|
Föderation EN Do 20.06.2024 14:46:32 There are only two messaging apps I fully endorse when people communicate with me. @signalapp and @matrix . Yes while I use Discord, text, and even iMessage. The recent stances from both Matrix and @Mer__edith towards the EU Chat Control proposal's even as an American, reaffirm that I have made the wise choice. The fact that I have proven first hand the that we had to whitelist Signal in Zscaler to even work because it won't allow MITM, proves even as a hosted app it can be trusted. #Infosec |
|
Föderation EN Do 20.06.2024 15:17:12 @chiefgyk3d I’ve been seeing some infosec murmurings about Signal being “compromised” or having some fatal flaw. I’ve not seen the “why” on that though, and it’s got me confused. I’m assuming it has more to do with business operations that privacy concerns, but curious if you’ve seen anything on that front as well. Signal is my usual go-to for reasonably private communications and I don’t really see that changing from a few posts I’ve seen |
|
Föderation EN Do 20.06.2024 15:48:54 @endeavorance I've not seen anything, in fact the Cert pinning is damn solid! We have to disable Zscaler SSL inspection to even allow @signalapp to work. The only issue I saw with Signal possibly "compromised" in any way was when Twilio was compromised as they did use them for verification services. But that was like two years ago and since then they've also added usernames so you don't need to give out phone numbers |
|
Föderation EN Do 20.06.2024 17:39:03 @endeavorance @chiefgyk3d there actually has been what looked like an organised campaign, where Twitter accounts would post how Signal is supposedly compromised and Telegram is the way to go. oddly enough, Telegram's CEO posted something similar around the same time on his Telegram channel. |
|
Föderation EN Do 20.06.2024 18:41:23 @noodlejetski @chiefgyk3d oh yeah! I remember following that for a bit. Musk was beefing so of course. That said, the folks I’m referring to are (hopefully!) above that kinda stuff and instead were relating Signal to the recent appointment of an NSA director to OpenAIs board. I’ve not seen anything that gives me pause with signal so I was confused. |
|
Föderation EN Do 20.06.2024 17:40:28 @chiefgyk3d You might also want to have a look at @simplex if you don't know about it already. Maybe not the best everyday app but it takes e2ee, metadata avoidance and anonymity even further. |
|
Föderation EN Do 20.06.2024 21:06:12 @scatty_hannah @simplex At that point I would leverage @matrix . For me it's either Signal or Matrix for secure chat. |
|
Föderation EN Do 20.06.2024 21:31:30 @chiefgyk3d @simplex @matrix Matrix has a completely different purpose and threat model. It's much worse at metadata hiding than Signal and SimpleX and pseudonymous at best. Whether that's a problem of course depends on your adversary / threat model. It excels at other things where both of the other messengers lack in features. Use the right tool for the right job. Sadly there is no "best". |
|
Föderation EN Do 20.06.2024 21:46:08 @scatty_hannah well I run my own @matrix server so that's something at least 🤷♂️ |
|
Föderation DE Do 20.06.2024 17:43:52 @chiefgyk3d Another great messenger is @simplex but it has the least users in comparison with the other two. |
