When researchers find a flaw in the way circumvents censorship in Iran (leading to identify its users), their issue get deleted from Signal's Microsoft Github and they get banned from Signal's repository...

..but only because they allegedly violated a "code of conduct" by being "disrespectful"!

Morality is safe! Iranians, maybe not... As long as we don't hear about it, there is no problem, right?

@jz Anyway apparently Signal's users do not want to hear about this kind of thing. They use a centralized service. Moreover it is made by an organization hostile to protocol federalism. We can add that, in consequence, any review of Signal can be obsolete at any time, because the whole chain (server configuration, server software and client software) could change very quickly.


We already have XMPP + OMEMO for the text.

For audio only and audio+video, we have SIP + TLS + zRTP (implemented by at least Linphone and Jitsi Desktop).

There is also Tox and Jami, but I do not how strong is the encryption.

What are we waiting for to get rid of #Signal? Do we prefer whine?

@nspanti @jz explain how I get my 70 year-old mother to use .. uh … “XMPP + OMEMO”?

I got her to use Signal by accident. Signal sucks but some smorgasbord of protocols usable only by technical people as some sort of replacement is laughable, it’s a comparable attitude to the famous HN commenter who said “don’t we already have rsync?” to Dropbox’s initial announcement.

Yeah, we did already have rsync, but that misses the point.

@wiggles @jz My point is on secure communications. If you just want to communicate or if you are ready to accept partially not well secured communications, security is generally an inconvenient and Signal could be a good choice in that case. I personally refuse this, even with my parents (except for emails, I admit, as they don't use GPG, that by the way can sadly only encrypt the body), but there is still paper not to encourage centralized services if the other has no or bad computer skills.

@wiggles @jz On the point of XMPP + OMEMO, there is no need to tell others like this, with this technical names. We can tell then Conversations (Android), Dino (GNU/Linux + *BSD), Gajim (GNU/Linux + *BSD + Windows + macOS), Monal or Siskim (iOS). We then just have to say that, before the first communication, we will need to exchange a strange number by side secure channel, if we want end-to-end encryption, otherwise XMPP always uses TLS, so it is not fully bad even without end-to-end encryption.

@nspanti @jz The security of xmpp omemo is roughly equivalent to Signal. Conversations uses the same library as Signal for the cryptography.

The security of Briar is better than signal.

Tox is not as secure, but probably still practical. It doesn't do the double ratchet.

Jami I'm not familiar enough with.

@jz what is a good alternative? I'm happy to run my own server if it's as easy as running Pleroma, but the user experience has to be pretty seamless if I'm going to get my wife to use it.

@jz if that flaw is for real, that's pretty horrible for the Iranians who might not be as safe as they feel, especially since safety is the entire _raison d'etre_ for Signal...

Sign in to participate in the conversation
La Quadrature du Net - Mastodon - Media Fédéré est une serveur Mastodon francophone, géré par La Quadrature du Net.