Privacy

48109 readers

1555 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

Signal in 2026? (lemmy.ml)

submitted 22 hours ago by guymontag@lemmy.ml to c/privacy@lemmy.ml

103 comments fedilink hide all child comments

Is it still viable to use Signal for privacy in 2026? It's centralized, and has had many suspicious occurrences in the past.(Unopen source server code, careless whisper exploit which is still active as far as I know, and the whole mobile coin situation.)

Thoughts?

you are viewing a single comment's thread
view the rest of the comments

[–] voxel@feddit.uk -2 points 11 hours ago (1 children)

Everyone who uses signal and supports it, is falling for this pitch.

No, because it does not reflect the truth. You've to see the full picture.

[–] dessalines@lemmy.ml 4 points 10 hours ago (1 children)

The full picture is that Signal has the most important piece of information you can give anyone online: your phone number (which means your real name and current address). Also that they're hosted in the US and have close links to the US defense industry.

[–] otter@lemmy.ca 1 points 9 hours ago (1 children)

Did you mean to link a different article, that one doesn't say anything about defense industry ties (from my quick skim). It does talk about how phone numbers are no longer required when connecting to someone else.

Signal DOES have my phone number, but they can't tell my government anything other than

yes I use Signal
yes I connected to it today

This becomes even less important as the platform gets popular. I know some friends who work in healthcare that report that they're switching to Signal (and WhatsApp unfortunately) as an alternative to texting/phone calls for staff/department group chats and non-patient related communications.

[–] dessalines@lemmy.ml 4 points 9 hours ago (1 children)

Signal DOES have my phone number but they can’t tell my government anything other than yes I use Signal yes I connected to it today

This is incorrect. They also have your full name and address by extension, as well as those of everyone you communicate with.

They're also subject to national security letters, meaning the US state can get that info without a warrant.

Just read the first article I posted, it gets into all this.

The 2nd article is the signal CEO Meredith Whitaker interviewing with lawfare, which is a US defense industry think-tank.

[–] otter@lemmy.ca 2 points 8 hours ago

This is incorrect. They also have your full name and address by extension

I didn't suggest otherwise. This was about whether they can correlate that to additional information. I am already assuming that the US government might try to maliciously compromise the servers, without needing the pretense of national security laws.

I'm not an expert in cryptography or Signals codebase, but my understanding is that the client app uses separate connections to verify the session (something that can be tied to your phone number on a compromised server) and to send a message out. The initial contact discovery process can leak info if you are searching for specific phone numbers, and this could be mitigated by using the QR code or usernames to get an ID directly. The actual pre key fetch is sent as a separate request not tied to your session verification. So outside of timing attacks, it shouldn't let Signal know who I am talking to day to day even if they know that I have connected to the person at one point.

I think it's cool that Simplex and Matrix allow selhosting, and especially Simplex's 2 hop technique. That should make it much more difficult for someone trying to map things out. However if the average person is going to be using the default servers, I don't see how a compromised server is any less of a problem than with Signal's ones.

I recommend Signal to non-technical users trying to get away from Facebook/Instagram/whatsapp. I might start recommending Simplex too if it gets popular enough and goes through a similar level of scrutiny that Signal had. I'm already comfortable using a variety of chat platforms / self hosting for myself.

The lack of a phone number requirement does limit the extent of social graph mapping. I hope signal will do away with that requirement as they've promised to for some time. The risk though is spam, which is already a problem now that signal is getting popular.

Just read the first article I posted, it gets into all this.

I did look over it again, and I still find the CIA section to be silly. I'll refer back to these old comments from myself and someone else:

https://lemmy.ca/comment/5401873

https://lemmy.ca/post/16397504/7661724

The 2nd article is the signal CEO Meredith Whitaker interviewing with lawfare, which is a US defense industry think-tank.

Again, I would say this is a big leap. The CEO agreeing to an interview with a think tank that has ties to the defense industry is not the same thing as Signal having ties to the defense industry. She has done many interviews talking about Signal, with a variety of orgs of different ownership and politics