Signal is a centralized app, run by a company. If they are offered enough money or legal threat they will sell out or close.

I am sure people will make an argument that its FOSS and people will just fork it if it goes bad, but a new fork will have 0 users and Signal will still have all of your old contacts. Why not make a switch now? Before it is even more popular and you have more reasons to stay? Why fork it if there are already decentralized apps that use same encryption, like XMPP apps?

Sure you can find flaws in every app, including XMPP implementations, but if we will have to write code for a new Signal fork, why not just fix whatever is that bugs you in XMPP clients?

If you want to use Matrix, that is fine as well, we can always bridge the two open protocols. But you cant bridge Signal if their company doesn’t allow it.

  • fubo@lemmy.world
    link
    fedilink
    English
    arrow-up
    70
    arrow-down
    2
    ·
    edit-2
    1 year ago

    Signal is operated by a nonprofit tax-exempt charity corporation in the United States.

    Could you please be more clear about exactly what you are saying here?

    Edited: The original poster has provided no evidence for their defamatory statements.

    • ∟⊔⊤∦∣≶@lemmy.nz
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      2
      ·
      1 year ago

      Signal has a single point of failure. If we really want a service that can’t be taken away, then we need a free, open source alternative that is impossible for a single entity to control

      • Mountaineer@lemmy.world
        link
        fedilink
        English
        arrow-up
        21
        arrow-down
        1
        ·
        1 year ago

        That single point of failure is to facilitate ease of use, with minimal reduction in security.
        The messages are e2e encrypted and the server is designed in such a way that attempting to listen in would bring it down.
        The signal org doesn’t even have your address book.

        If your concern is “I don’t like signal”, you’re not going to make much traction.

        • gthutbwdy@lemmy.sdf.orgOP
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          Briar is an app that is just as easy to use, plus you dont need a phone number, so it is easier. Yet it has no point of failure and it was simpler to write. It is P2P, uses tor, you dont get better privacy and security than that.

          You dont know what their server is running, you cant prove that. They can release the code, but you have to trust them that they are running that exact code.

          Ease of use is an excuse, they have a centralized model. That is a big flaw. There is more to security then E2E, xmpp clients have E2E as well, they use the same algorithm.

          • AbidanYre@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 year ago

            SimpleX also seems pretty promising and is more cross platform than briar. I’m self-hosting a server for my immediate family.

            • gthutbwdy@lemmy.sdf.orgOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              I think XMPP is more well-known than SimpleX, I simply mentioned Briar for the sake of possible ease of use argument over some XMPP clients.

              • AbidanYre@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                Could be. I was just giving another alternative. I’ve had better luck with both SimpleX and briar than some of the other options I’ve tested.

          • Mountaineer@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            I’m not goin to shit on Briar, I hope they build out their dream.

            It’s fundamentally not as easy to use.
            My Grandma already has a phone with a full addressbook.
            If she’s told to install Signal, it’ll just work as a drop in replacement for iMessage.

            Briar meanwhile suggests sharing your contact info using another such as signal: https://briarproject.org/quick-start/#:~:text=When you choose “Add contact at a distance”%2C Briar,choose a nickname for them.

            Briar is chasing different goals.

            • gthutbwdy@lemmy.sdf.orgOP
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              2
              ·
              1 year ago

              The only part that is easier to use on Signal is also a serious privacy concern of sharing your phone number.

              With decentralized apps you always have an option to add that feature, while with centralized apps like Signal you have to accept that your privacy is damaged.

              In short, this argument for phone number is another argument why decentralized apps can be as user friendly as centralized, but not the other way around.

              • Devils69Advocate@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                I see your point, but what threat and their level of sophistication are you trying to avoid? The number is used just for registration. You can get a burner phone if you’re worried about sharing your number.

                • gthutbwdy@lemmy.sdf.orgOP
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  1 year ago

                  In less and less countries we are allowed to buy phones and sim cards without an ID. Phone network is a centralized system, controlled by governments, we can’t depend on that for privacy. The main treat to privacy has always been the current ruling government, they fear privacy, because they fear people organizing against them.

                  • Devils69Advocate@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    1 year ago

                    I’ll give you not being able to buy SIMs without an ID; I didn’t know that. But the rest is not as accurate. You should probably just not use a computer or phone to ensure complete security.

      • animist@lemmy.one
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        1 year ago

        We have that in XMPP and Matrix. The problem is then to talk to people on it they all have to join the server on which you host your build. What if that server goes down? If you pay for hosting you’re putting it into the hands of another corporation. If you self-host at home, what if your electricity goes out? Your internet gets cut off? Is everyone you convinced to ditch signal going to be happy and willing to sacrifice their convenience and ability to talk to people they want (or need) to talk to over ideology?

        • ∟⊔⊤∦∣≶@lemmy.nz
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          1 year ago

          If we get hit by a big enough solar flare, everyone will be communicating by pigeon again. You make valid points. I haven’t actually used XMPP before and only just started with Matrix. I think OP is right that we should keep an eye on alternatives for when/if the time comes.

    • gthutbwdy@lemmy.sdf.orgOP
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      8
      ·
      edit-2
      1 year ago

      Every non-profit organization I know of was run as a company. Non-profit is for organization, not for people, you can still pay yourself a nice salary and trips around the world, expensive dinners and so on. A lot of non-profits I know of extract every cent from the donors, which are often big companies like Google, by making an invoice for a clearly overpriced service at company owned by their friends, that send them the money back.

      Being a nonprofit tex-exempt charity corporation in United States is no defense of their character, their interests, nor their capability to provide a quality service or withstand a legal pressure.

      I will be perfectly clear then, you cant trust them and you cant depend on them. Reddit was a good open service once, now its dying, we need to move to Lemmy. Same will go for Signal. They still work with police, still give data such as phone numbers, when you created your account and we have no proof that they are not storing your IP, when you are sending and getting messages (so they can do a timing attack to figure out who you are talking to, if they don’t give that info directly).

      I don’t need proof that they have done something wrong to prove a point that no single entity should be trusted when we have the technology for over 20 years now that makes that unnecessary.

      • oatmilkmaid@possumpat.io
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        1 year ago

        How do I trust a random XMPP server more or as much as I trust Signal to protect my data? You’re telling me if the government comes knocking for metadata on some user on a small server that the owner isn’t going to just give it away? What about anyone else on other connected servers?

        You’re asking me to trust someone who hasn’t shown that they’re actively working towards privacy goals vs a centralized solution from a company that’s shown they care about privacy?

        Either way, you have to trust someone to take care of your data and I do not trust a small server owner more than an entity that’s proven they do not give information to governments. Gotta pick one of two evils, I guess.

        • gthutbwdy@lemmy.sdf.orgOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          I never claimed that you should pick a random server. You can pick servers run by groups that have just as good record of privacy or even better or are run by the person you know or yourself.

          When you have a decentralized service you can choose who you trust, you are not stuck with one corporation. Picking a completely random server is the worst possible example you could have chosen.

          • oatmilkmaid@possumpat.io
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Maybe I’m misunderstanding XMPP but does it not federate? Does it not mean that on top of trusting my home server I have to trust the choice other people made with theirs?

            • gthutbwdy@lemmy.sdf.orgOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              1 year ago

              Why would you need to trust their choice? The only data that is sent from your server to theirs is your username (called JID in xmpp terms) and E2E encrypted message. The worst thing their server can do to yours is to send you a message, if your server decides to pass it on.

                • gthutbwdy@lemmy.sdf.orgOP
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  XMPP clients support end to end encryption, so the servers only get encrypted messages. Also unlike Signal, XMPP clients support use of Tor to hide your IP.