Really? its about the only quality messaging tool if you actually care about privacy. Other apps that claim to be e2e encrypted tend to leave themselves little loopholes in that claim. You think WhatsApp doesnt have the keys to your messages and wont hand them over to the government when asked? Think again. On Signal the only people with the encryption keys to your messages are you and the recipient.
And the people in charge of it actually seem to not be huge assholes or shady weirdos. I listened to a 2 hour interview with Meredith Whittaker and she's like super smart and seems like a really decent person who has the right priorities. I hope it stays this way, but right now the whole thing really seems to be an awesome project with people in charge who actually know what they're doing and who are not interested in selling or otherwise misusing your data.
Nonprofit doesn’t mean can’t make a profit, it limits use of said profit into going back to the cause. That’s why plenty of non profits jealously guard their IP donations, that massive funding source runs a lot of their programs.
So, merely being a non profit doesn’t mean they won’t be willing to sell. This isn’t a negative to them, more a “that branding is not fully trustworthy on its own, verify” warning.
Huh? Signal was made by an American company, by Americans, in America. Not sure why you're bringing up Europe or its regulations. Regulations which are frequently anti-privacy, btw. https://x.com/mer__edith/status/1796508893822238881
Maybe you're thinking about Session, a similar privacy focused messenger which is run by a Swiss group?
Yes. Hence my comment about having access to more metadata.
But they cannot read the content of the messages or provide the keys to anybody because they never have them.
We can be critical of WhatsApp and Meta without resorting to lies about their access to the encryption keys.
Using any E2E platform, even WhatsApp, is still way, way better than plaintext SMS, or tweets, or facebook messages, or discord, or telegram, or whatever else.
Regardless, if you can - use signal, donate a few bucks to them and don't trust meta.
I suppose they mean that when you report someone in whatsapp, recent messages are forwarded as part of the report, as otherwise they'd not be able to tell what your report is about or whether it's a false claim. They say what's happening here https://faq.whatsapp.com/1142481766359885?cms_platform=web#report-someone. You trigger the app to send them proof.
Report someone
WhatsApp receives the last five messages sent to you by the reported sender or group, and they won’t be notified. WhatsApp also receives:
The reported group or user ID.
Information about when the message was sent, and the type of message sent such as an image, video, or text.
Not an issue or "hole". The argument along the lines of "build it yourself or it cannot be secure" imo isn't sane as it requires some arbitrarily drawn line under realistic circumstances - the boundary is human trust based on incomplete information.
You can now secure your end-to-end encrypted backup with either a password of your choice or a 64-digit encryption key that only you know. Neither WhatsApp nor your backup service provider will be able to read your backups or access the key required to unlock it.
I'm not claiming that this is what happens, but as a developer, if you write a wrapper around another piece of software, you have every chance of siphoning off data in the wrapper.
Put another way: it doesn't matter if a message can go from A to B without being read if you have someone looking over your shoulder at points A and B.
Yeah, WhatsApp (meta) controls both sides of the communication unless you know exactly what that app is doing. If they are decrypted on one end to show you the message Meta can get access to it.
At least they claim that but how can it be verified? Also nothing is really stopping them from pushing updates compromising encryption or targeting certain users.
So, that "metadata" they collect undermines a key point of Signal's privacy protections: Who is talking to who and when. If you don't think those details by themselves are important, understand that the NSA certainly does because it allows them to undermine free association and organization. Since it's being collected as the innocuous sounding "metadata" and not called something more appropriate, such as "personal communication data", people aren't paying much attention to it being collected, packaged, and sold. But it's important to realize that some of the buyers are companies like Wal-Mart and Amazon, and they are using that data to undermine attempts of workers to form unions.
So, just because WhatsApp is still protecting the content of the communications themselves, don't think for one second that the service is "private" or "secure".
So does Facebook Messenger, but you can recover your data with a six digit PIN. If I can recover my data with a six digit pin, so can a very simple python script in fractions of a second.
I suspect they use the same implementation for WhatsApp, which is incredibly insecure, unless I'm missing something. You shouldn't be able to recover E2E encryption with a password that has a character space of 1,000,000.
Don't trust any encryption implementation you can't build from source yourself, like Signal, because your security is entirely in the hands of a corporation with vested interest in reading your communications. It's like hiring a dingo to babysit your baby.
