Signal Review 2023: Secure Messenger (Pros and Cons)
restoreprivacy.com
Signal is a secure messenger that is widely touted as one of the best options. This Signal review shows you the pros and cons.

“When you use Signal, your data is stored in encrypted form on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on.”

This isn’t an ad, I wasn’t paid for this post. Just to clear the air: fuck facebook, fuck elon musk and twitter, fuck anyone who thinks this is a paid advertisement. I wish I was paid for this shit, I just wanted to spread the word. Thank you. 😀 👍

    • pchem@feddit.deEnglish
      1·
      1 year ago

      I have to say that some of the points on that site are outright ridiculous.

      First off, they quote the privacy officer of the German protestant church, who has no technical background according to his own bio:

      "… when using Signal, data protection concerns remain, especially because this service processes personal data of its users outside the scope of the GDPR. The use of this messenger service can therefore not be recommended.”

      Not sure what that’s supposed to mean, because the GDPR applies based on user location and not company location. Although I’m going to grant that having servers in US jurisdictions may be a concern.

      And he goes on to say that Threema (for profit, proprietary server code and (at the time) client code) and SIMSme (for profit, fully proprietary) are preferable over Signal because of the jurisdictions they’re in. Not sure about anyone else, but I’m going to trust the open source software more, regardless of what jurisdiction the servers are in.

      I do have to give him credit for recognising a “self-hosted messenger service based on established and freely available protocols on federated servers” as the best option, though.

      negative: actual server software used does not have to match the version published on GitHub

      Fair, but how many other messaging services publish server code at all?

      negative: terms of use (external) as well as privacy policy in English only

      I suspect there’s very little overlap in the Venn diagram of people who use (or even know of) Signal and people who don’t speak English.

      negative: weaknesses in authentication for encryption

      This boils down to users trusting Signal as a certificate authority and not verifying their contacts “security number”. Fair point, but a user can still choose to use Signal in a way that removes those weaknesses.

      Of course, since we’re on a federated service, I expect people to jump on the chance to recommend Matrix/XMPP instead, but realistically, I’ve had much more success getting people to use Signal. And apart from federated messengers, I’m not aware of anything better than Signal.