☁️The recent AWS outage showed how fragile “cloud-based security” can be.
When one datacenter faltered, global communication tools — including Signal — went dark 🌑
🕸️Matrix-based messaging systems kept running because they don’t rely on a single provider.
Resilience = decentralization
Let's invest in open, federated platforms.
#AWS #Signal #Matrix #Resilience #CyberSecurity #Decentralization #OpenSource
Our project is one of constant exit planning and circumvention considerations ... as times and tech are getting more shitty.
We don't bet on a single basket, and not a single state or jurisdiction, and certainly not AWS/Google/Microsoft US clouds which run #Signal servers.
No single hoster, platform or language (we do a lot of Rust, granted) and no single device or vendor. At #chatmail protocol levels we regard nothing as holy, and look for simplicity and robustness, and convivial community 🖤
Been working on getting Slidgnal, a #XMPP to #Signal gateway built on #Slidge back up and running with a mix of Go and Python; after a recent spree of work, we have fairly good support for 1-on-1 chats with reactions, attachments, etc. all working. Couldn't have been done without the great work by @nicoco and tulir (tulir.fi on bsky).
If you're running your own #XMPP server and are looking to bridge your #Signal contacts over, give it a go, repo is here codeberg.org/slidge/slidgnal and Docker/Podman or PyPi-based installs are well-supported! Group support is up next!
Today's AWS debacle is the perfect example of the reason why in the last few years I started to be less enthusiastic about Signal, and more oriented to federated or even P2P solutions like XMPP and Jami. I wrote about it already:
gagliardoni.net/#im_battle_202…
Signal was down for few hours today, after an outage that affected AWS:
mastodon.world/@Mer__edith/115…
Let's ignore for a second the blind reliance on AWS or any other cloud provider. In a decentralized system, this would not have happened, or at least it would have not impacted so many users.
Yes, I am a cryptographer myself, I know that Signal's encryption is the best. But encryption is not everything. Availability issues, geopolitical troubles, risk of enshittification, limitations on users' freedom to use and control the software lead to a lack of trust, even in a supersecure solution. And I say that with honest admiration for the folks at Signal, who are doing a great job.
May they prove me wrong over and over again.
#signal #im #aws #amazon #privacy #security #digitalsovereignty #selfhosting #fediverse #federation #p2p #enshittification #xmpp #jami #politics #opensource #freesoftware #libre
PSA: we're aware that Signal is down for some people. This appears to be related to a major AWS outage. Stand by.
There is no single central #Signal server. Signal uses #AWS cloud, plus Google Cloud, Microsoft Cloud and Cloudflare, all under US legislation. If any of these clouds goes down or becomes otherwise problematic, chatting degrades or fails.
With #deltachat you can choose #chatmail relays ( chatmail.at/relays ) which distributes the risk across a wider network. We are currently working on the multi-transport feature to finally remove any central point of chat failure chaos.social/@delta/1153621448…
Chatmail provides FOSS infrastructure for interoperable, secure, speedy and reliable end-to-end encrypted messaging. Check out clients as Arcane Chat, Bots or Delta Chat today!chatmail.at
With @signalapp having a problem because AWS us-east-1 is having trouble, I'm looking at installing @delta as a side-channel for situations like this ... does anyone know if it does video?
I know it's a chat function, and I'm not asking for miracles. It's a genuine question about capabilities.
I see there are web apps, and capabilities to integrate things, so I'm wondering what's available in the base install.
My investigations begin ...
When not using Google Play services (e.g. #GrapheneOS, #LineageOS users), #Signal can be a real battery drain. @mollyim with @unifiedpush on the other hand is extremely battery efficient.
Here's how to set this up, using #Nextcloud as the UnifiedPush provider: kroon.email/site/en/posts/moll…
I finally started using Molly to send and receive messages via Signal. Molly is a hardened fork of Signal for Android, offering features such as an encrypted message database, automatic locking, shredding no longer needed secrets from RAM, notificati…Guido Kroon
New design sets a high standard for post-quantum readiness.Dan Goodin (Ars Technica)
The #Signal App gets only a 9 out of 10 for #Privacy protection, and it's not just because it requires a phone number.
"While most of Google’s analytics are turned off in the Signal app, it still uses the Google Maps API to handle location data. Calls to Google Maps turn over a bunch of metadata, including the IP you’re connecting from. For a project that’s so invested in privacy, it’s surprising that Signal doesn’t use an open source alternative such as Open Street Map."
They call a Google API with location data and hand over the IP? Seriously?
mozillafoundation.org/en/nothi…
Read our privacy expert's review of the messaging app Signal. Signal is widely regarded as the “best in class” private messenger app. Unlike most messaging apps, Signal takes a completely hands-off approach to your data.Mozilla Foundation
🇷🇺 Russia wants China's Great Firewall
After Tuta Mail, it's now also blocking #Signal & #WhatsApp to stop its citizens from using #encryption
Together with @torproject, @fightforfuture and others we are standing up to say: Stop! ✊
Everyone deserves #privacy.
