KLISHDFSDF

That's the option I give people and have converted many. I have Signal, it has more modern features than SMS, is basically Whatsapp, but run by a non-profit org. If you don't care to install it, use SMS.

First, you're conflating privacy with anonymity.

Secondly, they are one of the few orgs (maybe only?) that have been subpoenaed multiple times and they've published documented evidence [0] that even when compelled by law to present all the info they have on any specific user, all they know is:

1. The date you created an account
2. The last day (not time) one of your clients messaged their

Feel free to trust whoever you want, but the source code to Signal's clients and server are open for anyone to criticize, and they have been. They're not perfect, nobody is, but they're also one of the few orgs out there showing that they're willing to put up or shut up.

Criticize in a constructive manner. Don't be dismissive and spread FUD by stating "I don't trust them" without backing up understanding the Signal threat model and mixing up privacy & anonymity.

[0] https://signal.org/bigbrother/

many people don’t like and thus left signal for

Is there any evidence of this? Because if anything, anecdotally, I've seen an increase in my circles and I've stopped trying to get people over after I convinced my small circle to hop on.

maaaaaan I was ignorant of how shitty this man was. Fuck you Eric Clapton.

Sessions developers dropped Signal's Perfect Forward Secrecy (PFS) and deniability [0] security features. Personally I would not trust a product that drops an end-user security feature for the sake of making the developer's life easier [1] .

Using existing long-term keypairs in place of the Signal protocol massively simplifies 1-1 messaging.

For those unaware, PFS protects your data/messages from future exploits and breaches. With PFS, each message's encryption is isolated, preventing compromise of current and past interactions [2].

A simple example to illustrate why PFS is beneficial. Lets assume any 3 letter agency is collecting all Signal/Session messages - on top of the tons of data they're already capturing. The great thing is that your messages are encrypted, they can't see anything - YAY - but they're storing them basically forever.

Two ways they may be able to compromise your privacy and view ALL your messages:

1. A flaw is discovered that allows them to crack/brute force the encryption in weeks instead of years/decades/eternity. If you were using Sessions, because you use the same key for every message, they now have access to everything you've ever said. If you were using Signal, they have access to that one message and need to spend considerable resources trying to crack every other message.

2. Your phone is compromised and they take your encryption keys. If you were using Sessions, this again gives them access to your entire message history. If you were using Signal, because the keys are always rotating (known as ephemeral) they can only use them to unlock the most recent received messages.

It's important to state that both cases above only really matter if you delete your messages after a certain time. Otherwise, yes, all they have to do is take your phone and get access to your entire message history - which is why ephemeral messaging (i.e. auto deleting messages after a certain time) is crucial if you suspect you may be targeted.

[0] https://getsession.org/blog/session-protocol-explained

[1] https://getsession.org/blog/session-protocol-technical-information

[2] https://www.signal.org/blog/advanced-ratcheting/

100% agree. I appreciate the guys work on lemmy and the jerboa (the android app) but he's got some weird ideas.

+1 for SearXNG. I've personally found mostly better results, for my use cases, than Google or duckduckgo, although I keep DDG as a backup.

the web would be miserable without it.

If you don't mind me asking, what services are you getting for that price and what are your pro/cons of them? Currently considering whether I should go self-hosted or Proton to get away from Google.

I concur.

The services/platforms/networks on ActivityPub, for the most part, serve as a public forum. I don't expect privacy in that context and others shouldn't either.

I personally believe we shouldn't conflate the two (private/public spaces) and have private End-to-end encrypted messaging via an alternate platform/service to ensure people don't mix them up - maybe something like Matrix, since that's also federated and self-hostable. But that's just my opinion.

You don't think we landed on the moon?...

Privacy preserving link: https://piped.video/watch?v=lEj8bnx0TB0