Items tagged with: Signal

Search

Items tagged with: Signal

> He changed his profile picture to a photo of himself so it was much easier to see which Jason Signal contact corresponded to that Jason.

This still leaves the risk of people deliberately changing their username+profile picture to match that of Jason to trick you to invite the wrong Jason to the group chat

In #Conversations_im we try to show the Jabber ID (not just the username) in relevant places (during invites, for new chats)

For #Signal that would be the phone number, I guess

#signal #conversations_im

Die Verknüpfung von #Signal mit einer Mobil-Nr. hat mich bisher u.a. von der Nutzung abgehalten.

Macht man damit nicht auch die gute Arbeit in Sachen Verschlüsselung und Datenvermeidung zunichte?

#Messenger #Chat

#signal #messenger #chat

A bit late on the bandwagon for this one, but that whole US thing with the idiots on Signal...

Many of the journalistic reports go in-depth about Signal itself, as if it's somehow to blame.

If you get a monkey to drive a car into a wall you shouldn't report on the car itself, but rather why you gave the monkey the keys in the first place.

#UsPol #Signal #US

#signal #uspol #us

As always in #uspol, what’s controversial here is not that an American bomb leveled an entire apartment building in #Yemen killing 53 people (both Republicans and Democrats believe such operations are permissible), only that the plans to do so were discussed on an unsecured chat #signal #signalgate
JD Vance What? Michael Waltz Typing too fast. The first target - their top missile guy - we had positive ID of him walking into his girlfriend's building and it's now collapsed. JD Vance Excellent
#signal #uspol #yemen #signalgate

And, of course…

#Pentagon-wide email recently went out warning about #Signal vulnerability

A Pentagon-wide advisory went out one week ago warning against using the messaging app Signal, EVEN FOR UNCLASSIFIED INFORMATION.

"A vulnerability has been identified in the Signal messenger application," begins the department-wide email, dated March 18, obtained by NPR.

#NationalSecurity #idiocracy #kakistocracy #Trump #USIntelligenceAgencies #Hegseth #Gabbard #Ratcliffe #Waltz
npr.org/2025/03/25/nx-s1-53398…

#signal #Trump #nationalsecurity #pentagon #hegseth #idiocracy #kakistocracy #usintelligenceagencies #gabbard #ratcliffe #waltz

#Signal took a huge bet that running on US big-tech toxic infrastructure is fine because its groundbreaking and industry-shaping cryptography is crafted to neutralize it and keep users safe.

But is it really feasible to live on toxic infrastructure in the longer run?

#deltachat rather takes a bet on the massive e-mail server network and interoperable protocols, and on #chatmail servers which enforce message encryption and metadata-minimization.

Delta is for when centralization turns sour.

#signal #deltachat #chatmail

Is there an #E2EE messenger in 2025, that:
- doesn't depend on anything US (e.g. not #Signal)
- is reasonably secure (e.g. not #Matrix)
- runs on all platforms (e.g. not #Briar)
- doesn't depend on commercial servers (e.g. not #Threema)

Anything?

#matrix #signal #briar #threema #e2ee

#privacy #signal #AI #tech #signalapp #sxsw @Meredith Whittaker

@norbert If you’re still recommending #Signal you know that it is still the best choice for secure messaging for a wide range of users. Takeover of the government doesn’t change anything about how Signal operates.
#signal @Norbert Tretkowski

Did you know that #deltachat literally shares cryptographic implementation code with #signal ? Both delta and signal use the ed25519-dalek crate ... Most messengers by now moved their cryptography to #rustlang . We did that in 2019. But in delta also all networking and message formats is implemented in Rust where other messengers (including signal) have a lot of platform specific code still.
#signal #RustLang #deltachat

there's not a lot of difference between #signal and #whatsapp . The app store builds of Signal are not reproducible. Nobody has hosted their own version of the signal server and we can't know if the code running on their servers is the same as what's on GitHub. So both their server and client are effectively closed source.

Other than requiring smartphones, both are centralized in the US. Signal is hosted on #aws. Signal doesn't have #meta AI and other forms of enshittification.

