The exact reason why it's bad for top secret communications is why individuals should use it or something like it. That is government auditability.
this post was submitted on 27 Mar 2025
524 points (96.8% liked)
Privacy
36474 readers
267 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
Wherever Signal is mentioned, I shall mention SimpleX-Chat.
Zero user ID needed to use. No phone numbers and no username.
SimpleX-Chat!!!
Out of band key exchange is great -as long as people can physically meet and exchange QR codes. In reality, they are often sent via less secure means. As always, the humans are the weakest security link.
Fair point, it always feels dirty to send invite-link through WhatsApp, the dominant messenger in EU.
How would one go to solve the invite problem? How does Signal handle this?
Phone number and trust-on-first-use for most people, with out-of-band fingerprint verification for the paranoid. It really depends on the threat model and the security practices/awareness of your colleagues, but a link shared on some social media or lower-security chat network is more vulnerable to a man-in-the-middle attack than a phone number for your average Joe. There are a lot of ways a person could get a manipulated invite link.
Finally someone who understands! Haven't found anything better. Just missing the bridging bit, though that comprises the privacy/security and overall personal opinion why I started using SimpleX.
UI-wise it isn't there yet, but actively being developed so. I miss posting photos (combined) with a comment, now they are all sent separately.
Anyhow if you are looking for privacy go for SimpleX!
SimpleX is kinda good, but also we have briar, it does have ids, but more secure and 2P2, i don't know if simpleX was checked by third parties about security, briar was audited by cure53 for example.
I believe Briar can't do offline messaging without setting it up to use another app. That's the main reason my friend group shifted to SimpleX instead of Briar.
Briar... not familiar with, thx for sharing privacy goodies. Will check it out.
As for audits on SimpleX, there have been some. Not sure when the last one was tho, they prob have something on their site with a date.
Not sure I want to tell all my friends to get simplex with me.
SimpleX is what I use. I tried Signal in the past, but there was a noticeable delay in receiving messages and it caused problems when using it to communicate with family.
I have no problems with SimpleX so far. It works well and looks modern. A feature I like is that you can create a different user identity for each contact/ chat thread. It also supports socks5 proxy.
You might've had background battery optimization enabled
Maybe, but I normally only leave battery optimization on for apps that shouldn't be running in the background at all. This was several years ago, though. If Signal isn't like that anymore, that's a good thing.
All I'll say is Threema. You pay once for a licence, so there's less bullshit people on it and they are based in Switzerland with it's privacy laws.
Proprietary?
Not sure, but probably. But looking at their history I think they have a good track record and it's used by the government as well in certain cases.
I can't imagine any messenger is private if you invite random people into a group chat 🤦♂️
The actual military grade (xmpp based) messengers implement security lables, meaning messages are tagged with the required security clearance and if you invite random people to a chat they can't see the messages.
EVERYONE SHOULD DOWNLOAD SIGNAL for PHONE-NUMBER-based communication, tho. Proper RCS is not here yet (and won't be in a long while), so let's try to mobilize people to Signal.
DeltaChat is cooler for non-phone based communications, IMO, and decentralization makes it way sexier and worth this tradeoff.
load more comments
(25 replies)
Signal is the place for top secret communications, but not for any government business, top secret or not (at least not when using a public instance - they could fork the project to keep decryptable records on gov servers where the official gov instance would run).
The protections for classified information are not just about information security. They are about physical and operational security as well. That's why s SCIF has a "two locks" policy, and requires things like 4" steel doors.
You are right.
They are also about data security, so nobody can just erase, modify, or destroy/lose data. And all that applies to data handling and access as well.
load more comments
(6 replies)
view more: next ›