- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
You must log in or register to comment.
Some users are mentioning SimpleX, which has some very good features, but for activism I’d really suggest Briar. Just scan each other’s QR codes to add all the needed contacts with no real names and create a mesh network through WiFi or Bluetooth connections between devices (no internet needed). If everyone is still bent on using Signal, whoever owns an Android phone should at least download the .apk from Molly.im. This version of the app is better suited for this.
Also beware that the target entry is always people. Any group you don’t know extremely well is going to “leak” and so it’s best, in general, whenever it involves electronics, to not do things you wouldn’t want to be found out doing.
Use Walkie talkies with a voice changer and coded phrases
No Imeis, no way to track you. Just don’t transmit near your house.
Very insecure. Vulnerable to MITM, jamming, etc.
Airgapped Android phones (with radios removed) and use Rattlegram + OpenKeychain to encrypt and sign messages.
As for jamming… well they can just turn off mobile networks and the internet too.
What you mentioned doesn’t have PFS nor break-in recovery, plus it uses PGP… a significant security downgrade compared to Signal or SimpleX.
That’s the dilemma with modern commucations. If you use signal or similar apps, your device can get hacked with pegasus or similar malware. AFIAK, walkie talkies and ham radios don’t really have “backdoors” (unless they messed with the supply chain), you hold the button and it transmits, let go and it doesn’t transmit. Dead simple. If you do encryption using a separate non-internet-connected device, then transmit it over the old-school radio, its virtually unhackable.
So you really have to weigh the risks.
Are you trying to have Perfect Forward Secrecy and is Pegasus not a risk to you?
Or do you prefer to be secured against pegasus, but use a clunky non PFS encryption?
Are you doing all your communications before the protest? (in which case you can use a phone with signal)
Or do you also want to have comms during the protest? (in which case, radios have no IMEI and cannot really be “hacked” and encryption is done on a separate device)
Signal still centrally collects metadata and requires a phone number to participate.
If you’re serious about privacy, ESPECIALLY if you’re part of a group looking to organize in a clandestine fashion, you should look into the vastly superior SimpleX Chat.
SimpleX is run by a Trump apologist and “white genocide” believer who believes the protests are fake and/or literally Stalin.
Edit: “all child abuse is horrible. But…” Evgeny is especially concerned about “genocide of young white girls” specifically, wondering “can Elon Musk help?”
Idk why it’s always assholes coming up with good software (shoutout to the lemmy devs lol) but simplex is a great messenger nevertheless. I sure as hell won’t donate to that guy though, like ever.
Can all of this compromise the SimpleX protocol in any way?
Nope. To add a little context, imagine that someone who uses Lemmy (which is well known to be developed by a team of people not everyone agrees with) to crosspost the same articles to infinity told everyone not to use a piece of well regarded and audited open source privacy software because it’s main developer has sided with US republicans.
I kind of figured with the X in the name. (I’m only half joking… But yikes)
Fml why.
per the article
Signal can’t access user metadata. It’s not just that Signal promises not to keep logs. They’ve literally engineered their service to cryptographically prevent themselves from having access to metadata, even if they wanted to. Signal doesn’t know what groups you’re in, or even what Signal groups exist on the platform. They don’t know the names or membership of any Signal group. They can’t even access your profile picture or name. All of this is stored on user devices and shared directly from user to user. On the other hand, if WhatsApp gets a data request, Meta will turn over details about everyone in your group, exactly who sends messages to who, and when, because WhatsApp collects all of this.
They’ve literally engineered their service to cryptographically prevent themselves from having access to metadata, even if they wanted to.
So, its all done by the user client? Meaning: If you check the source code, and compiled it yourself, it’s safe? Even against a malicious server?
i switched my family over to signal. i cant do a seitch again xD
Signal is likely fine for a use case like that. Don’t feel like you need to switch if you don’t have a good reason. Signal is a great balance between stupid-easy useability and E2EE messaging, and people who actually need that extra mile of privacy should know better than to use Signal.
i cant do a seitch again
On a serious note, sticking to Signal for family group chats is fine. No need to move them over to another platform.
I feel you.
Signal collects your IP address and the last IP address you sent a message to. They store that info to maintain their services. They also store your phone number, either of which can be tied back to your identity (in the US, don’t @ me, friends from across the pond).
The only thing these reveal is that you use Signal, which is currently still legal. Also, even if a judge ordered Signal to collect outgoing messages for your user, the content of your messages would already be encrypted. So unless your use of the service could be construed as illegal (or perhaps who you’re talking to), then it’s probably still safe to use.
However, all that said, I still agree that SimpleX is a better choice for activism. No phone numbers or other useful identifiers, uses a series of nodes rather than a central server, expiring contact-adding codes, etc… it’s simply better, if you need privacy against external threats.
And there’s no reason you can’t have both on your phone for different kinds of groups!
can you show evidence for this?
The best choice for activism right now is signal and has been for years. The best choice isn’t necessarily the most hardened app or messaging system, it’s the most hardened balanced against ease of use and access, along with features.
It’s been proven in court several times. The only information they keep is your phone number, unix timestamp of your account creation, and the unix timestamp of when you were last online.
Which is not the claim OP made.
Which claim are you referring to?
Signal collects your IP address and the last IP address you sent a message to.
Yeah, they likely misremembered that it was timestamps instead of IPs.
Usability of Simplex is very similar to Signal.
Evidence for what?
The claim being made?
I promise I’m not being pedantic. Which claim? I made at least two.
Or if you want to have a federated platform that’s closer to something like Discord, Matrix.
They dropped the phone number requirement a while ago
No, you still need a phone number to sign up. You can now optionally have a username as well, but a phone number remains a hard requirement.
What’s more, they require you to periodically log in on your phone. If you exclusively use the desktop client, you will get a message that access will be blocked if you don’t sign in on your phone.
Sometimes, it feels like a surveillance loophole is left for the OS (remember when they had plain text backups on windows). And Apple, Microsoft, and Google would happily turn over data, while Signal always will have plausible deniability.
And you will always need a smartphone OS built by one of the US companies above to start and continue using signal.
Yeah I thought they had too, but it’s the case that for a new account you still have to have a phone #. You can then use a chosen account for everything else.
you mean, you don’t need one for registration?
I’ve been corrected on that.
deleted by creator
