I’d love to hear your thoughts and discuss with you all in the comments below! Let me know what you think, and feel free to ask any questions or share your experiences! 👉Don’t forget to subscribe for more tech and gaming content! Click here to join the community: th-cam.com/channels/69n6tCro97gPh0idiqFgUw.html
I appreciate videos like this and privacy options should definitely be scrutinized. I use Signal, Threema, and Session but only a few people I know have migrated to Signal and no one has moved to the others. I've no dog in the fight beyond also wanting people to be protect their privacy more but also think we should be more realistic about others adopting such measures (more on that later). Session would be my default messaging app if anyone I knew used it. _Suspect money is "everywhere"_ Mozilla also has very iffy money ties but people use Firefox all the same, even as a private option. GitHub was acquired by Microsoft but people are still okay using it. If we're going to criticize dirty money then good luck finding any popular, privacy option that's "pure." Some folks make fun of Tuta for its lackluster appearance but they've done a lot of groundwork to own their own infrastructure and they're mostly email focused which I respect. A lot of other companies don't have that kind of focus/orientation for various reasons. Signal does provide transparency reports and is audited fairly often so there's that. Said reports also show that besides the phone number, which LE usually has already when they subpoena info, and that data shoes that they have zero content to bolster the phone number beyond times accounts are made and those timestamps are in UTC. So unless some secret leak comes out where Signal gave far more data then the assertion (not here) of it being a honeypot isn't corroborated very well. ~ 3:35 They address the server access (lack thereof) in a pretty detailed part as well on their blog entry about Enclaves (building faster oram). Their server info is also on GitHub. In short, the proof is in the pudding and until a substantive claim about it's lack of robustness both from LE requests and it's protocol which, even you admit is highly vetted and has been for years, then this is speculation. I posit the the emphasis on AI from Apple, Google, and even Microsoft is where the more obvious back door will be as such can pre-empt e2ee. They won't need to "crack" the likes of the Signal protocol with such pre-installed on regular phones that are capable of running a supporting GPU. Rob Braxman has been sounding the alarm about this for about a year, now, at least. _Less metadata is better, of course!_ On the other hand, less metadata such as phone numbers is great (full send with that goal) and I push people to use other apps than Signal such as Session for online contacts I don't know in real life. It's a tried and true tactic that LE use metadata (e.g. who you know, where you live, etc.) to gain contextual, info that they don't initially have. This is especially true for homicide investigations. Even if a hardened criminal lawyers up their family and friends will usually talk and provide plenty of investigative info. _Elephant in the room: Mass Adoption_ Think how much better privacy would be if half the population of a country switched from SMS/RCS to the likes of Session. You'd see a lot more pushes from government to crack down on the broadest definition of crime with folks who also used such communication methods. But we must also keep in mind that "normies" are usually resistant to change and when apps such as Session are less intuitive to use than let's say Signal or even Telegram, can increase that resistance to moving to options that are more private than Signal. Getting people into the door is something to factor in and people are used to giving out their phone numbers. Get them away from SMS/RCS into Signal then from there to the likes of Session, Threema, etc. for messaging apps. This is quite the ask but worth it, of course. For a non-messenger parallel, look at how Proton (with it's familiar, Google-like, suite options) is a more popular choice for email then Tuta despite the latter having better encryption for emails (by encrypting the subject line by default). Both have PQC, thankfully. _Performance consistency_ General consensus seems to be that while being more private, non-Signal options are lacking in terms of consistent service. _Longevity of newer, better options is necessarily unknown/untested_ Plus we don't know how the other options will hold up to LE scrutiny and service/scale expansion until they meet those difficulties. I've already seen an article pointing out how Simplex has been used by some alleged and actual ne'er-do-wells, and it has a much smaller user base than Signal. I hope the devs can stand up to increasing maligning by the media with their usual treatment but that remains to be seen. ~ 5:15 - 5:35 I agree but we need to meet people where they are about privacy rather than where we would prefer them to be: they think it's not worth it, difficult to do, think there aren't free/accessible, easy to use options, etc. Those of us who are more privacy oriented should be realistic about helping others take it more seriously and expect them to make small steps forward. Help them realize how much giving out their real phone number can reveal and help them do it less.
Brian Acton Signal founder received funding from the Open Technology Fund (OTF), which was sponsored by the US government. The OTF was launched as part of the US State Department's "Internet Freedom" policy, aimed at developing tools to circumvent restrictions on internet access and usage overseas.
