- cross-posted to:
- privacy@lemmy.ml
- cross-posted to:
- privacy@lemmy.ml
You must log in or register to comment.
Bless the era of technology where Signal and ProtonMail exist.
Signal yes, Proton I have my doubts
I think yours is the first comment I’ve read that has Proton hesitancy. I’m curious what your reservations are.
Not OP, I’ve heard criticism of their recent Duo subscription and their bitcoin wallet.
I use Proton services and my biggest gripe is their mediocre Linux VPN app. No binaries to download/Flatpak, advertised port-forwarding isn’t fully implemented and requires playing around in a terminal, and UI feels less polished than it’s Windows counterpart.
There’s a community made Flatpak of ProtonVPN though, in case it helps anyone
Honestly, I just use wg-quick to connect to VPNs, and I tested out ProtonVPN and it worked fine with it. I even set up my router to connect to ProtonVPN, so I could have a wifi network that’s always connected to their VPN.
But I’d really rather not have the same company host my VPN, email, and other stuff, I’d prefer to separate them a bit so no one company has a lot of my data. And something like a VPN really doesn’t benefit from bundling anyway, unless it’s bundled with a browser or something a la Mozilla VPN.
I keep hearing they are CIA lmao.
Not OP
There’s not a lot of negative press about them.
They complied with Swiss government requests to out the IP of a French activist.
It looks like they’re really doing the best they can.
Correct. They comply with court orders, its a business. People still need to be secure in how they use it, which that guy wasnt. So if you’re attempting to evade the government, use a vpn. All your data is encrypted, where you access it from and your billing information cannot be.
Do keep in mind proton also runs a VPN he may have been running their VPN and they complied.
If he was using their VPN, they wouldn’t have been able to turn that over according to their own site: https://protonvpn.com/features/no-logs-policy#:~:text=No-logs VPN,lengths%2C or location.
I actually don’t know what people’s hesitancy is, but I’ve seen numerous people say proton is not good, we’ll see if anybody chimes in with a reason.
I’ve seen doubt of it’s push to pack products into it’s offering ala Google - however I don’t see that as enough to call it not good.
It’s also very easy (and suspicious imo) for anyone to call a service not good without any reason to back it up.
The one and only critique I’ll give to Proton is how they have it where you can have Google e-mails forwarded to you to your Proton address.
And it’s like…why? The entire reason you’re going to ProtonMail is to escape Google. Why the hell would you want Google to try and pry into your Proton usage when all you want is to distance yourself from them?
Like?
like them embracing Bitcoin and “AI”
Embracing is a strong statement… Their core product are their core products.
Signal is the best thing going on in tech these days. I’m very glad it’s being led by Meredith Whittaker.
Did you know you can get a cool badge on your profile pic if you’re a recurring donor? $5 a month is far less than the value I get from it, but that’s all it takes for a cool badge (and knowing that you’re doing something active against the awful state of big tech today).
This is a very rude question, but on this subject of being lean, I looked up your 990 and you pay yourself less than some of your engineers.
Yes, and our goal is to pay people as close to Silicon Valley’s salaries as possible, so we can recruit very senior people, knowing that we don’t have equity to offer them. We pay engineers very well. [Leans in performatively toward the phone recording the interview.] If anyone’s looking for a job, we pay very, very well.
So, I googled their tax filing out of curiosity. It’s true that Meredith pays herself much less than her engineers, which is great. What I was rather shocked to see is that they pay their software developers enormous salaries. They’re listing developers making over $400,000 per year, with their VP making over $660,000 per year. Now, I’m all for the value-creators making more money than the CEO. I just had no idea that software developers make that kind of coin. I was thinking of donating to Signal, but I’m kind of weirded out by those astronomical salaries.
I mean, how does a free app with no advertising in it make that kind of money?
That’s inline with Silicon valley salaries. Basic houses cost 2mil there, so it’s not completely outrageous.
As an example, openai pays all its engineers 300k flat+500k/yr in some stock based asset. Another example is Netflix, who are notoriously a very fickle employer, but salaries start in the 400k range and go up from there.
My only gripe with signal, is the use of phone numbers as usernames. Not everyone with whom I want to communicate via signal has a phone number. I understand why they went this route, but wish there was an alternative way.
You can use a username only for finding and adding friends, you only need the phone number to create an account. That’s probably because Signal started as an alternative to Messages (or whatever it was called back then), so you could send SMS if you wanted, or secure messages to friends w/ Signal. The whole point was to be a gentle transition from SMS to private messaging. However, they eventually dropped the SMS feature, but it seems they kept the phone number as username thing.
