Skip Navigation

Privacy is Priceless, but Signal is Expensive

signal.org Privacy is Priceless, but Signal is Expensive

Signal is the world’s most widely used truly private messaging app, and our cryptographic technologies provide extra layers of privacy beyond the Signal app itself. Since launching in 2013, the Signal Protocol—our end-to-end encryption technology—has become the de facto standard for private commu...

Privacy is Priceless, but Signal is Expensive

You're viewing a single thread.

176 comments
  • Use Session instead. Open source, E2E encrypted, onion routed, no phone numbers. https://getsession.org/

    Audited too. https://blog.quarkslab.com/resources/2021-05-04_audit-of-session-secure-messaging-application/20-08-Oxen-REP-v1.4.pdf

    • So, what would be the appeal compared to XMPP?

      • I will preface this with, I may be wrong, but as I understand it xmpp is just a protocol. One that, unless it's been revised, imparts no encryption at all. Signal, and Session, are full architectures that enable all of the afrementioned features from my initial post including server and client.

        • Everything you might use relies on a protocol down the stack. XMPP happens to be the only one to date that is an internet standard (IETF), is extensible by design (past/present and future use-cases can be build into it, what makes it still relevant 25 years later), is federated (but not P2P, a good trade-off for mobile usage), has a diverse/multi-partite ecosystem of client and server implementers (sustainable and resilient), and is deployed successfully at scale (on billion of devices).

          unless it’s been revised, imparts no encryption

          Today's XMPP uses the same E2EE as Signal/WhatsApp/Matrix/… XMPP had end-to-end encryption 10 years before Signal was invented

          • Sure, now which pre-existing piece of xmpp based software checks all the feature boxes as noted by both Signal adherents and myself regarding Session? Are you implying the lay user code their own? If that exists you could have just linked to it rather than engage in whatever this is.

            • Sure, now which pre-existing piece of xmpp based software checks all the feature boxes as noted by both Signal adherents and myself regarding Session?

              All of those. Essentially you would have to go out of your way looking specifically for incompatible clients.

              And "incompatible clients" is simply the natural state of any technology that's been around long-enough. The only way Signal fends itself from this is by mandating its own client and version (and banning anything else, technically or from its ToS) which is terrible for a bunch of reasons (you must agree with Signal's direction and whatever features they might decide to add and remove for your own good, you cannot use Signal on devices/platforms that Signal has no resources/interest to support, etc). If Session is in any way open, and assuming it ever becomes successful, it will face the same challenge (just like Matrix does).

176 comments