Because of the ongoing fucktastrophe, the cries of "Use SIGNAL!" are constant and unavoidable. And I get it, it may be the least-bad option in a sea of terrible options. If, that is, you choose to ignore the advice of "don't use your phone for that shit" (the Stringer Bell Rule). But out of curiosity, because I haven't been keeping up, has the Signal Corporation addressed: The fact that they ...
Yawn. Signal is still the easiest option to setup and perfectly fine opsec for the majority of people. For a centralized service, it is both open source and has a long history of malicious compliance with court orders. On top of that, it’s maintained by a nonprofit foundation, the best possible steward for a centralized service.
If you’re an activist or engaged in activism, use SimpleX or something similar. If you’re just trying to chat with your aunt and don’t want prying eyes seeing what you chat about, Signal is sufficient.
I’m saying that if who you talk to matters for your threat model just as much as what you say, you should pick a platform that’s more anonymous. Signal knows the IP addresses of where your messages go, and that might be enough to uncover who is talking to whom. Certain governments might find that enough cause to abuse someone they don’t like.
Signal says that you can use a VPN to hide that information even from them, but IMO, it’s better if nobody has it in the first place, if it can be avoided.
Yawn. Signal is still the easiest option to setup and perfectly fine opsec for the majority of people. For a centralized service, it is both open source and has a long history of malicious compliance with court orders. On top of that, it’s maintained by a nonprofit foundation, the best possible steward for a centralized service.
If you’re an activist or engaged in activism, use SimpleX or something similar. If you’re just trying to chat with your aunt and don’t want prying eyes seeing what you chat about, Signal is sufficient.
What’s wrong with using signal as an activist? Lots of folks use it.
Or are you saying that activists may be targeted by governments using attacks that target signal’s ui?
I’m saying that if who you talk to matters for your threat model just as much as what you say, you should pick a platform that’s more anonymous. Signal knows the IP addresses of where your messages go, and that might be enough to uncover who is talking to whom. Certain governments might find that enough cause to abuse someone they don’t like.
Signal says that you can use a VPN to hide that information even from them, but IMO, it’s better if nobody has it in the first place, if it can be avoided.