Just as a heads-up, don’t use PMs/DMs on Mastodon, and if you have to never share any private information.

Admins of sending and receiving instances can read those, as there is no end-to-end encryption. Even if you trust the admins, instance ownership could change or hackers or government could get in.

Use different tools designed specifically for this.

@thomasfuchs valid, though keep in mind this is just as true for facebook, twitter, and the like. Admins can (And do) read your DM's there too.

Follow

@freemo yup, use something like iMessage, Telegram etc, that has end-to-end encryption

@thomasfuchs @freemo for those reading this thread, here's a non-comprehensive list of alternatives to sending e2ee information online.

1. GPG
2. XMPP + OMEMO
3. Signal Messenger
4. Wire
5. Telegram
6. ProtonMail
7. Firefox Send

@thinkMoult @thomasfuchs @freemo I'll echo this but warn against Signal for now. I want to trust it but they are doing some fishy stuff regarding telling people to use the Play store to get the app, even after self-hosting it.

@alice @thomasfuchs @freemo yes. I'm also wary, which is why I put something like XMPP and OMEMO first.

One explanation behind recommending the play store is because centralised package management does help mitigate rogue fake packages. Pros and cons.

@thinkMoult @alice @thomasfuchs @freemo

For some users, Signal’s use of phone number as primary identifier is a legit risk. Some people want to message others without revealing their phone numbers.

When it comes to the Play Store issue, I place more weight on OSS, privacy policy, and best-in-class protocol than I do on a nebulous threat.

XMPP+OMEMO may be better for some use cases, but not because Signal is out to get us.

@mkb @thinkMoult @thomasfuchs @freemo It's not that Signal would be deliberately sabotaging anything. I don't think intent factors into bad cybSec. The chain of trust is instantly broken the moment I have to use Play to install it, since it's a blackbox. Google has been known before to acquiesce to bad actor demands (NSA).

However, the phone verification is a sticking point for me by itself. That's a window into my meatspace ID that I'm not sure most should be too comfortable with.
#security

@alice @thinkMoult @thomasfuchs @freemo

Yeah, for many threat models phone numbers don’t work well as a primary identifier.

If you find you absolutely have to use Signal at some point, it does work to set up a Google voice number and use that instead. I did this on an old Android phone with no SIM. I’d expect the same to work with a throwaway number from Burner.

What have you been using for messaging? Do you like it?

@mkb @alice @thomasfuchs @freemo nice tip about the throwaway number.

I use XMPP+OMEMO, and Signal both for messaging depending on the technical capabilities of my recipient.

For email, its GPG and Protonmail, again depending on the technical capabilities of the recipient.

Files, its Firefox Send.

I feel using both preferred and consumer friendly options helps people switch.

@thinkMoult @thomasfuchs @freemo

Telegram’s encryption is off by default and must be explicitly enabled.

Also, if your threat model includes state actors then know that the people who created Telegram’s protocol aren’t cryptographers. Cryptographers who have evaluated the protocol generally view it as subpar.

Keybase also has end-to-end encrypted messaging though I haven’t seen their protocol assessed.

@thinkMoult @thomasfuchs @freemo Telegram only has end to end encryption on private chats, not for normal individual chats or group chats

Sign in to participate in the conversation
Mastodon

The original server operated by the Mastodon gGmbH non-profit