• ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
    link
    fedilink
    arrow-up
    3
    arrow-down
    2
    ·
    4 months ago

    It’s a non-profit whose goal is to provide encrypted private chat.

    It’s a non-profit run by ex-CIA people that’s hosted centrally in US, and being aggressively marketed as the only legitimate means of secure communication. Any time somebody points out the many problems associated with Signal, people swarm in to defend it as the one perfect secure chat platform that everybody should be using. Weird!

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      I feel like it being founded by ex CIA people is really not important. They aren’t actively working for the CIA and chances are they know the threat they face. Best to just ignore that part and focus on the technical details. At the end of the day any server you don’t control shouldn’t be trusted.

      • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        I feel like it’s very important in terms of understanding the potential goals and motivations of people working on a particular piece of technology. Just because they say they’re ex-CIA absolutely does not mean they’re not actively working for them. While technical issues are obvious here, that’s not always the case. For example, there’s a famous case where NSA suggested using a particular configuration that made SSH vulnerable. There was nothing that would jump out at anybody as being nefarious because you had to already know that a particular exploit existed to notice it. However, questioning the intentions of the NSA in this scenario would’ve helped avoid the exploit.

        https://thehackernews.com/2015/10/nsa-crack-encryption.html

      • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
        link
        fedilink
        arrow-up
        4
        arrow-down
        2
        ·
        4 months ago

        I think if you really care about privacy then you basically have to run your own for people you know and trust. At that point it doesn’t really matter what it is. It also depends on your threat profile. If you don’t actually care that people know your contact network, then Signal or any other app is perfectly fine. For vast majority of people it really doesn’t matter. The point is that Signal isn’t a good solution for people who do genuinely care about privacy.