Honestly would love to use signal to chat with my whatsapp contacts.
Signal could just throw in privacy notice when messaging with someone whatsapp or facebook messenger.
Currently I have signal installed and used to use it to message with my so but we have both moved to discord and use whatsapp to communicate with those that do not use discord. Still holding on to signal if and when some oddball from my contacts decides to use it instead.
I am aware of that but when all our friends or communities either use whatsapp or discord then it's just more convenient.
Honestly messaging these days is a mess
Teams and Slack for work
Whatapp and Discord for family, friends and interests/communities
I really miss that fleeting moment when all messaging apps were using either open protocols or at least they weren’t hostile against alternative clients. It was really nice to be able to use one client to log in to gtalk, msn etc. at the same time.
I understand her point and imho that's what makes signal a superior option to the others but because of these extreme choices I've seen the usage of signal gradually go down (might be wrong for the total number of users) around me. Now I don't anyone who uses signal anymore.
it's a real shame it's ridiculous to be using whatsapp but I have whatsapp installed on my phone not signal because that's what everyone uses.
I tried switching to Signal a couple years ago but I had to return to WhatsApp since literally no one of my friends and acquaintances did the jump. It wasn't even considered an option by many. So it was either returning to Whatsapp or being cut off from everyone.
If people were a bit more open-minded Signal could be a good alternative. But alas...
I got my whole family on it, and generally all my closest friends have it as at least a backup. As the other chat apps falter it's been easier to convert people.
So then it seems completely absurd signal is "not interested" in allowing any integration. They could just notify their users communications with WhatsApp users are unsecure.
Signal were fools to remove the SMS support from their app. That was a good way to get people in to use the system - they could have insecure SMS chats with those not on signal, and secure signal chats with those on it. The app would warn you when someone didn't have signal and the chat was insecure.
It was a really good "trojan horse" route into people's lives. I was using signal every day and it was easier encouraging others to make the switch because it was a convenient app.
Then the devs removed that and dumped all their users back onto other SMS apps.
Now I have 3 apps - an SMS app, Signal and WhatsApp. I barely ever use Signal now. I want to use it more but so few people I know use it, and it's not the first place people message me from.
Removing SMS support was a huge strategic misstep. They should have been the bridge for people to move from SMS to secure chat.
Idk about other countries. But in India, SMS is pretty big for businesses to send updates to the customers. Like 2FA for bank transactions, delivery tracking, govt alerts etc. Customer to customer is almost nil except on rare occasions when maybe the internet is down and you need to send an urgent text.
And I should mention that domestic SMS is free (included with any active cellular plan)
With Signal's default settings, Google reads your Signal messages when they come in through push notifications.
Correct me if I'm wrong.
Edit: For those in doubt, last year, I started seeing content-aware auto-reply options in my Signal message notifications; that is not a function of Signal, but a function of Google's Android. One could escape it by using a de-Googled Android like Lineage or Graphene, or by hiding the message content (which is not the Signal default) and would surely hurt Signal's adoption, when you have to unlock the app to read each message.
You are wrong ;-)
The push stuff is just used to signal the receiver that there is a new message. No meaningful data is sent that way. Not even an encrypted message.
Call me paranoid, but Google owns Android. They can easily read the content of a notification as it's displayed. They even have a Notification History app where you can see all applications from all apps.
At some point, Android is reading the message to generate the quick replies that were showing in the notification. They're content-aware and this is not a function of Signal; if someone sent me a question, there were "yes" and "no" quick replies. If someone sent that they were going to be late, there were quick replies like "That's OK", etc.
You need the right flavor of Molly to use UnifiedPush: https://github.com/mollyim/mollyim-android-unifiedpush.
You can install MollySocket via:
Docker/Podman: docker pull ghcr.io/mollyim/mollysocket:latest
Crates.io: cargo install mollysocket (see INSTALL.md for the setup)
Direct download: https://github.com/mollyim/mollysocket/releases (see INSTALL.md for the setup)
A distributor app (easiest is ntfy)
You can optionally install your own push server like ntfy or NextPush. For beginners, you can use a free service like ntfy.sh (do consider donating if you have the means).
that's not how push works. usually, google would only know you received a notification, but not it's contents. that "dummy" notification wakes the app up, which decrypts and shows the real notification.
content aware stuff runs entirely locally on your phone, so no data is sent to google (unless you have telemetry enabled, in which case the reply or action you used will be sent to google together with the next telemetry data upload)
yes, some apps actually push the content directly through the push system, but that's not how this is handled in most apps that handle private data in notifications.