Read our open letter: 👉 tuta.com/blog/tutanota-blocked…
Tuta(nota) was blocked in Russia in 2020, Signal in 2024, and next up is WhatsApp. We are standing up to stop Russia from building a surveillance state like China.Tuta
Proč už nevěřím Telegramu
Je to deset let, co jsem začal používat Telegram. Za tu dobu jsem přesvědčil hodně lidí, aby ho začali používat, obhajoval jsem ho, ale v poslední době mám čím dál větší pocit, že jsem se v něm mýlil. V tomto blogpostu se pokusím vysvětlit proč.
#Durov #IM #instantMessaging #Signal #Telegram
blog.eischmann.cz/2025/09/04/p…
(reakce na tento příspěvek se může zobrazit jako komentář pod článkem)
Everyone is now realizing that WhatsApp is evolving towards its latest form (archive.md/L3W74). If you value secure messaging, you may want to check out @signalapp or @matrix (wich is #federated). EPFL also has its own Matrix instance at matrix.epfl.ch (use @element as a client).
#SecureMessaging #WhatsApp #WhatsappAlternative #Signal #Matrix #Element #Privacy #SelfHosted
Aunque el objetivo del vídeo es dejar a #WhatsApp en evidencia, también otorgo una parte no-despreciable del vídeo a #Signal, como la gran alternativa.
También nombro a #XMPP (vivo amenazado por la furia de @kyva), PERO:
Signal es el único "quita-y-pon" 🧩 que tenemos ahora mismo, para seguir conversando con **nuestros contactos telefónicos**, sin tener que ir preguntando a todo quisqui por su dirección.
Que ya los iremos metiendo en el saco federado, pero tú estate en Signal mientrastanto. 😉
Hice un vídeo para que puedas enviárselo a tus personas cercanas, explicando lo fácil que es dejar #WhatsApp, y por qué es importante hacerlo. 💬
fediverse.tv/w/35Lvufq1XW8ZVBT… (@ivangj@fediverse.tv)
También disponible en YouTube por si quieres evitar rozamientos 😅.
#SoftwareLibre #PeerTube #Chat #Signal #XMPP #DeltaChat #Matrix
Congrats on the release! Anytime a Linux GUI app gets more beautiful, that means a great deal to all the non-geeky users of the world, where aesthetics and convenience are king. I just hope it stops short of getting bloated and slow - witness the sluggish Node.js horror show that the #Signal desktop client is, in #Linux.
BTW: What version of OMEMO does Gajim support? Does the website or documentation say this anywhere?
#Signal for iOS v7.65 release notes:
* Message status indicators (sent, delivered, etc.) are now supported by the iOS VoiceOver feature in order to improve accessibility for blind and low-vision individuals.
🎉 There's a new beta version of Signal!
Signal for iOS v7.65
Check out the Signal Community thread for more info: community.signalusers.org/t/be…
#signal #signalapp #signalupdates
Today, we’re releasing version 7.65 to beta. If you’re interested in participating, join the beta group. Release notes: Message status indicators (sent, delivered, etc.Signal Community
> Signal groups, in particular, are more powerful than you might be aware of, even if you already use them all the time. In this post I'll show you how to:
- Turn an in-person meeting into a Signal group using QR codes
- Manage large semi-public groups while still vetting new members
- Make announcement-only groups, perfect for volunteer networks rapidly responding to things like ICE raids
**Using Signal groups for activism** by @micahflee
micahflee.com/using-signal-gro…
Things are heating up. Millions of people are taking to the streets against Trump's rising authoritarianism.Micah Lee (micahflee)
#deltachat is secure against server-side group membership changes but for a very different reason than #signal which keeps encrypted group membership data in a central store.
Delta Chat has _no_ central store but implements a rigidly tested #p2p group membership model where servers play no role github.com/chatmail/models/tre…
Both signal and delta chat are safe against recently published attacks against #whatsapp that can add members to chats, breaking end to end encryption. arstechnica.com/security/2025/…
The weakness creates the possibility of an insider or hacker adding rogue members.Dan Goodin (Ars Technica)
#ElementX nutze ich schon länger parallel zu #Element für meine Chats.
Nun habe ich aber das neue #SchildiChat Next ausprobiert.
Es basiert auch auf ElementX, hat aber #Spaces integriert. Das gefällt mir sehr gut. Damit lassen sich z.B. Chaträume übersichtlich ordnen.
#Matrix ist für mich nach wie vor ne gute Sache. Ich würde es auch WhatsApp-Wechslern eher empfehlen als #Signal ... vor allem auch, weil man sich damit nicht vom Smartphone abhängig macht.
schildi.chat/android/next/
#Chat #Messenger
SchildiChat is a feature-rich messenger for Matrix based on Element with some extras and tweaks.schildi.chat
our friends over at @rpgp just published a monster milestone, humbly tagged 0.16 😍 with
- streaming decryption and encryption
- post-quantum-cryptography
- API streamlining.
