People constantly ask why I refuse to use Signal.

I have been meaning to do a detailed write-up for this, however in researching for it I discovered this post which covers several of my biggest issues well.

drewdevault.com/2018/08/08/Sig

@lrvick a big chunk of these seem to be petty issues that wouldn't affect signal and its security

@Crylo

1. Signal Foundation owns the only keys that sign the only client binaries allowed on their network, that in turn control they keys that encrypt all messages.

2. Signal Foundation owns the only keys that encrypt all metadata in a centralized and weak SGX enclave.

3. Signal Foundation owns the central network infra that has plaintext access to all TCP/IP metadata.

Those are pretty serious security and privacy issues.

What happens if someone at the foundation is pressured?

@lrvick @Crylo I had never heard of any of this before, that’s interesting and I’ll definitely be researching more (not least because it’s way too technical for me at this stage, I’ll be honest). Do you know of any chat apps that might be better than Signal to your judgement?

Sign in to participate in the conversation
Mastodon.green

Welcome to mastodon.green This server is for people in Europe, but you can connect with friends on any Mastodon server in the world.