How safe is Signal?

How safe is Signal?

Other urls found in this thread:

archive.is/B3tlW
github.com/LibreSignal/LibreSignal
twitter.com/SFWRedditImages

The protocols underlying Signal?

Or the software as it's actually running on most users' devices, i.e. downloaded in binary form through Google Play onto a device running an outdated open-sourceish OS (Android) or a closed source OS (iOS), which is also running a closed source baseband firmware that likely has poor isolation and is full of 0 days?

Also, what's your threat model, and what do you mean by "safe"? Signal's not going to give you AIDS, unless you use it to chat with people you met on Grindr.

Why it's not on F-droid? Did they ever say it?

...

I don't know anything about that particular program, but I think the elites' cracking ability is much higher than you've been led to believe. You think you can depend on SSL, or AES, or whatever to be secure, but they might have "been there done that", they just keep silent. Do you really think they would let there be technologies that allow you to avoid the spying? I recommend using encryption regardless, since you are still protected from lesser attackers.

Bretty damn safe, but you have to run AOSP and GsmCore instead of Gapps if you want security from Google. Even then they still get some metadata (albeit very abstract, completely useless if you talk to more than one person).

GmsCore*

The developers are incompetent and claim the google play botnet is absolutely necessary for it to work, even though Conversations and Riot are on F-Droid already.

It's necessary if you want to, quote on quote, "save battery", but the hilarious part is that GApps is a fucking monster at sucking down battery.
I'm sure my years old lg g2 would have to be charged twice a day if I let google have its way.
Hell, I run syncthing on the phone 24/7, even during data, and it's nowhere near my experiences with all of the google drain.

Oh and I get a good 2 days cell standby on it. Around a day with heavy calling/some browsing and syncing, probably could do around 6 hours screen on time, half brightness, without gapps.

Dumb fucks...

The answer is always "Moxie is an insufferable faggot". The guy sucks Google cock like it's going out of style. His "answers" are all on the Github discussions.
Use Silence instead. It's what Signal should have stayed as.

Signal is safe to use if you don't mind it relying on Google Cloud Messaging. Moxie says it's only to see if there is a message (= metadata) and was shady about looking for an alternative. (I have a screenshot somewhere of that)

Isn't Signal also linked to your phone number? I'm not sure about that.
Their encryption is very good though and other functionalities are excellent.
It's very much worth considering since it's open-source too.
Encrypting your SMS messages is a very big plus.

The devs are anarchist fagshits tho, but it makes them serious about personal data.

----- Offtopic -----
Threema allows you to bypass the GCM on Android at least.
My device is rooted, I removed all Google services like the Play Store and when trying out Threema the app prompted me with a pup up asking me to either install GCm or use polling (syncing only every 15 minutes when the app is inactive).

archive.is/B3tlW

Threema has also other big advantages with the only downside not being FOSS, but stillbetter that Signal.

Silence looks good, will give it a shot m8
Have some hardwareporn.

Nice FUD.

Cryptographicly very secure.
From a law point quite secure but if you get a warrent from LE then your phone number will be exposed and thats it.

Please kill yourself as soon as possible, people like you are dangerous to society. You can not trust a non-free proprietary program to "Securely" message people.

Moxie even said himself how GCM works for Signal. Basically all the GCM does for Signal is send a push message to the device that there is a message. That is it. It sends a blank push message to Signal that only tells the device that there was a message sent. It doesn't say who the message is from.

Maybe you should like, read what certain technologies do instead of being a paranoid ameba that sees "Google" as evil 100% of the time.

Also, Moxie himself said if anyone would develop a nice, clean, WebRTC implementation of GCM push messages for Signal that he would merge it. That request is like 2-3 years old. (It would also rape your battery life.)

What this person said. The Signal protocol is secure and well designed. The only problem with the Signal app is that It is non-federated. Meaning you have to rely on someone's server and not your own.

Everyone complaining about the fact that it requires a phone number to sign up has no idea how threat models work and just perpetuates inane ideas for the sake of being inane. Signal doesn't hide metadata. It was never designed to. It's not metadata-less communication like Ricochet. The same problem exists for XMPP.

It depends on non-free libraries so it isn't safe.
The fork of signal aka= libresignal corrects this problem.
github.com/LibreSignal/LibreSignal

Anyway if your pc/phone still has the google botnet inside it's useless against google.
But it can still be useful against Third parties that doesn't exchange with the government or google.
The only way to have security is to use replicant since it removes all the non-free code and blobs.

Pointing out that the endpoints are full of holes and very possibly compromised to hell is not FUD. It's a legit security problem. Nobody disputes the actual protocol.

I wouldn't use signal to commit internet crimes, it's for privacy not anonymity.

For normies, iPhones are probably the safest endpoint. Their laptops and desktop computers are full of spyware.

Very safe.

How safe am I if I run a linux distro on a macbook?

As always it depends; Are you a moran?

Well, I'm not a pro or anything. But I'm a little worried that the botnet enriched CPU and motherboard will leak data that wouldn't necessarily be visible in Wireshark. I'm not a "moran" for being suspicious about this, right?

I've always had bad experiences with signal. It randomly fails to deliver messages. All my friends immediately switched away.

Signal is secure. The encryption is solid. On a technical level, it doesn't get any better. OWS has smart people on staff.

But in a way, Signal is not _private_. To receive messages, you'll need to give out your mobile phone number. There is no option to use an email address as a login as with something like Wire, or a pseudonymous ID like with XMPP. (And that's not even getting into hypothetical NLS or other secret-law scenarios.)

Use condoms if you actually have sex ever.

Officially, OWS wants the ability to sign their own binary releases, rather than have a repo maintainer sign all binaries in that repo.

Unofficially, there's talk that OWS is looking to get bought out by Google. They tend to talk up Google at every opportunity and denigrate Android-without-Google projects like Cyanogenmod/Lineage, F-Droid, Replicant, Copperhead, etc whenever they can.

If you're criminal, its quite the favoured software. Disappearing messeges that have times universally set for both parties. If Snowden says it's okay to use then I don't see anything wrong with it.

Signal is bad for crime. Metadata can be more useful than the content itself in criminal investigations.

Signal is tied to phone numbers and doesn't claim or try to be anonymous. If you send messages to known drug dealers, they can guess what you are doing.

Best phone setup that I can think of is a Replicant Note 2 with LibreSignal for SMS and other F Droid apps filling needs.

Snowden is good at copying files, he's not a security researcher or expert. He's someone normies turn to because he's in the news.

Please go back to reedit

They sent me here!

where did you get friends?
and what are you doing with them?

Go back to cuckchan