do with the database or the security?
Signal is demonstrably *the* most secure app. Every "problem" signal has, is a problem for other messengers too. (Usually the problems are worse for them, including and specifically deltachat)
l
in reply to Felix • • •@newhinton
> Signal is demonstrably *the* most secure app. Every "problem" signal has, is a problem for other messengers too.
Not every other messenger has a problem of keeping the relation between non-secret account IDs to phone numbers in a central database. For example, Matrix, XMPP, Session and Delta Chat don't have this problem because you can use them without having any phone number at all.
@adbenitez @rob @ax3
Felix
in reply to l • • •@link2xt @rob @ax3
True! Instead they leak message metadata, user relationships or even message content (if not careful) all over the place.
None of the "competitors" are actually as stringent and secure if it comes to the amount of data leaked to the outside. On that front, there currently simply is no true competitor that does secure and private messaging as well as signal does.
soatok.blog/2024/07/31/what-do…
What Does It Mean To Be A Signal Competitor? - Dhole Moments
Dhole Momentsadb
in reply to Felix • • •you are completely ignoring my message where I said that arcanechat.me fits the bar, it enforces ALWAYS encryption, and ZERO METADETA is required, since UNLIKE SIGNAL, it doesn't require ANY private data for registration, its FULLY anonymous and END TO END ENCRYPTED and safe against MITM
@link2xt @rob @ax3
adb
in reply to adb • • •@newhinton and also notice that for most people the security given by #DeltaChat, #Matrix, #XMPP, #SimpleX, #Session, etc. is more than good enough, without needing to give phone number or using a centralized service that might go the enshitification route sooner or later
@link2xt @rob @ax3
Felix
in reply to adb • • •There you are right. For many people that kind of security is likely enough.
But then there is usability. With signal, i am already done once i signed up, and the people i can chat with, are already there. That is not true for the alternatives, especially the ones that allow plaintext messaging, which require a deeper understanding of the infrastructure you are using.
How secure/insecure something is then depends on your usage and your target audience.
Felix
in reply to adb • • •@link2xt @rob @ax3
Since that is a delta-chat client, it uses email as it's transport layer, right?
So it leaks at least when and with whom you are writing to everyone with access to one of the transfer-email-servers. I wouldn't call that "zero" metadata. Quite the opposite.
adb
in reply to Felix • • •@newhinton I think you are a bit outdated, yes, Delta Chat can be used as an email client but that is not the main way to use it, the normal way to use it is just to set a name and that is it, all the server do is transmit messages between random token addresses
@link2xt @rob @ax3
Felix
in reply to adb • • •@link2xt @rob @ax3
Okay, i might be outdated. But to be honest, this opens up a whole other can of worms that make it so much more complicated than most users want to deal with. (Though this is not a technical argument anymore, only a usability one)
Generally the question i ask is whether or not my grandma can use it securely. Most messengers fail in that category, especially federated ones. They have their place, but most will choose something "simpler".
adb
in reply to Felix • • •@newhinton I can assure you, your grandma will be able to register in #ArcaneChat / #DeltaChat MUCH MORE easily than in Signal, do you even remember how is it to login in Signal?
In ArcaneChat you don't really need to register, just set a name&avatar and start using it
In signal besides the same name&avatar screen your grandma needs to enter her phone number, give telephony permissions, then solving CAPTCHA to prove she is not a robot, then receive an SMS with PIN etc.
@link2xt @rob @ax3
𝙶𝚑𝟶𝚜𝚝𝚣𝟶𝚡
in reply to Felix • •@Felix @l @Rob @Δж➂ @adbenitez@mastodon.social
Felix try it!
Your choice is either Delta Chat or ArcaneChat!
I assure you that @adb and @link2xt know what they are talking about.
Try them and then tell me!
zetabeta
in reply to Rob • • •don't ask soatok.blog/ about that, furry would be upset.
Dhole Moments - Software, Security, Cryptography, and Furries
Dhole Momentsadb
in reply to zetabeta • • •@zetabeta
@rob
Adam Jurkiewicz
in reply to Rob • • •adb
Unknown parent • • •@c_th1 woot??? #ArcaneChat is a customized #DeltaChat client + arcanechat.me server optimized for NEVER allowing any unencrypted message in/out of the server, hence tackling one of the criticisms of the #Signal fanboys but without giving up on fully anonymity and federation
@delta
Jog
in reply to adb • • •treefit
in reply to Jog • • •The Delta Chat Website translation project on Transifex
explore.transifex.comChristopher
Unknown parent • • •@Debacle Maybe I don't understand what you mean by 'first class client on Linux', but you can go to
https://delta.chat/en/download
The desktop versions do not require Delta Chat to be installed on a phone. Changelogs & More Changelogs: Desktop, Android, iOS, Core Alternative Clients Provider Database Verify Downloads D...
Delta Chat: Get Delta Chat
delta.chat𝙶𝚑𝟶𝚜𝚝𝚣𝟶𝚡
Unknown parent • •@Debacle @Christopher
On Debian it is in the repositories if I'm not mistaken.
You could still download the deb and install it: download.delta.chat/desktop/v1…
Werawelt likes this.
adb
Unknown parent • • •I recommended Delta Chat because it is the more user-friendly and easy to switch to, but in fact that is why I said "and other decentralized alternatives" and tagged XMPP
as much as it would be cool to have the client in the Debian repo, most users migrating from WhatsApp don't even know what Debian is, and it can be installed using flatpak anyways
Benjamin Kwiecień
Unknown parent • • •𝙶𝚑𝟶𝚜𝚝𝚣𝟶𝚡 likes this.
rakoo
Unknown parent • • •@adbenitez
Werawelt
in reply to adb • • •#DeltaChat is the best!
𝙶𝚑𝟶𝚜𝚝𝚣𝟶𝚡 likes this.