#signal #whatsapp #meta #aws

@bshankar You are good, now I want to defend #signal a bit (I guess I'm probably a contrarian).
I think marketing and advertising are something that we as a species urgently need to get rid of, for the sake of our brains, for the planet, and to stop wasting everybody's time on useless stuff that makes nobody happier. At least with signal you're not contributing to making those weapons more effective, and that's a huge win over using any Meta product in my book.
#signal @Bhavani Shankar 💭

Requiring to use a smartphone is only one of my griefs against signal. "Security" (far right's favorite theme) is not *all* that matters. The internet I want is made of community-owned projects made with love and weirdness, self-hosters running services for family and friends, not giant corps running planet-scale inhuman centralised stuff. #Signal does not fit in this picture.
#signal

European #antifascist recommending to use a service running in a fascist-turning country on servers owned by a fascist-friendly billionaire? This is weird.

Focusing solely on the E2EE misses a lot of points, one of those being that with #signal the ends have to be Android or iOS ~spyphones~ smartphones, which is not really something you can have 100% trust into IMHO.

#signal #antifascist

"if you need a tool to communicate privately with your friends and family–even if your chats are boring, mundane, and totally legal–#Signal is the best damn choice I can recommend."

is the conclusion after 6 parts of detailed and well explained code review that starts at soatok.blog/2025/02/18/reviewi… by @soatok

(Yes, I read all 6 parts. No, I don't claim to understand more than the basics of cryptography, which is why yes, I have to and do trust the author on their conclusions)

Our Review Roadmap Given what we’ve covered above, the targets of interest are as follows: 1. The Rust implementations of cryptography in libsignal. - Libsignal uses curve25519-dalek under-the-hood. - For actual encryption, they use a lot of RustCrypto. - Key transparency is relatively new, and of particular interest to me. - The actual Signal protocol, which now uses post-quantum cryptography. - The zkgroup and zkcredential features, which involve zero-knowledge proofs and are paramount to Signal’s server software not being able to know who is in which group. - The account keys and usernames features, since the privacy surrounding phone numbers is important to most Signal users. - Secure Value Recovery v3. If we can find a vulnerability in a recovery system, that will definitely be high-impact. 2. The bridge code, which enables libsignal to be used in other programming languages. 3. Cryptography implemented in Signal for Android, where it doesn’t just punt to libsignal. 4. Cryptography implemented in Signal Desktop, ditto. 5. Cryptography implemented in Signal for iOS, as with the previous two.

Reviewing the Cryptography Used by Signal - Dhole Moments

Last year, I urged furries to stop using Telegram because it doesn’t actually provide them with any of the privacy guarantees they think it gives them. Instead of improving Telegram’s c…
Dhole Moments
#signal @Soatok Dreamseeker

#signal #whatsapp #arcanechat

@adbenitez The problem with many #Signal alternatives is that they don't provide Windows / MacOS / Linux desktop versions. Hard as it may be to believe if you are under 30, not everyone walks around with a phone glued to their hip or in their hand all day. Personally, I have NEVER used a messaging client (other than SMS) on a phone, I use my desktop computer for everything, partly because the screens on phone are just too damn hard to read if you don't have perfect vision, but also I just have a terrible time using a modern "smart" phone in general.
#signal @adb

One thing I don't like about #Signal is that it only supports one mobile device per account. I know they want to make it easy for the average user. But for someone who has two phones, it's very limiting.

That's why I prefer #Matrix. Adding another device and decrypting all existing messages doesn't even feel so clunky anymore.

#InstantMessaging #SignalApp #MatrixChat

#matrix #signal #signalapp #instantmessaging #matrixchat

The main problem I see isn't finding a good alternative, but finding a person who is willing to abandon #meta
I have multiple alternatives(#signal, #element #telegram #discord ) but what to do when I'm the only one using them?
#element #signal #telegram #discord #meta

@hans06801
Also why there is a checkmark in "Security Audits" column for #Signal?

Did you manage to find any Signal security audit?
fosstodon.org/@link2xt/1140336…

For all other messengers listed I can easily find at least one audit report, but not for Signal.

l

2025-02-20 01:38:11

mastodon - Link to source

I tried to find when #Signal has published the most recent #security audit, and it turns out they either never published an audit or their code was never audited at all.

The closest thing I found is the list
community.signalusers.org/t/ov…
which only cites research papers and some evidence that in 2018 Signal paid Doyensec, but nothing got published as the result. Even then, it looks like the apps were not audited for more than 5 years since then.



