Hey everyone!
-
Asta [AMP]replied to Cassandra Granade 🏳️⚧️ last edited by
@[email protected] When it comes to data that is stored indefinitely, you're always fighting against not just the technology and laws of today, but the technology and laws of the future.
-
@aud The only moderately secure DMs on the Fediverse would be either separately end-to-end encrypted, or sent strictly between single-user instances. (And even in the latter case, anyone with access to the hosting technically *could* look.)
Any privacy on the Fediverse is based on a gentleman's agreement not to peek.
If you treat it as such, then you won't be disappointed.
-
@[email protected] Agreed! Plenty of absolutely fine things to say via DM, so long as you don't mind the admin peeking in. They're not particularly private by nature, and they are definitely not secure, but that's all you need for a lot of stuff.
-
propapanda :verified:replied to Asta [AMP] last edited by
@aud yup
-
@aud Most people hopefully already know this, but: Signal has self-destructing messages. Use them, but beware people can still screenshot.
-
Asta [AMP]replied to propapanda :verified: last edited by
@[email protected] ... wait, I'm federating with half the fucking fediverse on my single user instance?
alright, well, one, props to the API for being surprisingly low bandwidth, all things considered, despite the degree of federation, and two that's a lot of copies of my shitposts in a lot of databases. -
@[email protected] fucking #windowsRecall
If you're using self destructing messages, probably... god, what a mess that "feature" is. Definitely not purpose built for surveillance :rolls_eyes: -
propapanda :verified:replied to Asta [AMP] last edited by
@aud that's for my pretty much single user instance ^^
-
Asta [AMP]replied to propapanda :verified: last edited by
@[email protected] OH! Goddamn.
So... so many instances... -
Lawrence Pritchard Waterhousereplied to Asta [AMP] last edited by
@aud Signal is *not* your "friend". It is a US-based "Limited Liability Company" (Signal Messenger LLC) & "501(c)(3) nonprofit organization" (Signal Foundation, formerly Open Whisper Systems), with a centralized server infrastructure. There have also been software freedom and transparency issues (Phone numbers as id, reproducible builds, server source code, etc.). It is *likely* the most secure chat app, but please don't trust it blindly, good OPSEC is *still* a good idea.
-
Asta [AMP]replied to Lawrence Pritchard Waterhouse last edited by
@[email protected] Yeah, I was trying to phrase it in a polite way quickly upon seeing some discussions that were maaaaaybe best not to have on social media, but yes. context is everything here.
-
@aud It’d probably be safest if Signal discontinued the desktop app for Windows. But putting screenshots in your threat model makes things _very_ complicated…
-
Cassandra Granade 🏳️⚧️replied to Asta [AMP] last edited by
@aud @lpwaterhouse Perhaps a practical takeaway, but have fallback networks. Matrix has a lot of problems (cop shit being one of them), but can make a decent failsafe should Signal go the worst way.
-
Asta [AMP]replied to schrotthaufen last edited by [email protected]
@[email protected] I wonder how apps trigger the DRM subsystem in windows? Wonder if that can be taken advantage of. Not that someone wouldn't try to work around it but...
(EDIT: since apparently it can't screenshot stuff that's playing back DRM "protected" content because oh my god) -
@aud Widevine + HDCP to defeat Recall & co is exactly my kind of “use their own rules against them”
-
@[email protected] right?! Is Signal using electron? Would that work...?
-
@schrotthaufen @aud screenshots can also be faked, and the signal protocol includes plausible deniability. I hear of so many people having Signal apps used against them in court and I know it's just because they don't realize they can deny having sent the message.
-
@aud Signal is a US organisation with servers in the US and operating under US wiretapping laws and officially only works on US-controlled operating systems. It's a lot better than Facebook messenger and certainly better than fediverse DMs (where's that E2E encryption AP extension?), but I think taking their word for what is accessible the US security state is naive in the extreme.
-
@[email protected] as far as wiretapping goes, the encryption (assuming it is robust, correctly implemented, and also not trivially cracked) make that pointless unless I’m mistaken, right? Without access to the key, they’d just get noise. Definitely, though, the “US controlled operating systems” is a weak link for sure, particularly if there’s a method of obtaining said key.
I think it’s probably wise to assume no encryption will help you stave off the eye of Sauron when it’s aimed directly at you, but if you want to make sure you don’t catch it by accident signal is probably a good choice.
Do you have any suggestions for communication programs not entirely controlled by US entities? (this is a genuine question but because I’m tired it reads as sarcastic to me so I’m writing this to make it clear it’s something I’m genuinely curious in!) -
@[email protected] it would be nice if some signal servers existed outside the U.S… or if they could be totally eliminated.