[Andrew_nenakhov]

> Signal is for secure, end to end encrypted communication. Ideally that would be all communication, but that isn’t realistic in today’s world.

Do you seriously believe that ALL communication working through a single proprietary non-federated service would be a good thing? !

[nothrabannosir]

I’m having a hard time believing just how polar opposite of my point people are taking me, I must be explaining myself very, very poorly.

Let go of the idea of “good”, nothing is currently good. Everything is terrible. The only thing that’s “good” is a federated, open, and secure in practice protocol (I.e. not just for people who use it properly, but for people who is it full stop. Like HTTPS, for example.) Today, we don’t have that. Let’s work towards that. Let’s make it happen tomorrow.

But today: federated or secure, pick one. (See TFA)

Meanwhile , there are people , today, with a real need for encryption. (See TFA) A need that transcends our long term plans. These people look at what “techies” do and say, and they imitate it. That’s the way of the world.

It is currently PGP. That is not secure, in practice when used by those people (see TFA). Therefore, we need to stop using PGP, use Signal for now, until we have an actually good solution that is better than Signal and PGP.

That’s the summary of the article.

Nobody is talking about replacing all email. Nobody says the status quo is good. Heck, nobody is really arguing for Signal, as much as arguing against PGP, and signal winning by default. That’s all.

We’re all on the same side here, guys. It’s just a matter of temporary compromise.

[sergiosgc]

> We’re all on the same side here, guys. It’s just a matter of temporary compromise.

I get that, and I actually agree with you on almost this whole comment. The problem of the temporary compromise on Signal is that I don't believe it is temporary. Signal is actually good enough to prevent the transition to the optimum. Being non-federated, Signal will always have a single point of failure, but this will get masked until it is eventually exploited.

[kasey_junk]

But if you rule out Signal there isn’t another choice for the users in question.

There is not a federated messenger that provides the same security as Signal.

Your argument reduces to (for the user segment under question) “don’t use electronic because I value federation”.

I value it too but that seems incredibly selfish.

[Andrew_nenakhov]

> There is not a federated messenger that provides the same security as Signal.

Actually, there are federated messengers that provide better security and privacy than Signal. Yes, XMPP ones. They might not have the same convenience yet, yes, because they are not tied to phone numbers, but don't even get me started by trying to say that tie to phone numbers is a plus.

[joshuamorton]

Name a federated message tool that is more secure than signal for a user who is not a tech expert and whose life is potentially on the line.

[Andrew_nenakhov]

Conversations, Xabber, Chatsecure. Any of these is more secure than Signal: they are not tied to phone numbers (means: way more privacy), work with TOR easily, and starting a secure conversations is no more difficult than 'add contact' (enter contact XMPP id) -> 'press lock' -> you're ok, chat is private, and your phone number is not exposed.

Actually, this phone number thing is the main reason why I find it hard to suggest using Signal to anyone who's life is on the line.

[upofadown]

If your life is actually on the line you are better off doing some research on how to use PGP properly. Otherwise you have no good way to know if you will end up with something strong enough to use against state actors. The simplicity and strength of PGP is hard to beat. Riseup.net has an entire section mostly about OpenPGP:

* https://riseup.net/en/security/message-security

[Quiark]

You mean gmail?