Overview of third-party security audits

Let’s collect past security audits here: Formal audits Year Auditor(s) Sponsor App/Component Published Link Last update / extended 2013 iSEC Partners (NCC Group) Open Technology Fund RedPhone and TextSecure ❌ Blog post 2014 Frosch et al.
Signal Community

#signal @Hans

I tried to find when #Signal has published the most recent #security audit, and it turns out they either never published an audit or their code was never audited at all.

The closest thing I found is the list
community.signalusers.org/t/ov…
which only cites research papers and some evidence that in 2018 Signal paid Doyensec, but nothing got published as the result. Even then, it looks like the apps were not audited for more than 5 years since then.


Overview of third-party security audits

Let’s collect past security audits here: Formal audits Year Auditor(s) Sponsor App/Component Published Link Last update / extended 2013 iSEC Partners (NCC Group) Open Technology Fund RedPhone and TextSecure ❌ Blog post 2014 Frosch et al.
Signal Community
#signal #security

If you're still recommending #Signal, you may have missed the tech oligarchs' takeover of the US government. The best time to recommend European alternatives was 8 years ago; the second best is now.

#Conversations_im #XMPP #Jabber

#xmpp #signal #Jabber #conversations_im

#signal

Happy I Love Free Software Day! 💕

Unfortunately, this year I could not join nor organize any in-person celebration, BUT of course I want to share my gratitude to the many, countless #FreeSoftware services I don’t merely use, but actually depend on.

Last year, I decided to focus only on #YunoHost, because it would have been crazy to list all the projects I use and I love.

This time, even if I will most certainly forget someone, I am challenging myself to mention all the #LibreSoftware my life is powered by.

Without further ado, THANK YOU to:

  • @yunohost, for powering Nebuchadnezzar
  • @fedora, for running my beloved #Framework laptop
  • @frameworkcomputer, for designing and building repairable, #Linux-friendly and truly open hardware
  • @gnome and @GTK, for being just gorgeous
  • @calyxos (thus @LineageOS), for powering my #Fairphone5
  • #Obtainium, for making me directly download apps on my phone, and @fdroidorg for distributing them
  • #AuroraStore, for proxying the download of apps I am doomed to get from Google Play
  • @element, for developing #Synapse, even though the new proprietary Synapse Pro is VERY PROBLEMATIC AND DISAPPOINTING
  • #Fractal, for being the most beautiful and awesome #Matrix client ever
  • @signalapp, for keeping me connected with the people I love
  • @Mastodon, for also maintaining a feature-packed experimental fork (#GlitchSoc), that is what Pan runs
  • #Tuba and #Moshidon, for being the most beautiful and awesome #Mastodon clients ever
  • #Firefox, for still remaining the best possible #browser choice, despite #Mozilla’s governance messiness
  • @openstreetmap, for allowing us to find the right path, both literally and metaphorically!
  • @organicmaps, for being the simplest, cleanest, yet feature-rich #OSM client and navigation app
  • @protonvpn, for making me browse safely from/to anywhere in the planet and @protonprivacy #ProtonMail, for hosting my email, despite the latest alarming political statements…
  • @libreoffice, for allowing me to draft documents with ease, the last of which was my #CV
  • #LanguageTool, for preventing me from making embarassing spelling mistakes
  • @photoprism, for safely storing and indexing all my photographic memories, on Aby, and for providing stellar and friendly support too!
  • #Actual, for moderating the very likely risk of ending up completely broke, since it forces me to manage my finances consciously and coherently
  • @readeck, for storing and sorting ALL my varied and overwhelming inputs
  • @nextcloud, for storing and synchronizing my data, for its #calendar, its #tasks, and all its awesome apps
  • #Rustdesk, for preventing my friends and family members from going crazy, by allowing me to remotely connect to their devices and directly address the issues they have
  • #Listmonk, for sending out my newsletter
  • @eleventy, for powering all the websites I maintain, above all the virtual representation of my mind, and for being the only reason why I resist and try to continue learning #JavaScript
  • @forgejo, for giving us a chance to truly control and collectively develop the sources of our software, but most importantly @Codeberg, for RESISTING, RESISTING, RESISTING, despite the hatred and attacks nazi assholes throw at them
  • @musicbrainz for keeping music knowledge open and free, and @ListenBrainz for scrobbling the crazy music I listen to
  • The @fsfe, for promoting this celebration and fighting the good fight!