Indeed. I wish your comment was the most visible here.
Signal and Threema can be all about privacy, but they are still companies which can make money only by keeping their service as centralized as possible.
Decentralised messaging like Matrix, XMPP, Jami, have no issue with interoperability.
There is one thing about interoperability that I don't see many people talking about:
Your messages going to and being handled by other services means you'd be subject to their TOS and privacy policy as well.
As long as services are transparent about it so users can make informed decisions based on it, that's generally fine.
But then services like Beeper, or just Matrix bridges in general, make it so anyone can setup such a connection between services without their contacts even knowing about it.
Your messages going to and being handled by other services means you'd be subject to their TOS and privacy policy as well.
This is true of literally every one of your contacts, too. When you send someone a message, they can screenshot, copy, archive, and forward however they see fit (and most people don't govern themselves by any kind of TOS or privacy policy). Which then means that if any one of your contacts chooses to use another service as a bridge, or as an archival tool, you're naturally going to expose your messages to that service, on that contact's terms.
But that isn't about interoperability per se. It's about how other people store and use their copy of data shared between multiple users. Apple iMessage isn't interoperable with anything, but users still have conversations archived all the way back to the beginning of the service over a decade ago, and can choose to export those messages to be saved elsewhere. (For example, I use a bridge for iMessage so that I can view them on my Android phone, but the mechanism is software that leverages the Mac's accessibility API).
Some of us are data hoarders. If you're gonna have a conversation with people like me, you'll have to trust that we don't use those archives in a way that either inadvertently/negligently or intentionally exposes that data to some bad actor. I'd like to think I do a good job of respecting my friends' privacy, and secure my systems, but I'm probably not perfect.
You're not wrong but a friend (maybe even inadvertently) being negligent with my message, and a business structurally sending my message (received from my friend's app) to third parties seems like a different ballpark.
I'm indifferent, since I've got both installed, there's no escaping having to use WhatsApp in many countries around the globe. If I want to keep in touch with family/friends then only one or two contacts use signal, for everyone else it's WhatsApp or the alternative is SMS.
I'm also indifferent though because of I want the interoperability, Beeper is doing fine.
It's certainly different, but for signal users who want to maintain that level of privacy, it's probably something they want, right? From their perspective this is probably a good decision.
I'm indifferent because I'd personally rather have interoperability and Beeper gets the job done.
Yeahhh it's amazing, your choices are a closed platform that forces you to buy their expensive devices, or SMS, or another proprietary platform ran by a notorious privacy predator.
Not only easy to understand but for a while it was the only way to do 2fa that was usable by lots of people. Smartphones aren't as ubiquitous as people think, even today.
SMS's fall from grace wasn't actually that it could be intercepted, it was the fact it started being used as an excuse to ask for a phone number and use that to track people.
Google still won't allow you to use any form of 2fa if you don't give them a phone number. Twitch/Amazon too. Facebook used to (until they got Whatsapp, now they don't need to ask.) LinkedIn used to (until they got broken into so many times it became a humongous liability).
That's the only reason I started using Telegram. It might not be secure or whatever, but it sure is nice to have voice and video calling on a nice-looking desktop app. It's the only one I was able to get my family to use, and that I already had some friends using.
But I could never get them to use advanced shit like SimpleX or something similar lol. "But this already works?" Yeeeaaah but... Nah, it'll never fly. 😑
Sms has been god awful since the beginning, both the standard and the business implementation. Remember bullshit pricing models for texts? 10center per text over your limit. Even today, the standard hasn't kept up with modern times.
What sort of irks me is what a mixed bag EU regulation is. Some is good (GDPR), not denying that. Some is annoying (you're going to be accepting cookies 100 times a day until you're dead thanks to them), and Whatsapp runs on all devices, so while interoperability nice, even as a free-software, Linux person I don't really care.