#rPGP is a full Rust implementation of #openpgp which counts among the fastest and most compliant implementations today, and includes security audits. Note: #deltachat uses a restricted subset of OpenPGP, and follows best practices (eg using the same ed25519 keys implementation as #signal) github.com/rpgp/rpgp/
OpenPGP implemented in pure Rust, permissively licensed - rpgp/rpgpGitHub
"'Take a screenshot every few seconds' legitimately sounds like a suggestion from a low-parameter LLM that was given a prompt like 'How do I add an arbitrary AI feature to my operating system as quickly as possible in order to make investors happy?'" signal.org/blog/signal-doesnt-…
#Signal #Microsoft #Recall #MicrosoftRecall #LLM #LLMs #privacy
Signal Desktop now includes support for a new “Screen security” setting that is designed to help prevent your own computer from capturing screenshots of your Signal chats on Windows.Signal Messenger
FBI Warning on Messaging Apps: Time to Rethink What "Secure" Really Means
The FBI recently urged Americans to switch from SMS to encrypted messaging apps like WhatsApp and Signal.
Read More at: puri.sm/posts/fbi-raises-alarm…
#Cybersecurity #Privacy #Surveillance #Signal #WhatsApp
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.Purism SPC
Arrêt de Skype : quelles alternatives ?
Skype va couper, Chérie...
Microsoft annonce1 l'arrêt de Skype en mai 2025. Un outil encore utilisé par grand nombre de personnes, y compris sous "Linux". Mais cela ne doit pas instiller, dans la Cité, de la peur. C'est au
aldil.org/arret-de-skype-quell…
#Actualits #LogicielsLibres #ALDIL #bidouille #bigbluebutton #entraide #installpaty #jitsi #logicielslibres #mattermost #signal #smartphone #vie_prive #vieprive
Skype sera coupé en mai 2025. Cherchons ensemble des alternatives libres pour garder le contact avec nos proches, au fond de nos poches.Anthony (ALDIL)
And, of course…
#Pentagon-wide email recently went out warning about #Signal vulnerability
A Pentagon-wide advisory went out one week ago warning against using the messaging app Signal, EVEN FOR UNCLASSIFIED INFORMATION.
"A vulnerability has been identified in the Signal messenger application," begins the department-wide email, dated March 18, obtained by NPR.
#NationalSecurity #idiocracy #kakistocracy #Trump #USIntelligenceAgencies #Hegseth #Gabbard #Ratcliffe #Waltz
npr.org/2025/03/25/nx-s1-53398…
Zit je niet op Signal, want "ik heb toch niks te verbergen..."?
Antwoord op die vraag en meer over #privacy, #AI en waarom #Signal voor iedereen goed is💙:
👉 youtube.com/live/AyH7zoP-JOg
Bij 48:00 🇳🇱 🚀
#signalapp #privacy #tech #sxsw via @Mer__edith
SXSW 2025 Livestream and On Demand Keynotes & Featured Speaker Sessions + VOD Portuguese and Spanish language translations presented by Itaú (these will be a...YouTube
European #antifascist recommending to use a service running in a fascist-turning country on servers owned by a fascist-friendly billionaire? This is weird.
Focusing solely on the E2EE misses a lot of points, one of those being that with #signal the ends have to be Android or iOS ~spyphones~ smartphones, which is not really something you can have 100% trust into IMHO.
"if you need a tool to communicate privately with your friends and family–even if your chats are boring, mundane, and totally legal–#Signal is the best damn choice I can recommend."
is the conclusion after 6 parts of detailed and well explained code review that starts at soatok.blog/2025/02/18/reviewi… by @soatok
(Yes, I read all 6 parts. No, I don't claim to understand more than the basics of cryptography, which is why yes, I have to and do trust the author on their conclusions)
Last year, I urged furries to stop using Telegram because it doesn’t actually provide them with any of the privacy guarantees they think it gives them. Instead of improving Telegram’s c…Dhole Moments
that is why I don't like people recommending moving from #WhatsApp to #Signal, better use messengers that don't depend on US servers and companies, like European messengers like #ArcaneChat
One thing I don't like about #Signal is that it only supports one mobile device per account. I know they want to make it easy for the average user. But for someone who has two phones, it's very limiting.
That's why I prefer #Matrix. Adding another device and decrypting all existing messages doesn't even feel so clunky anymore.
@hans06801
Also why there is a checkmark in "Security Audits" column for #Signal?
Did you manage to find any Signal security audit?
fosstodon.org/@link2xt/1140336…
For all other messengers listed I can easily find at least one audit report, but not for Signal.
I tried to find when #Signal has published the most recent #security audit, and it turns out they either never published an audit or their code was never audited at all.The closest thing I found is the list
community.signalusers.org/t/ov…
which only cites research papers and some evidence that in 2018 Signal paid Doyensec, but nothing got published as the result. Even then, it looks like the apps were not audited for more than 5 years since then.Overview of third-party security audits
Let’s collect past security audits here: Formal audits Year Auditor(s) Sponsor App/Component Published Link Last update / extended 2013 iSEC Partners (NCC Group) Open Technology Fund RedPhone and TextSecure ❌ Blog post 2014 Frosch et al.Signal Community