Many encryption technologies have been developed and implemented by intelligence agencies, which have an vested interest in encrypted chat for their own use/protection. It really matters how the technology is used, if its open source, verifiable, etc. You must understand the trade-offs. This shill video gives you enough information to question things, but doesn't answer anything. I'm cool with questioning Signal, but dont straw man the arguments.
I agree @mixpix. The presenter in this video mentions Session's decentralized architecture as being superior to Signal's centralized architecture but does not explain how Session is decentralized. Nor does this video give any explanation on what a user's phone number exposes in the Signal case nor whether Session has any protection with respect to IP address exposure. As you said, go ahead and question Signal but don't play upon non-technical users lack of knowledge and fear.
Platform? That’s your argument? It’s the code that matters. I’m running the desktop version with the synced mailbox on a Samsung phone. It’s fantastic. And Briar is still better than Session.
@huff7006 do a search. There are few. You will need to know which message is for you. It is displayed in their inbox. Other people may use the same number in the same time for different purposes. Not all of them works, find one which does.
Telegram can work even though you don't have a phone number. It uses an ID name and you can change your ID name if you don't want others to get access to you anymore without having to block them. It is not possible if your chat app is based on a phone number, you need to block them in order for them to stop contacting u.
@@toniesan4765 You're missing the point. signing up to the app with you phone number IS the problem not the fact that your contacts are able to find or contact you through it. Telegram, somewhere on their database, have your phone number stored along with the account associated with it. When signing up for a Telegram account the first thing it asks you for is your phone number, and your phone number is linked to your name and government id/credit card that you used to purchase that sim card that is always connected to the nearest cell tower to your current location with.
I’d love to hear your thoughts and discuss with you all in the comments below! Let me know what you think, and feel free to ask any questions or share your experiences!
👉Don’t forget to subscribe for more tech and gaming content! Click here to join the community: th-cam.com/channels/69n6tCro97gPh0idiqFgUw.html
I appreciate videos like this and privacy options should definitely be scrutinized. I use Signal, Threema, and Session but only a few people I know have migrated to Signal and no one has moved to the others. I've no dog in the fight beyond also wanting people to be protect their privacy more but also think we should be more realistic about others adopting such measures (more on that later). Session would be my default messaging app if anyone I knew used it.
_Suspect money is "everywhere"_
Mozilla also has very iffy money ties but people use Firefox all the same, even as a private option. GitHub was acquired by Microsoft but people are still okay using it. If we're going to criticize dirty money then good luck finding any popular, privacy option that's "pure." Some folks make fun of Tuta for its lackluster appearance but they've done a lot of groundwork to own their own infrastructure and they're mostly email focused which I respect. A lot of other companies don't have that kind of focus/orientation for various reasons.
Signal does provide transparency reports and is audited fairly often so there's that. Said reports also show that besides the phone number, which LE usually has already when they subpoena info, and that data shoes that they have zero content to bolster the phone number beyond times accounts are made and those timestamps are in UTC. So unless some secret leak comes out where Signal gave far more data then the assertion (not here) of it being a honeypot isn't corroborated very well.
~ 3:35 They address the server access (lack thereof) in a pretty detailed part as well on their blog entry about Enclaves (building faster oram). Their server info is also on GitHub.
In short, the proof is in the pudding and until a substantive claim about it's lack of robustness both from LE requests and it's protocol which, even you admit is highly vetted and has been for years, then this is speculation. I posit the the emphasis on AI from Apple, Google, and even Microsoft is where the more obvious back door will be as such can pre-empt e2ee. They won't need to "crack" the likes of the Signal protocol with such pre-installed on regular phones that are capable of running a supporting GPU. Rob Braxman has been sounding the alarm about this for about a year, now, at least.
_Less metadata is better, of course!_
On the other hand, less metadata such as phone numbers is great (full send with that goal) and I push people to use other apps than Signal such as Session for online contacts I don't know in real life. It's a tried and true tactic that LE use metadata (e.g. who you know, where you live, etc.) to gain contextual, info that they don't initially have. This is especially true for homicide investigations. Even if a hardened criminal lawyers up their family and friends will usually talk and provide plenty of investigative info.
_Elephant in the room: Mass Adoption_
Think how much better privacy would be if half the population of a country switched from SMS/RCS to the likes of Session. You'd see a lot more pushes from government to crack down on the broadest definition of crime with folks who also used such communication methods.
