- cross-posted to:
- privacy@programming.dev
- cross-posted to:
- privacy@programming.dev
I currently use Telegram for my friends and family, but have reluctantly come to the conclusion that the UK Government is either reaching agreement for backdoors with messaging services, or is trying its hardest to.
I’m also on Element/Matrix. Before I try to get my contacts to join me on there, should I be aware of any privacy issues or is that a good place to head?
Unfortunately, it is also effectively tied to Google services due its app distribution and push notification channels on Android (which most people on Signal use), and as a centralised service, it is vulnerable to shutdown or network-level metadata monitoring by anyone with sufficient access/influence at Signal or their data center provider (such as a government who doesn’t like encrypted messaging).
(Edit: rephrased for clarity)
You can use Molly, a fork of Signal for android. It offers an alternative for push notifications.
Yep, I run my own mollysocket + ntfy server.
Essentially, molly socket functions as another device, when it recieves a notif, it pings your specified unified push server, which then queues up a notification for the ntfy app on your device.
You don’t need to run your own unified push server, and can just use one of the main ones, but I figured I might as well.
I personally have them hosted on fly.io for free via the legacy hobby plan.
Now all I need to do is get more of my friends to message me on it 🤣
It’s been recently added to FDroid.
You can use NTFY with Molly (which has been on FDroid for some time).
This one is just a straight-up lie. Everything on the server is encrypted and no one has the keys except the participants.
No, it has not. A third party published it in an f-droid compatible repository. That might be convenient for someone who happens to trust that third party and manually add it to their F-Droid client, but it is not at all like it being added it to F-Droid.
This does not refute what I wrote. Unless you only communicate with people who get their Signal app from some non-Google source and they all rig up alternative push notification channels, or every one of them uses Signal exclusively on iOS, your conversations are still tied to Google. Perhaps you have so few contacts that you could achieve that, but most people are not in that position.
Encryption doesn’t hide network traffic. Signal’s centralised design means there is a single point where that traffic can be monitored and traced to reveal which endpoints are talking to each other, and where, and when.
What I wrote is not a lie, which you would know if you actually understood these issues. Please stop making baseless accusations. You are wrong, and you are being very rude.
If you’re interested in correcting your ignorance, I suggest starting with this paper, which touches on some of the issues:
https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/
If the paper is too much for you, the linked video does a pretty good job of explaining.