this post was submitted on 07 Feb 2025
385 points (99.0% liked)
Technology
72578 readers
3662 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Telegram is probably the worst thing you could use, it doesn't encrypt messages by default and they are stored on Telegram's servers, so they can read them at any time.
Yes, Matrix leaks a bunch of metadata and doesn't have post-quantum encryption.
The best option is to use Signal. It uses end-to-end encryption by default for everything: Normal chats, group chats, voice and video calls and even stories. Messages are only stored on their servers (in encrypted format, so they can't access them) until you receive them, after which they are promptly deleted and only stored on your device. And Signal has much better metadata protection than Matrix. The UX is also much better and less confusing, making onboarding new users much easier.
But you should also be aware that Signal does not federate, so the company can be bought. They have control over all accounts and the servers, without easy way to migrate away again. So it might just be another trap.
Try to use federated services (like matrix), they are more robust against hostile take overs.
This is such a bad take it seems like deliberate misinformation.
Signal is open-source software maintained by a non-profit. User data is not stored on Signal servers, they have no way to access messages as they are stored and encrypted on your phone. If the Signal Foundation were revealed as bad actors then the open-source code could be forked to a new project.
Feel free to fully evaluate their code here: https://github.com/signalapp
No it's not: https://github.com/signalapp/signal-server
I'm with you on this, I strongly recall there was some sort of not fully open source portion of Signal at least at one point in time.
Edit: ya, they weren't updating server for awhile, so while there is an open source server, they definitely weren't running that code for awhile, and may not be running it today. Granted since the decryption happens client side, it shouldn't matter what the server does to some extent.
https://www.androidpolice.com/2021/04/06/it-looks-like-signal-isnt-as-open-source-as-you-thought-it-was-anymore/
There was a period where they didn't push changes to the repo, but all the code was released afterwards and it's been getting regular updates ever since. But it also doesn't matter at all, since the Signal client is designed in a way that avoids putting trust in the server. Signal servers could literally be run by the NSA and it wouldn't matter, as everything is fully end-to-end encrypted, including metadata. The Signal protocol was also updated to use post-quantum cryptography in 2023.
No, the server is on the github account linked above as well. The repo is here.
Signal however doesn't federate and does not generally support third-party clients.