Dessalines

There are far better privacy alternatives to both: matrix, xmpp, simplex all work well and don’t require phone numbers or US-based hosting.

Behind those usernames, are phone numbers (meaning real identities) stored in signal’s database.

But they don’t have to know who the message comes from, hence why the sealed sender technique works.

Anyone who’s worked with centralized databases can tell you that even if they did add something like that, with message timestamps, it’d be trivial to find the real sender of a message. You have no proof that they even use that, because the server is centralized, and closed source. Again, if their response is “just trust us”, then its not secure.

If you don’t know what an NSL is, then you definitely shouldn’t be speaking about privacy.

The server is supposedly open source, but they did anger the open source community a few years back, by going a whole year without posting any code updates. Either way that’s not reliable, because signal isn’t self-hostable, so you have no idea what code the server is running. Never rely on someone saying “just trust us.”

They have your phone number (meaning your full identity, and even current address), and as the primary identifier, it means they have message timestamps and social graphs.

Its impossible to verify what code their server is running. Or that they delete their logs, because they say they do? You should never rely on someone saying “just trust us”. Truly secure systems have much harder verifiability tests to pass.

On by default, and just works.

There was also no proof that a ton of US companies were spying on their users, until the global surveillance disclosures. Crypto AG ran a honeypot that spied on communications between world leaders for > 40 years until it got exposed.

They have to. They can’t route your messages otherwise.

California does not issue NSLs, the US federal government does. And those come with gag orders that means you will go to federal prison if you tell anyone that you’ve been asked to spy on your users.

Matrix is no more difficult to sign up on than signal, and they don’t forward your information to the US government.

I can’t speak about telegram, but signal is absolutely not secure to use. Its a US-based service (that must adhere to NSLs), and requires phone numbers (meaning your real identity in the US).

Matrix, XMPP, or SimpleX are all decentralized, and don’t require US hosting.

No probs. I do some torrent projects in my spare time, and torrents are wonderful for what they’ve done: which is solving the static data distribution problem. But they have limited uses outside that. A social network very much needs mutability, and a message based framework. All the items are not static, scores, votes, users, posts, communities, comments, messages, a feed… all these are changing items.

Torrents are made for static, unchanging data. They would not make a good basis for any communication platform, where mutability is necessary.

Also individual, tiny-torrents don’t scale up that well. Its an impressive torrent client that can handle more than a few thousand torrents. That’s about a single days worth of lemmy comments.

Reliance on domain names, database performance, storage, and probably a few other things are the main reasons why we can’t scale a typical fediverse server (like lemmy or mastodon), and have it run on a smartphone.

Anyone else besides me want a moratorium on musk spam? No one should have to see anything he tweets.