38
linuxxx
7y

Well since I'm such a fan of Signal and have been using the version which is downloadable through their site, I'm going to attempt to compile it from source myself, then I'll truly have an open source version!

Comments
  • 5
    https://www.thesignalsource.com/
    First result on Google. Not what I was looking for.
  • 4
    @J-2FA Agreed! I'm still cloning after about 10 minutes πŸ˜… - fuck my internet!
  • 3
  • 12
    @J-2FA There are so many open and super secure chat clients by now, but it doesn't matter. People will never leave WhatsApp. If I tell them to switch and why, they just say "But I know noone who's using it and all my friends are on WhatsApp". It's worthless.
  • 4
    @linuxxx Yeah I found that already πŸ˜†
    Was the third result (second was iOS source).
  • 5
    @Forside And still, everyone I know who uses Signal also uses whatsapp but I actually have several groups on there :). I think I got about 30 people by now to switch to/also use Signal.
  • 4
    @linuxxx Seems you have more competent people there. I would live in a lone and dry desert if I install Signal.
  • 5
    @Forside Well you could install it and just not use it :P
  • 3
    @J-2FA I use tutanota.com as email service, even have a premium account there :)
  • 6
    If you succeed, I'm going to try.
  • 2
    @J-2FA Will do, thanks!
  • 2
    @J-2FA Are you sure about that?
    Page remains white with an iframe to godaddy.com.
    Frame is not loaded, but following the link in the code I get this message:

    Welcome to: myki.io
    This Web page is parked for FREE, courtesy of GoDaddy.com.
  • 2
    A Signal terminal client would be pretty cool
  • 2
    @J-2FA @linuxxx I doubt that email service's web client has support for e2e encryption.

    K9-Mail with Openkeychain is the way to go on Android (I don't know better alternatives at least), on desktop it's thunderbird + enigmail (and Gnupg).
  • 1
    Viber, telegraph ... I was lonely. Eventually WhatsApp won.
  • 3
    @theCalcaholic They only have a web client and yes it has in browser end to end crypto :).

    Don't trust/believe it? Go take a look, it's open source anyways ;)
  • 2
    @linuxxx Sounds great actually. The problem is (if I understand that correctly) that e2e encryption is only available for messages to other users of the service. It's that correct?

    If so, doesn't that make it basically useless?
  • 2
    @J-2FA K9mail doesn't need to be secured a lot, because it's only your client. What counts for me is that it supports pgp e2e-encryption.

    The encryption keys are handled by a separate (local) provider, such as Openkeychain. That's the app that needs to be secure, not K9-mail.
  • 3
    @theCalcaholic Yes and no. Yes, by default it is but you could email someone and choose a password for that conversation and send that to the person you're sending the email to through other channels.

    No - good luck obtaining 200 warrants for different email providers/servers. All the emails and contacts are stored encrypted on the server.
  • 2
    @linuxxx Well in that case, the e2e encryption of tutanota is relatively pointless. While pgp is wide spread and can be used with any mail provider, it's neither realistic nor desirable to convince everyone I want to communicate encrypted with, to change their email provider. :/
  • 2
    @theCalcaholic For your use it might be pointless, I use it with quite some people so for me it's very useful.
  • 2
    @linuxxx Nah, I meant it in a general way. E-Mail is a open protocol. One of its major advantages is, that it's decentralized - I can freely choose my mail server.

    It's the same thing I don't like about Signal: It's not really open until I can set up my own server. As long as that requirement is not met, I still need to trust and rely on one party I can't control. That's a big flaw in my eyes.

    That's why I prefer Matrix over Signal for instance, or PGP over Tutanota, even though their protocol is better.
  • 2
    @linuxxx After rereading my comment I realize that I did a shitty job at explaining things. ☺️ So here's another attempt.

    Email is a horrible protocol in terms of security and authenticity. So, if I'm using email, the only reason is its popularity (and independence of a single point of compromise, i. e. server operator). If an e2e encryption takes away that advantage of wide distribution (by not being agnostic to the server operator) it's not competing with email anymore, but rather with other messengers, like whatsapp, Signal, etc.

    Because instead of requiring an existing email user to 'flip a switch in his/her client' in order to use the encryption technology, he's required to move his workflow, his contacts, his history to a new service - which might even be impossible for his business account (because of company standards).

    So why should I use this email encryption at all instead of something with a good protocol (like signal or Matrix)?
  • 1
    @theCalcaholic I completely get you, there's just one thing with PGP.

    It's hard to use. I've tried to set it up with friends and family members but just gave up because they didn't understand it. With tutanota they understood it instantly and it doesn't involve any difficult steps.

    As for signal, I deffo get your point.thing is though that due to its open source clients and strong crypto, even if the servers got backdoored, it wouldn't matter much as the apps themselves are very solid and the end to end crypto does its job.
  • 1
    @linuxxx Definitely. Although I think that enigmail's usability has improved a lot since I started using it (about 5 years ago), it's not the easiest thing to set up. PGP is not inherently difficult to use - it all boils down to the integration.

    Regarding Signal: Yes, the one central server shouldn't matter to much for security - but it matters a lot for availability. Imagine what would happen if encryption was suddenly considered illegal in the US (something, many politicians try to achieve). In the case of decentralized protocol that wouldn't matter as much. But for signal it could mean that you simply can't use it anymore.
  • 2
    @theCalcaholic Very true. Although that's still an issue for me, for now it's working great and that's good enough for me. I use riot as well anyways :)
  • 2
    @linuxxx Yes, I'm using signal as well. :) It's still a good piece of software, I'd just like to see a free (FOSS, distributed, public) communication protocol gain popularity.

    Something like email, but secure and privacy respecting.

    Unfortunately, most big players who would have the influence to bring such a thing forward have little interest in doing so.
  • 2
    @theCalcaholic Yup too badly. They want to keep collecting data for profit and that can't happen when the data is encrypted.
  • 2
    @linuxxx The only big company I could imagine advocating something like matrix, which also has direct contact to the end consumer is Mozilla.
Add Comment