Like the title states looking for E2EE apps (Android and iOS) without going into much details or needs to be robust enough and easy to use for anyone and stable for operations that are susceptible to constant electronic warfare. I did some research and thought about replacing Signal with Molly and wondering if it will still work if Signal leaves the EU, but am also worried about its updates to patch vulnerabilities in a timely manner. I appreciate the help I am a “Jack of all trades and master of none” when it comes to these types of programs, but am also the go to currently in my unit since I am somewhat knowledgeable about exploits and attacks that can compromise systems would be great if there was an desktop as well (like Signal) and would also be nice if it was FOSS and auditable ( I know that’s kind of redundant ) I know it’s a tall order to ask but figured I would try. I really appreciate the help so much and hope I did things by the rules here and don’t get flamed if this has already been covered ( I searched but my skills with searching the fediverse is low
I would still use Signal. By ignoring bad laws you are turning the EU government into a laughing stock
I’ve been using DeltaChat (available on F-Droid) for a few months now.
What I like about it is that because it’s email based, it uses OpenPGP for encryption, making it easy to have compatibility with other email-based solutions.
If you want to go the extra-secure route, you and your contacts can even self-host your emails - as long as you’re not going to send messages to people on Gmail or other big providers, you can avoid your messages being treated as spam.
The multi-device support is still a bit rough around the edges, but has gotten better in the last few months since the app is under active development.
deltachat uses autocrypt which apparently doesn’t support key verification yet. how secure is it if you can’t even verify that your messages aren’t being intercepted? I also didn’t see anything about rotating keys after every message like Signal does, so anyone sucking up your encrypted messages just needs one key to see your entire message history. that doesn’t sound very good.
https://www.privacyguides.org/en/real-time-communication/
If signal is banned all of these other apps will be banned, but maybe they’ll not enforce it completely
Your best bet is to start using a privacy respecting VPN today, always on on your phone. Like Mullvad
That’s what I’m hoping some consideration considering it would undermine everything in regards to the lifes at risk. Currently using Proton but think Mullvad now it keeps coming up. Does it offer other services as well similar to Proton and if so how are they? Thank you for your reply.
No mullvad is a vpn. For mail use some other providers not in your country, switzerland for example. For cloud I would say selfhost.
Roger that thank you for the input.
No maybe Dont do that!
See any VPS provider you can pay by crypto. Access it over the Tor browser. Either do some Linode oneclick stuff or follow some setup to setup a server and wireguard VPN.
I can help you if you want.
Mullvad is easy to block, as every servers IP is known. Custom servers not so likely.
If that fails, Tor network with bridges…
Mullvad is a non-profit focused on privacy as a human right. They provide anonymous VPN services, you can pay with them with crypto, cash, a lot of different things that help distance you from the service. They also provide a Firefox fork, called mullvad browser which is like a mix of the tor browser, arkenfox with all the privacy respecting options set correctly out of the box
VPNs won’t fix all of your issues. In fact, I don’t think it will do much in this situation
This, I already set Mullvad as an always on VPN and turned on all the content blockers there.
deleted by creator
There are over 200 alternatives to Signal, Open Source and encrypted, out there. The attempt by governments to ban them all seems a little far from reality to me. https://alternativeto.net/category/social/encrypted-chat/?feature=end-to-end-encryption&license=opensource
Yep. One can even self host so no one can really
force removingdo something to e2eeBut who is going to remove E2EE?
As far as I know, it’s just about sending image hashes from client side, the chats and texts are still sent end-to-end encrypted, no chat leak or encryption backdoor. Or I am missing something?
I caution mentioning both Matrix, and Element as if they are synonymous – they are not (I’m quite certain that that wasn’t your intent, but the usage of the forward slash could be interpreted as such). It may lead to confusion for newcomers. It would essentially be the same as saying “I recommend ActivityPub/Thunder” to someone who you want to introduce to Lemmy. Matrix is the protocol, and Element is simply a client that interacts with the Matrix protocol.
I personally think that it’s sufficient to recommend Matrix if one is mentioning chat-app alternatives. Of course, nothing is stopping one from also recommending a client, but I don’t believe that it’s entirely necessary.
very happy about matrix v2 future. it will be awesome then!
Seems to be getting recommended by other users as well I will check it out and thanks for the reply.
I have not, but will read up on these two and thank you for your reply.
Much has been said about the idea of ‘signal leaving UK or EU’. Little has been said about how exactly that would happen.
AFAIK, Signal has no business presence in the UK or EU. IE, no offices, no registered corporate entities. Thus, they (arguably) have no more requirement to comply with UK’s or EU’s regulations than, say, Iran’s or China’s or any other jurisdiction where they do not do business and have no presence.
Signal’s leadership has a record of giving any regional restrictions the middle finger, so I doubt Signal would voluntarily block EU countries. So that means the EU would either pressure Google and Apple to delist Signal (easily worked around, at least on Android, and soon on Apple too as EU is trying to force sideloading) or they’d pressure ISPs to block connections to Signal (more or less impossible).