Lastly, but most importantly, the biggest thank you goes to all the free software libraries and dependencies the above mentioned #software are made of/built with, including #C, #JavaScript, #Python, #Rust, and all community-maintained programming languages.

I am super sorry if I forgot someone!

#OpenSource #ILoveFS #SoftwareFreedom #Fairphone #Android #LineageOS #FSFE #OpenStreetMap #PhotoPrism #LibreOffice #Readeck #Eleventy #11ty #GNOME #Signal #forgejo #Codeberg #MusicBrainz #ListenBrainz #MetaBrainz


Nebuchadnezzar

Information and insights concerning the configuration and maintenance of Tommi’s server.
Tommi (Tommi’s mind)
#FreeSoftware #android #linux #matrix #codeberg #firefox #opensource #signal #Mastodon #mozilla #browser #software #libresoftware #gnome #libreoffice #fairphone #python #fsfe #softwarefreedom #synapse #rust #ilovefs #javascript #lineageos #openstreetmap #c #framework #tuba #OSM #fractal #RustDesk #yunohost #ProtonMail #calendar #forgejo #eleventy #tasks #GlitchSoc #aurorastore #moshidon #11ty #listenbrainz #readeck #Fairphone5 #photoprism #obtainium #cv #languagetool #actual #listmonk #musicbrainz #metabrainz @LibreOffice @Mastodon @Nextcloud 📱☁️💻 @GNOME @OpenStreetMap @Free Software Foundation Europe @ProtonVPN @F-Droid @Codeberg.org @GTK @Eleventy 🎈 v3.0.0 @Signal @LineageOS @Framework @Forgejo @Organic Maps @PhotoPrism 💎 @CalyxOS @Fedora Project @Element @Readeck @YunoHost @Proton @MusicBrainz @ListenBrainz

To be honest, I unfortunately strongly believe that as example #Signal and #Tuta are in that exact team. Why? Their design leaves gaps for exactly that kind of stealth operation.
#signal #tuta

🚨 Welke gegevens van je zou #Meta nog meer allemaal gebruiken om #AI te trainen? 🤔

tweakers.net/nieuws/231648/met…

#WhatsApp heeft al AI in de app...🤷 faq.whatsapp.com/1002544104126…

Zeker zijn dat je privégesprekken en data niet en nooit worden gebruikt? Kies #Signal: signal.org/install

#privacy

Vertrouw je op de blauwe ogen van Mark? Of kies je voor het blauwe logo. Signal is open source en controleerbaar. Écht gemaakt voor jou en jouw privacy

'Meta gebruikte ruim 80TB aan illegaal verkregen data om AI te trainen'

Meta gebruikte naar verluidt ruim 80TB aan illegaal verkregen data om het Llama-llm te trainen. Werknemers van het bedrijf zouden onder meer ruim 35TB aan documenten uit Z-Library en LibGen hebben gedownload aan de hand van torrents.
Yannick Spinner (Tweakers)
#privacy #signal #whatsapp #AI #meta

This is what I think about whenever infosec wonks on here start telling people they should use matrix or xmpp+omemo or whatnot instead of signal

To be fair, I understand the arguments and to a large extent I agree with the critiques. However, I think anyone making these recommendations is vastly underestimating the capacity or appetite for most people to deal with the user experiences presented by these alternatives.

User experience is the ultimate force multiplier. For anything that requires network effects to function (ie most anything involving communication), if it doesn't *just work* then you've lost 90% of your audience.

xkcd.com/2501/

#matrix #xmpp #infosec #cybersecurity #signal #ux #design #ui #encryption #privacy #crypto


Average Familiarity

xkcd
#xmpp #matrix #privacy #infosec #signal #encryption #UX #crypto #design #ui #cybersecurity

#signal #journalists

#xmpp #signal

#friendica #fediverse #signal #facebook #whatsapp #Mastodon #peertube #Instagram #youtube #pixelfed #lemmy #tiktok #reddit #x #loops #globalswitchday

#friendica #signal #Mastodon #peertube #pixelfed #loops

In the Netherlands #Signal is at the top of app stores. Seems a critical mass has been reached and groups (families, communities of practice) are now willing to make the switch. Good!
#signal

Signal is a secure messenger, but there are interesting alternatives, such as @matrix , @session , @delta , @simplex or XMPP …

➡️ matrix.org

➡️ getsession.org

➡️ delta.chat

➡️ simplex.chat

➡️ xmpp.org

If you’d like to learn more about these options, have a look at the responses to this toot.