It kind of sucks, but I think that’s a reasonable limitation since the vast majority of people using this service will have a phone number. You could probably even sign up for a free trial of something (e.g. Google Fi) to sign up for Signal, set up the username, and then drop the phone number service. I don’t know if there are any problems with this, but I don’t think they do anything with your phone number after everything is set up.
I think another reason they use a phone number is that it can mitigate issues with people or bots creating hundred of accounts maybe
Google is a very bad choice because it requires a phone number on its own. Also heard that there may be additional KYC.
Are you suggesting you need a phone number to get a phone number from Google Fi?
And yeah, it’ll definitely to KYC, because that’s a federal regulation. My point is that you don’t need the number long-term, so the number will only be associated with you for like a week while the trial period lasts. So sign up for Google Fi trial, create a Signal account, then cancel the trial. That sounds pretty reasonable to me.
Yea. Don’t you need a Google account first to use such a service? Those do need phone numbers to register.
And also KYC is unacceptable in this case, imo. If the number is needed only for a short time, there are similar, non-KYC options like what you would find on kycnot.me.
Yeah, I think you’ll create a Google account as part of the Google Fi account creation process.
If that really bothers you, use a different MVNO. Some offer free trials, but even if not, it’s not too bad to buy a month of service. My provider is Tello, and the minimum service that’ll give you SMS is $5/month. If you’re clever, you can probably also find a VOIP provider that does SMS for really cheap.
My point isn’t that Google Fi specifically is what you should use, just that it’s an example of a service that offers a free trial, so you can sign up for Signal for free.
I get the point, I just said how bad of an example this is, lol
Yeah. And I don’t fault them for this route. I just with I could sign up without a phone number. Maybe the username thing is a predecessor to allowing usernam-only registration in the future.
Yeah, hopefully. It would also be awesome to have a web login so I could access messages and whatnot when using someone else’s computer w/o having to install something.
I don’t know what direction they’re going, but I’m honestly okay with the caveats that currently exist.
It creeps me the fuck out. I do not get why a service that bills itself as secure needs to know something that can be traced back to my credit card and name. I won’t use Telegram or Signal because of this.
It’s about your posture. Most people who use signal use it to have privacy from governments. They’re not hiding that they use signal, they’re hiding what they write on signal. In this case, using your phone number isn’t a big deal.
Some people, have a tighter posture, which could translate to your position. In that case, something like Briar could fit the bill.
Lastly, security and privacy are not the same thing. Google products are secure, but they are not private. Self hosted sftp, for example, is private, but may not be secure. Signal is definitely secure, at least enough for general and governmental use. So, it seems, is telegram. Signal is more private than telegram in many ways, but it is not the gold standard for privacy (because of its use of phone numbers as usernames), but it is “good enough” for the masses. The balance between good for everyone and zero-knowledge private for everyone is delicate, potentially impossible. Honestly, I don’t know if signal was able to strike that balance perfectly, but they did a much better job than many other services, certainly than those others that are accepted by the masses.
But putting a phone number in immediately exposes protesters to association. Sure, Signal can’t give out the contents of messages, but it still has the chain of contact. So if a government gets hold of this record, legally or otherwise, now you have everyone associated to a suspect phone number/person and can start rounding them up.
It’s the complete antithesis of freedom of association when there’s a record of everyone that you’ve contacted. The contents don’t enter into that problem, and I can’t see why they feel the need to keep this as part of their system. It purposely makes it impossible to use this for something like peaceful protest. So, no, it doesn’t give you privacy from governments, because governments that don’t respect freedom of association will use that information to punish dissidents.
I can’t imagine any reason to use phone numbers except to purposefully keep this chain of association for governments to use. Even Facebook doesn’t require this sort of personal proof, and it’s suspicious as hell.
Sure, Signal can’t give out the contents of messages, but it still has the chain of contact.
it doesn’t. they’ve been ordered to hand over data multiple times, and the only thing tied to the phone number they have is 1. time the account has been created and 2. last time the account connected to the server: https://signal.org/bigbrother/
Wasn’t there some controversy about Signal’s creation being supported by the US government to provide private communications for anti-us-enemy organisation or something? I’m sure I remember it correctly…
https://www.theregister.com/2024/05/14/telegram_ceo_calls_out_rival/
Alleged and mostly bullshit from the Telegram founder it seems.
I wish Signal was developed more openly, more like the linux kernel for a “critical infrastructure” example. I wish it had more features, so it could take the place of something like Slack. I wish it supported interoperability like fedi.
But it’s good for what it is and I sure am glad it’s around. People who disrespect it don’t know what they’re talking about.
You know, if you want to replace Slack, look into Mattermost. It’s foss but otherwise pretty much exactly what Slack does so well.