If EU tried to do that, it’d just create a giant game of whack-a-mole. And people doing real CSAM shit would just move to even more private distributed systems.
expired
Signal. Any restriction can be bypassed
Signal’s devs have been pretty good about offering proxies to people in oppressive nations like Iran and Egypt in the past.
And now we can add Britain to that list.
AFAIK in Iran, the issue is that the real local phone numbers could not be accepted for registration due to sanctions, so it only ever worked for existing accounts. Another problem of such a system.
I don’t think Signal will ever give up phone numbers as identifiers, for better or for worse… The “for better” helps prevent spam and makes contact discovery easier, but the “for worse” can easily place a pretty heavy burden on users to own a phone number.
I hope we don’t get to Iranian conditions in the UK, but if we do, I imagine there would be a lot more press about how they handled the “first world” country… At that point, switching to a different platform would probably be better…
It’s a feature that keeps being said to be “almost ready”, but phone number for registration will continue to be required from what I understand. What they were working on was the ability to have usernames to connect to strangers and other people without the need to share the phone number.
Yeah, which has taken a frustratingly long time to implement. They’ve been working on it unofficially since 2018 and officially since 2019, and fingers crossed will be getting it sometime in 2024. They struggled for a while with message editing as well, finally rolling it out just recently… Presumably, waiting for the old clients to expire. (That’s why they stop functioning after a while.)
Not just a phone number, but a non-sanctioned phone number.
They could. If they wanted to. But they don’t want to. They could charge a little bit of money to initiate contact with somebody if you don’t have your phone number registered. To keep the spam down. They already have their own mobile coin, they could just ask initial contacts to send a penny for that contact. Something not too intrusive. They could do that, if they want to, but they don’t want to.
Yeah, Signal should work on its reliance over phone
Soo… this whole thing is about the eu not the uk. Which are (now) different things. The uk dropped their dumb idea with a “when this is technically possible” restriction, which it won’t be because maths isn’t changing anytime soon.
The eu thing is different and technically possible.
At least the UK is willing to acknowledge they want something impossible, haha. In the US they’d just say “do it, math be damned”.
“The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.” ~ Malcolm Turnbul, former Australian PM.
Turnbul has done less study on the matter than king Cnut.
Thanks, apparently I was struggling to read a two letter acronym…
Is there a reason no one has mentioned Telegram yet in this thread?
possibly because Telegram is as “private” as Facebook.
It has end to end encryption though, so could you clarify why you think that it’s not private?
I’m not saying it can’t be private, but defaults matter and by default every message sent on Telegram (unless you opt into a “secure chat”) is viewable by anyone with access to Telegrams infrastructure and you have no way to know your message history has been compromised.
In contrast, everything within Signal is completely private and end-to-end encrypted with no compromises. Your groups, group names, profile pictures, stickers, reaction, voice/video message etc are all private without anyone having to make do anything. Privacy is enforced, not an option.
Telegram does have secure chats, but - either intentionally or not - they have made them incredibly inconvenient to use as they are not enabled by default, don’t work in group chats, and don’t sync across your own devices.
So yes, Telegram is private, just as private as a PGP encrypted email.
XMPP, the internet standard for federated instant messaging.
Can you please link an article or something explaining what you’re going on about? When was this announced?
Edit: guessing it’s related to this. https://cyberlaw.stanford.edu/blog/2023/06/eu-member-states-still-cannot-agree-about-end-end-encryption
If so, banning E2EE because of CSAM is like cutting off your hand because you stubbed your toe. Banning E2EE won’t stop child porn nor will it prevent the use of E2EE.
Unfortunately, It’s not about ending CSAM. It’s about ending encryption.
If they cared about ending CSAM they’d ban…checks headlines…police officers
police officers
What? Why?
lots of headlines recently of cops getting busted. reading through the articles, it looks like some cloud backup provider for verizon phones started scanning, and filed reports, which led to investigations, which lead to tracking down the phone, which led them to a cop’s house. many such cases follow that same pattern.
police work attracts people who like to abuse power, so we shouldn’t be to suprised tbh
Yes, [https://www.patrick-breyer.de/en/chat-control-2-0-eu-governments-set-to-approve-the-end-of-private-messaging-and-secure-encryption/](https://www.patrick-breyer.de/en/chat-control-2-0-eu-governments-set-to-approve-the-end-of-private-messaging-and-secure-encryption/ This is exactly how I feel I don’t understand the logic behind this at all.
Understanding is simple. Every few years, 5 or 8 or 10, there’s a big marketing push and brain wash around trying to destroy encryption by using the excuse of CSAM. Nothing new, a play as old as ever. It’s basically (and really the whole point) trying to pass mass surveillance into law hoping that people forget the arguments of the last time or that people are not paying attention or trying to put it wrapped into a different gift wrapping and see if it goes into effect before anyone notices. The time frames for these things are getting smaller and smaller and more and more people don’t care at all about privacy and basic rights and are ok with things like mass surveillance. It will eventually pass.