#matrix #session #signal #XMPP #messenger #decentralized #tech #technology #OpenSource #FOSS #WhatsApp #security #InfoSec #data #safety


Session | Send Messages, Not Metadata. | Private Messenger

Session is a private messenger that aims to remove any chance of metadata collection by routing all messages through an onion routing network.
Session
#xmpp #foss #matrix #opensource #infosec #signal #whatsapp #technology #security #messenger #decentralized #tech #data #session #Safety @The Matrix.org Foundation @Delta Chat @Session @SimpleX Chat

The United States Government, in the wake of mobile cellular networks being compromised by China, finally suggested Americans use encrypted apps and services. One of those suggestions, provided as an exexample, by the Joe Biden Administration, was Signal.

Donald Trump, however, around the time Mark Zuckerberg made his announcement, concerning Meta policy, has continuously used WhatsApp as their example.

#Signal #WhatsApp #Privacy #Encryption #Safety #Security #Meta

#privacy #signal #whatsapp #encryption #security #meta #Safety

[Erfahrung mit Matrix?]

Wer hat eigene Erfahrung mit Matrix und der Verwendung einer so genannten "Bridge" zur Verbindung mit WhatsApp und Signal?

Seit wann nutzt du diese Lösung und warum oder vielleicht auch nicht mehr? 🤔

Vielen Dank für deine Teilnahme, sowie eventuell weiter teilen des Posts. 😃👍

#Matrix #Chat #WhatsApp #Signal #Messaging #Bridge #Erfahrungen

#matrix #signal #whatsapp #chat #bridge #messaging #erfahrungen

[Experience with Matrix?]

Who has personal experience with Matrix and the use of a so-called "bridge" to connect to WhatsApp and Signal?

How long have you been using this solution and why or perhaps no longer? 🤔

Thank you for your participation and possibly sharing the post. 😃👍

#Matrix #Chat #WhatsApp #Signal #Messaging #Bridge #Experiences

#matrix #signal #whatsapp #chat #bridge #messaging #experiences

Gebruik je #WhatsApp? Dan support je #Meta. #Instagram is ook van Meta.

"Het is dinsdag niet mogelijk om verschillende zoekopdrachten gerelateerd aan politieke tegenstanders van Donald Trump uit te voeren via Instagram."

Wil je werkelijk een bedrijf met zulke ondemocratische praktijken steunen?

Maak de switch je kunt het! Heb je vragen, laat het me weten!

Schakel over naar @signalapp of @matrix

nrc.nl/nieuws/2025/01/21/insta…

#BanWhatsapp #BanMeta #signal #signalapp #matrix #opensource #FOSS


Instagram lijkt zoekopdrachten naar politieke tegenstanders Trump te verbergen: 'We werken aan oplossing'

Luuk Diepeveen (NRC)
#foss #matrix #opensource #signal #whatsapp #Instagram #meta #signalapp #banmeta #BanWhatsApp @The Matrix.org Foundation @Signal

There's a "Signal deanonymized" thing going around:
gist.github.com/hackermondev/4…

Stay calm. Deep breaths.

👉 while this is a real consideration, the only thing the attacker gets from this is a very rough (kilometers or tens of kilometers radius) location

👉 other communication platforms that use any kind of caching CDN to deliver attachments are just as affected

👉 you almost certainly should continue to use Signal, unless you specifically know that this is a big problem for you.

#Signal #InfoSec


Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research.md
Gist
#infosec #signal

What stands out to me is that #Signal uses secret URLs to distribute encrypted attachments. Given their strong security claims and threat model, I would have anticipated a more robust user authentication mechanism to ensure that only intended recipients can access these files.
#signal

Personally, I don’t think the impact of the "which Cloudflare server is this Signal user closest to" attack is that bad. However, it highlights yet another quirky side effect of #Signal being built on cloud infrastructure.

404media.co/cloudflare-issue-c… (by @404mediaco, paywall)

gist.github.com/hackermondev/4… (original post)


Cloudflare Issue Can Leak Chat App Users' Broad Location

A security researcher made a tool that let them quickly check which of Cloudflare's data centers had cached an image, which allowed them to figure out what city a Discord, Signal, or Twitter/X user might be in.
Joseph Cox (404 Media)
#signal @404 Media