But we must also keep in mind that "normies" are usually resistant to change and when apps such as Session are less intuitive to use than let's say Signal or even Telegram, can increase that resistance to moving to options that are more private than Signal.
Getting people into the door is something to factor in and people are used to giving out their phone numbers. Get them away from SMS/RCS into Signal then from there to the likes of Session, Threema, etc. for messaging apps. This is quite the ask but worth it, of course.
For a non-messenger parallel, look at how Proton (with it's familiar, Google-like, suite options) is a more popular choice for email then Tuta despite the latter having better encryption for emails (by encrypting the subject line by default). Both have PQC, thankfully.
_Performance consistency_
General consensus seems to be that while being more private, non-Signal options are lacking in terms of consistent service.
_Longevity of newer, better options is necessarily unknown/untested_
Plus we don't know how the other options will hold up to LE scrutiny and service/scale expansion until they meet those difficulties. I've already seen an article pointing out how Simplex has been used by some alleged and actual ne'er-do-wells, and it has a much smaller user base than Signal. I hope the devs can stand up to increasing maligning by the media with their usual treatment but that remains to be seen.
~ 5:15 - 5:35 I agree but we need to meet people where they are about privacy rather than where we would prefer them to be: they think it's not worth it, difficult to do, think there aren't free/accessible, easy to use options, etc. Those of us who are more privacy oriented should be realistic about helping others take it more seriously and expect them to make small steps forward. Help them realize how much giving out their real phone number can reveal and help them do it less.
What is your take on Briar and Element? Maybe you should also add some information about the architecture of these apps.
Yes I'd like to hear about Element and SimpleX please.
@@lcfnyc2007 @adamjutras7024 Great questions! I'll work on a video reviewing all these apps in the near future, so keep an eye out.
The only way Signal works is when both parties have and use the app.
Brian Acton Signal founder received funding from the Open Technology Fund (OTF), which was sponsored by the US government. The OTF was launched as part of the US State Department's "Internet Freedom" policy, aimed at developing tools to circumvent restrictions on internet access and usage overseas.
Many encryption technologies have been developed and implemented by intelligence agencies, which have an vested interest in encrypted chat for their own use/protection. It really matters how the technology is used, if its open source, verifiable, etc. You must understand the trade-offs. This shill video gives you enough information to question things, but doesn't answer anything. I'm cool with questioning Signal, but dont straw man the arguments.
I agree @mixpix. The presenter in this video mentions Session's decentralized architecture as being superior to Signal's centralized architecture but does not explain how Session is decentralized. Nor does this video give any explanation on what a user's phone number exposes in the Signal case nor whether Session has any protection with respect to IP address exposure. As you said, go ahead and question Signal but don't play upon non-technical users lack of knowledge and fear.
Briar is pretty good too
Briar > Session
Being only available on Android does not make Briar a credible contender.
Platform? That’s your argument? It’s the code that matters. I’m running the desktop version with the synced mailbox on a Samsung phone. It’s fantastic.
And Briar is still better than Session.
too bad you'll be just chatting with yourself. not many people will be willing to install another messenger app just for you.
@@dav1dw Same. I've gotten a few more to switch but it's an uphill battle.
I certainly understand the frustration trying to convince others, send them my video, hopefully it helps convince some!
Why are you trying so hard to sound like Paul Joseph Watson
Signal only use phone number?
So, there is a virtual phone number?
Ok. You can use free online phone numbers, but what if you lose the access to that number?
and what website hosts that virtual phone number? they will have to store your sms messages and then forward them to you.
@huff7006 do a search. There are few. You will need to know which message is for you. It is displayed in their inbox. Other people may use the same number in the same time for different purposes.
Not all of them works, find one which does.
Telegram can work even though you don't have a phone number. It uses an ID name and you can change your ID name if you don't want others to get access to you anymore without having to block them. It is not possible if your chat app is based on a phone number, you need to block them in order for them to stop contacting u.
@@toniesan4765 You're missing the point. signing up to the app with you phone number IS the problem not the fact that your contacts are able to find or contact you through it. Telegram, somewhere on their database, have your phone number stored along with the account associated with it. When signing up for a Telegram account the first thing it asks you for is your phone number, and your phone number is linked to your name and government id/credit card that you used to purchase that sim card that is always connected to the nearest cell tower to your current location with.