It’s a real shame the eu is doing this. I’ve agreed with most of their policies recently regarding IT and phones.
I don’t agree with that stupid cookie shit though.
I just felt that there was a lone voice of reason trying for a better future but I guess we are on our own.
EU is not doing it yet, however there is strong push from interested parties within and outside of the EC:
Including illegal use of targeted advertising / misinformation campaign:
As a fellow cookie warning hater, the Firefox extension “I don’t care about cookies” is great. It’ll dismiss the box.
And please keep the reminder that most cookie popups are not required and it’s mostly bad actors/companies that keep insisting on being annoying by saying they are just complying when in fact they are forcing all that on purpose on us users so we turn out heads to hate on the law instead.
Pretty sure signal won’t be forced to do anything:
Encryption plays an essential role in securing communications. The international human rights law test of legality, necessity and proportionality should be applied to any measures that would affect encryption. Both the UN Commissioner for Human Rights[1]and the European Data Protection Supervisor[2]have concluded that the EU’s proposal for a regulation on child sexual abuse material fails this test[3].
this is from May this year, when Spain proposed this. How in the everliving fuck the EU can get away with violating human rights?
So yeah I’ll eat my hat unsalted if this actually will break encryption
Well, they don’t need to break encryption, since the scanning of messages is supposed to happen client-side.
And by defenition breaks e2ee. https://en.wikipedia.org/wiki/End-to-end_encryption
Technically not touching your valuable encryption would still be an excuse they’d make, wouldn’t it
Even though it functionally does break encryption
you should eat it hashed and salted in protest.
So encryption was always a recipe for potatoes
Hashes are not encryption
Genius.
Best comment in this thread
It’s not encryption, all goes end-to-end. They will force app clients to add a “leak” request that sends the hash of each image you send to compare if it matches with child porn. It’s explained on another post on Lemmy and it looks so hard and so impossible to be implemented that I doubt it will actually work. The chat is still end-to-end.
They want to also check them with ai. Hash alone would be bad. But ai is worse. Ya got/are young looking gf. Well if ya send nudes some cop will most likely see your nudes if chat controll really comes.
Source: the new law proposal
AI is the solution to all our problems… /s
O God, the hash one isn’t bad, just stop there for the sake of all that is holy
The hash one has the one issue of you could simply put political shit in the db and find out your political opponents, but the hash one is debatebal.
Yes.
They will check their own images and police themselves lol (actually there will be an extra committee for this so just joking)
They want to also check them with ai.
Do you have the source link of this pls? thx!
Here. On page 52, Article 10 3.a
The technologies shall be: (a) effective in detecting the dissemination of known or new child sexual abuse material or the solicitation of children, as applicable;
They are explicitly talking about known or new material. Even though they don’t state the technology, AI is the only possible one (maybe there are more but they WILL have the same issue, ai has)
They also go indepth in a centralized db, where all this shit will be stored, to retrain this model.
Yea it is fucked up.
But AI is too expensive to use it on any text sent by any European citizen/bot.
I would guess it rather refers to images. But it doesn’t matter if it is too expensive. Ai is the only thing that can do the stuff they want.
Are you sure? Using AI for any text and image that any European citizen (742,083,786 people if I’m not wrong) is pretty heavy… They will need to spend too much money for AI usage if this is the stuff they want or the only thing they can do.
EDIT: Sorry, if you mean only about images is still very heavy, no AI needed here, they said it’s a client side implementation and still sending random hashes… any hacker can just send random hashes and block database request with a DoS… and they will get many false positives… Not viable.
If they actually ban E2EE, I’d like to see all banks, for a start, and most web sites, downgrade https to http. See how long the ban will last then.
“I was just following the law!”
It’s ok the banks have a “too essential to be punished” card
I give it a month before either the ECJ steps in or they quietly change the law/interpretation (Article 13/17 says hi)
It depends on what you want. I encourage people to use Jami (distributed, so might be a thing, if not self-hosting your own service, since what is said decentralized in reality is a set of centralized services). If too hard, then XMPP + OMemo. And only then, Matrix (by design it gives up more meta data than XMPP).
Take a look at the matrix network. Its decentralized like lemmy and the cryptography is on point. And it cant really be cencored due to this reason.
Unfortunately its possible to send messages on Matrix that are not encrypted
Yes its possible, but you are free not to send unencrypted matrix messanges.
Human error is possible. Happens to our users PGP emails all the time.
As an org we dont allow any software where its possible to send unencrypted messages. It too much risk.
I completely agree. Though pgp emails usually have to be set up. At least when using element nothing has to be set up and it is enabled by default. But this doesnt change the point.
As an org self hosting a matrix server would be an option. But the issue would still remain. So its a tradof
this seems easily fixable by choice of end user app, Element surely defaults to sending encrypted messages, if a user goes out of their way to figure out how to send clear text good on 'em
Yes, because for large public rooms it makes no sense as anyone can leak the message contents anyway and e2ee is expensive for large rooms.
Also DMs
Matrix
