Just as a heads-up, don’t use PMs/DMs on Mastodon, and if you have to never share any private information.
Admins of sending and receiving instances can read those, as there is no end-to-end encryption. Even if you trust the admins, instance ownership could change or hackers or government could get in.
Use different tools designed specifically for this.
@thomasfuchs valid, though keep in mind this is just as true for facebook, twitter, and the like. Admins can (And do) read your DM's there too.
For some users, Signal’s use of phone number as primary identifier is a legit risk. Some people want to message others without revealing their phone numbers.
XMPP+OMEMO may be better for some use cases, but not because Signal is out to get us.
@mkb @thinkMoult @thomasfuchs @freemo It's not that Signal would be deliberately sabotaging anything. I don't think intent factors into bad cybSec. The chain of trust is instantly broken the moment I have to use Play to install it, since it's a blackbox. Google has been known before to acquiesce to bad actor demands (NSA).
However, the phone verification is a sticking point for me by itself. That's a window into my meatspace ID that I'm not sure most should be too comfortable with.
Yeah, for many threat models phone numbers don’t work well as a primary identifier.
If you find you absolutely have to use Signal at some point, it does work to set up a Google voice number and use that instead. I did this on an old Android phone with no SIM. I’d expect the same to work with a throwaway number from Burner.
What have you been using for messaging? Do you like it?
I use XMPP+OMEMO, and Signal both for messaging depending on the technical capabilities of my recipient.
For email, its GPG and Protonmail, again depending on the technical capabilities of the recipient.
Files, its Firefox Send.
I feel using both preferred and consumer friendly options helps people switch.
The original server operated by the Mastodon gGmbH non-profit