• CHEF-KOCH@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    3 years ago
    • Matrix has no SMS support, it is a weak argument but it is one because some people prefer All-in-One Apps instead of installing 1000 apps.
    • You can use Signal with burner Sim, the old argument … but but it uses your phone number is nonsense.
    • You can use Signal forks that work without phone number like e.g. Molly.
    • It is correct that Matrix uses AWS, azure and co. as servers, however the metadata impact those servers can see or use or abuse is not given. This is proven, same like that the code is considerable good enough. From what I know the Matrix clients … none of them nor the protocol got audited.
    • Skipping each time a new player pops up instead of fixing the existent protocols and clients is not for everyone a solution.
    • Most Matrix clients, at least on Desktop suck, it ends up with using alternative clients and then there is the problem of fragmentation and that those clients might even be more insecure or do not implement all feature.

    I use both Matrix and Signal and they both suck in terms of usability and alternatives clients with better GUIs and resource usage.

    Claiming over and over and over Matrix is the solution when it is not and had multiple times already incidents is cringe. There is metadata leakage, there is the group chat encryption problematic and and and, I do not even mention all problems. It will take years to address all of this.

    • pinknoise@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      3 years ago

      You can use Signal with burner Sim, the old argument … but but it uses your phone number is nonsense.

      It’s not that easy to get anonymous SIM-cards in many countrys. Also it’s just incredibly inconvenient and insecure. (enables easy impersonation)

      But yes most matrix clients (and servers) suck big time.

      • CHEF-KOCH@lemmy.ml
        link
        fedilink
        arrow-up
        1
        arrow-down
        2
        ·
        edit-2
        3 years ago

        You can buy SIMs online via Monera and Bitcoin.

        It is really that easy, I do not post websites because it is a gray-zone but Google it and you find entire phones without SIM tracking and websites connected to it selling only the SIMs. Every scammer use this method.

        How is that insecure if I may ask. There is no attack scenario, SMS is simply not designed to be secure, you know that before you can send something. Impersonation is on all anonymous networks like Session a problem, this is not an exclusive SMS or Signal problem. God knows how many CHEF-KOCH fakes I already encountered on Telegram and Session. I stopped counting.

        Also secure networks like Session do not stop someone from data exfiltration attacks or if you leak information yourself others can use against you. SO those networks and so-called alternatives are by no means any real alternative, Signal is designed for friends, not strangers. My friends have my real-name and my phone number, not sure about your friends…

        • pinknoise@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          3 years ago

          You can buy SIMs online via Monera and Bitcoin.

          I know, there are also sms-gateways and if you’re in the EU you can use a SIM from another EU country for quite cheap. It’s still inconvenient, may leak your location and is probably illegal.

          Impersonation is on all anonymous networks like Session a problem

          Using a mobile number as ID gives a false sense of authenticity. Signal only shows tiny warnings when someones “security code changes” when it should block further communication and show a warning that cannot be clicked away without knowing the implications.

          Also secure networks like Session do not stop someone from data exfiltration attacks or if you leak information yourself others can use against you.

          It’s impossible to defend against this at the software level.

          Signal is designed for friends, not strangers.

          Is your communication with friends less sensitive than that with strangers?

          • CHEF-KOCH@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            3 years ago
            • Farming data without opt-in is also illegal and no one cares.
            • Using no authentication at all is also false sense of authenticity because you do not know who you are talking too which disqualifies Session. Another problem is you need to trust others servers, joining them without any chance to verify that these servers are not a honeypot or alt-right.
            • I agree there is no network nor software which prevents data exfiltration attacks. But this shows that the main issue is on users end, not the network.
            • My point is that you to 100 Percent already shared sensitive information, so there is no privacy intrusion if you use Signal. Signal is proven to be secure and the metadata stuff on the servers are so minimal that the feds cannot do anything at all with it. I do not see to suggest other IMs who had leaks in the last + there are no audits or evidence that it is really as secure as you think it is.

            Verification, at some point will so or so become a part in the EU, if not via SMS than age check, ID or whatever they come up with. The dream that you can be fully anonymous than this is what this is about ,not privacy, will end so or so, thanks to alt-right people who abuse every anonymous network to share illegal material, to scam others. The privacy argument is for most nothing but an excuse and the Govt is also not stupid and can see that. How is it helpful suggesting software or alternatives that are ore complicated to setup and you never know who you are talking too better, I do not see it, you run into more problems if you trust anonymous strangers, besides you can block on every Android phone at least Contacts and SMS permission without root if you dislike those permissions or features - some networks or alternatives do not even allow that.

            There are problems on both ends, not only centralization and decentralization does not solve all of mentioned problems. No beginner wants to setup his own server to just chat, and no one I know does that, so at the end of the day it anyway ends up trusting a random stranger with your data because you use his server, network with your data.

            I think Signal is good for beginners, like ever software it is not perfect and like every network nothing is fully anonymous. I do not see how Matrix beats simplicity, functionality and usability - right-now - over Signals for beginners. In fact by default depending on what server you are connected too on Matrix you are less secure. There is absolute no verification, so complaining about that Signals verification process is not perfect while Matrix ones is not existing or flawed is weird.