You think WhatsApp doesnt have the keys to your messages and wont hand them over to the government when asked?
This was the impetus for us to move over to Signal for my friends' group chat. Say I was critical of a certain country and their policies regarding a migrant workers in that country. Say I got a job offer to work in that country - not unlikely in my line of work. Say that as part of the background check to go to that country, the messenger app I used was told to hand over all of my shit so they could see if I had said anything critical of that country.
After Google's Gulf of retardation capitulation, I'm convinced they'd hand over your emails or anything else. I already assume everything I type on Facebook and it's messenger is compromised.
Those keys are still on my phone though. If I can read my messages, then so can anyone with access to my phone.
I'm not saying it's not better than other messaging apps at privacy. But I don't for a second believe law enforcement couldn't get into the average smartphone if they really wanted to.
Of course if you have selected the make and model of your phone with security and privacy in mind, then that's another story. But most people won't have done that (myself included).
edit Why is everyone responding to me by making the exact same point I just made. Again, I'm not saying signal is bad. I use it myself. I'm just pointing out that you shouldn't make the mistake of thinking your communication is 100% private and safe just because you use signal. Know the limits of the tools you use.
That is also true of a literal note written by hand, if anyone comes into possession of it, they can read it. And if it's coded, they can try to break the code and then read it. So that seems just about as good as it could get in terms of digital security.
Given enough effort, anyone can break into any device if they have physical possession of it, but that doesn't mean the end to end encryption is any less important or useful
Again, I'm not saying signal isn't great. I've been using it myself for years. I'm just saying, don't be under the illusion that your communication is 100% safe and private just because you use signal.
That's a very fair point, yeah. I think the issue is just that currently most people assume ALL digital communications are safe and private, so even getting them to start using signal would be a huge jump up from that.
If you want flawless security, the only solution is to keep the information locked in your mind. If you're typing a message to another person, there really is no safer way to do it. If a person is handling information that is sensitive, its up to them to do so responsibly.
My problem with Signal is that they do what every other niche strongly principled FOSS project does and take things to extremes, sacrificing UX to an insane degree. The Signal mobile app used to fallback to texting if there wasn't a connection or the other person didn't have Signal. I managed to convince several people to move over because it could also function as a replacement for an SMS app.
Then in their brilliance, Signal removed texting because it is insecure. That might be true, but it turns out most people don't have friends on Signal or end up in places where data won't work or is expensive, but SMS is still fine. Every single one of my friends uninstalled it.
"I'm mad because they wont compromise their mission statement for my wants. It doesnt matter if this tool protects dissidents from government persecution, security only matters in theory. NOTHING should compromise my convenience."
If you dont have any need for privacy, then Signal may not be the app for you.
They had so many options aside from outright removing it. They could've encrypted the text over SMS if the contact is marked as having Signal and a user could've just toggled an option to never fallback or use SMS.
I want privacy, but I can't have it if my contacts don't adopt it in the first place. Adoption of the technology is also an aspect of things like this that rely on your social network. A chat app that no one uses is useless and I say that while still having Signal installed for the few people in my circle who use it.
The most important reason you should want it is because one of the 2 co-founders/creators of WhatsApp, Brian Acton, is now the CEO of Signal.
He created WhatsApp back in 2009. After FB bought it, apparently it was promised to them by Mark Z that he will keep WhatsApp as it is and not turn it into an ad behemoth, but as is his nature, he reneged on his word and now WhatsApp is overrun with random brands pinging us about their offers.
Jan Koum left FB, and later Brian left it too in 2017, angry with the way WhatsApp turned out under FB. Brian then went ahead and co-founded Signal Technology Foundation in 2018, which gave result to the Signal messaging app.
The same Brian who created WhatsApp tweeted out in support of the #DeleteWhatsApp trend on Twitter some time in 2020-21.
All in all, Signal is a trustworthy messaging app, and has just about every feature WhatsApp has, with added encryption. I am trying hard to recruit my friends and family over to Signal, but breaking ingrained habits & convenience is just too difficult!
8.9k
u/Culverin Feb 17 '25
And this is how you can tell that Signal is legit.
Do you really need a better endorsement?