However, if you have to deal with friends or family in the US and you don't have an iPhone though, god help you. They don't care about this.
I guess my complaint is that EU regulation may seem legally elegant, but I think it is sometimes quite blind to the real situation on the ground.
It looks good on the books but we still, say, don't have a standard ARM boot process for smartphones that would help users not be dependent on whatever shitty ROM the OEM wants them to have. That would be life changing, but it will never even be talked about.
Yep, all the EU done is forced websites to have consent if the website want to process personal data.
There are many analytics that does not process IP address or fingerprint and so does not require consent banner.
Be annoyed on the websites, not this law.
That's already a solution to cookie banners: the "do not track" setting. It's been tested in court in Germany and confirmed to count as rejected permission for GDPR purposes. Websites dinky have to obey it.
It's currently slowly gaining traction, there's a privacy advocacy group suing high profile targets over this to create awareness.
We also need a formal change to the cookie law/GDPR to acknowledge "do not track" as the preferred method. Then the banners will slowly go away.
Nope. Android, iOS, Windows and Mac are not all devices. And web versions are far from ideal (some may suggest expanding web capabilities, but please don't).
just get an extension and adblocker filters to automatically dismiss/block cookie dialogs and use an allowlist for sites from which you actually need to persist cookies in your browser's settings and set your browser to delete everything else on exit. With Firefox and browsers based on it you can, in addition to that, use container tabs (try sticky containers extension) for even better context isolation.
on Firefox if a desktop addon has no mobile version you can look up how to add custom add-ons collections when it comes to cookie prompt blockers, but ublock origin and adding filters to it work out of the box. Recently also some apps started showing cookie prompts with no option to decline unless you pay, if they can work offline, make them so
The cookie consent also has a huge fail whale of unintended consequences - training users to click [accept], or really [anything], to make the annoyance just go away.
And nefarious actors have their run of the place now. They can slip onerous terms into EULAs and know they will largely be accepted.
As well as random [Continue] boxes to install malware or whatever they want since users are so well trained to click just to get it the fuck off their screen.
Right. That's a very different business model. I don't necessarily have an opinion about whether it would be better or worse. It is easier to look at our current problems and say it would be better. But, eh, I can block most trackers and be a leach off of websites that stay up by selling other people's data. shrug
This is why it annoys me every time someone brings up that SMS/iMessage is a US only problem. Whilst this may be true, for a lot of us WhatsApp is no different. Particularly now that Meta owns WhatsApp.
Signal refusing to federate with WhatsApp, even though meta says they will still use the signal protocol is the most bone headed decision I have ever seen from them.
There no better chance to break the network effect than this.
Not sure what you mean, of course WhatsApp can disable it's own encryption. That would be an argument for open source third party apps and interoperability.
What I'm talking about has nothing to do with the line protocol. Each client has encryption key pairs. The public key of the first party shares it with the other parties, and vice versa. If it's encrypted with the public key then the private key can decrypt it.
If Meta gets the private keys, they can decrypt any message they want independent of whatever protocol is being used.
But aren't these key pairs generated per session and/or per contact? So once you switch to a more secure / auditable client this only matters when communicating with people on whatsapp. But they presumably have a backdoor in their app for the NSA anyway.
No body said it's going to have the same level of security, but that still doesn't mean that should just give up on it, just put a small icon indicating this is a WhatsApp user.
Every Matrix protocol server, excluding some experimental or internal for a company ones, are federating?
And it's not an app as you can choose an app, the protocol defines client<>server spec too.
I just used the guides by mautrix for the respective bridges. https://docs.mau.fi/bridges/go/setup.html
there are instructions for a bunch there that work well. What was the issue you faced?
Its an open standard for communications (like xmpp, but the new hotness) with a focus on federating IRC chat. (lot of cool work on state resolution by them wrt that). So you can communicate with people on different matrix servers as long as they federate with each other. Additionally, they have built in support for bridges that let you connect to other people via matrix giving you a seamless experience on that service via matrix. Lemme know if you need more clarifications.