Isn’t matrix more like slack that you are looking for?
When it comes to security, I don’t think it’s close at all.
Why not? I thought it had very good security. It’s E2E encrypted and the government of France uses it.
Maybe I’m misunderstood. I thought I heard about terrible security implementations relating to matrix servers.
Edit: I think I was remembering this: https://arstechnica.com/information-technology/2022/09/matrix-patches-vulnerabilities-that-completely-subvert-e2ee-guarantees/
Looks like I’m mostly wrong.
Time for Molly
deleted by creator
Signal fork
Terrible name lmao
??
“Molly” is a common nickname of the drug Ecstasy (MDMA)
“time for molly” kind of implies you’re off to get high
Nobody is going to use Signal when it lacks so many features. Feels like MSN messenger compared to it’s peers.
what do you mean? i use it a lot and it works great, photos, videos, optional temporary location sharing with friends, and encryption.
what features do you want it to have that it’s lacking?
deleted by creator
“hashtag anarchist yacht club”
Lmfao
What is signal anyway? I’ve never paid attention to phone apps much. Why isn’t it on F-droid if it’s FOSS? Is it like irc but with encryption? I guess I should look into it.
Why isn’t it on F-droid if it’s FOSS?
That got me interested and apparently, they fear forks running out of date.
Concerning F-Droid, we already providing an auto-updating APK directly from our site, and we really don’t want forked versions of the app maintained by other parties connecting to our servers. Not only could the users using the forked version have a subpar experience, but the people they’re talking to (using official clients) could also have a subpar experience (for example, an official client could try to send a new kind of message that the fork, having fallen out of date, doesn’t support). I know you say you’d advocate for a build expiry, but you know how things go. Of course you have our full support if you’d like to fork Signal, name it something else, and use your own servers.
While that statement got plenty of thumbs down, I hate to admit that F-Droid is indeed out of date quite often. I currently can’t find a source for this but I once read this has something to do with their signing process.
Hmm, ok, thanks. But I’m kind of tired of version churn: who needs to keep changing a chat program? IRC has been around since the 1980s or so and still works fine.
How much signal and she spend onnthis shameless self promotion.
JFC, if anything she is taking signal the wrong way and going the way of mozilla IMHO
Signal is a good product but there is a lot areas where it can do better… Have gotten any new features over last 5 years? Besides aliases?
What are they working on?
Seen interesting discussions about how signal is farming our meta data to the feds, I was clowned a few years back on this hot take. I am very regarded though. Can anyone pitch on this tinfoil?
Main looking to understand if that is even technically feasible?
(almost) anything is possible with a CIA black fund budget. I’ve moved to Simplex chat and not looked back.
I feel that but people can’t just move since we need somebody to talk on these super duper 69 layer quantum resistant protocols.
Looks simolex is gunning for the crown nowadays tho but there other viable contenders baking.
Once new leader arrives, going to need to tell my group we migrating again 🤕
I was clowned a few years back on this hot take. I am very regarded though. Can anyone pitch on this tinfoil?
?
Yeah idk I’ve read it like 4 times and still struggle to find a coherent thought here.
Poster was made fun of in the past for saying Signal gave metadata to the feds. He has a learning disability (regarded = deliberately misspelled R slur). They’re looking for someone else to corroborate the metadata claim.
That’s my interpretation at least.
“Retarded” is not a slur. It’s a medical term. “Idiot” is a slur that roughly means the same thing, though not nearly as far.
“Idiot” is a slur that roughly means the same thing
“idiot”, “moron”, “cretin” and “imbecile” were all medical terms once and described different levels of intellectual disability, but they fell out of use and are now considered offensive. language changes, and context is important.
deleted by creator
They also added stories which, despite what the internet might have you believe, was one of the most popular feature requests on the Signal message boards for many years
This was weird for me personally. I consider Signal a messaging tool which in my mind is separate from an actual social media app, so it was a bit of a head scratcher for me to see stories as a very popular feature request. I don’t really care about sharing “stories” in that format to my contacts or seeing theirs, but then again that’s just me.
deleted by creator
Lol calm down, no one’s trying to fight you over Signal being the best private messaging platform. I was just sharing that it was weird to me how stories was one of the most sought out features from users.
deleted by creator
Does signal meta data allow for signal to time stamp witu who you communicate using their app and servers?
Side note, PR like that costs about 15k fyi
deleted by creator
-
@yogthos@lemmy.ml what you got to say for this one?
-
Verge doesn’t run flulf for free. This is PR 101. But I trust you bro
deleted by creator
Re-read what you wrote… JFC
This can’t be serious
-
