[heydabop]

You don't even have to get that radical with "nothing to hide".

Next time someone says that ask if they use blinds in their house/apt, if you could setup a webcam in their living room, or if you could just read some texts between them and a significant other. Or ask for their passwords, date of birth, SSN, credit card numbers, pets' names, and parents' names.

Simple things like this are why I talk to people via Signal and why I'll never get a Ring/Nest doorbell, or any other 3rd party owned internet connected camera.

[Jensson]

People don't care when they are just a statistical datapoint, like sure they can see "now a million people are having sex", but nobody will act on that since it isn't interesting. Which is why people would be more fine with having a camera in every bedroom than having a camera in their bedroom specifically.

So arguing "what if I spy on YOU?" wont convince anyone. They see that as a completely different thing.

[ekianjo]

Signal is centralized and is an obvious target for surveillance so I would not even remotely rely on it.

[eitland]

The point of Signal is supposed to be that to the best of our knowledge, even if all its packets are run through FSB and NSA, and even if they captured all Signal employees at once and somehow forced them all to cooperate, your messages should still be safe until they manage to push an app update that compromises the app.

Of course this only helps as long as your device isn't backdoored but that is true for any app.

(I say this as someone who regularly defend Telegram here, because in my opinion I don't have to pick one or another.)

[beckman466]

And most devices have backdoored CPUs too (Intel ME)

I wonder what the next Crypto AG (CIA front) will be

[thefr0g]

> I wonder what the next Crypto AG (CIA front) will be

NSA: VPN and "secure" webmail providers

CIA: They don't need fronts anymore, they have CISCO, Juniper, Netgear, etc.

[beckman466]

many argue that silicon valley firms are de facto extension of the US government [1]. a swiss army knife (haha) in their toolkit that allows complete control over the flow of information. i mean seriously, just look at how fast the Crypto AG story was forgotten. only this Dutch article [1] and a handful of others properly dives into the profound impacts that the CIA backdoored Crypto AG devices likely had on world events in the past 50 years. [2]

so yeah if SV firms were not extensions of the US govt. (hardware firms too, not just software), they would have already been broken up years ago.

the senate hearings are just a charade used to stroke the ego's of the 'visionary' SV tech bro CEOs. they also show us how tech illiterate the working class has been made. [2]

[1] https://www.youtube.com/watch?v=6pVfYmttcag, https://www.youtube.com/watch?v=q9oMYL2M_tE

[2] https://www.vpro.nl/argos/lees/onderwerpen/cryptoleaks/2020/...

[3] https://jacobinmag.com/2015/03/socialism-innovation-capitali...

[HPsquared]

I guess "Intel" is a sufficiently ironic name.

[heydabop]

Gee, thanks for contributing to the conversation and providing a useful alternative.

The only semi-popular better option I can think of is Matrix, but getting people on Signal is already hard enough and using Matrix on a mobile device is (last I checked) far from ideal.

Security is a gradient, not an all-or-nothing. Signal is vastly better than almost every other electronic communication method.

[ekianjo]

Once its compromised there is no gradient anymore and you never know when things are compromised because three letter agencies will anyway not tell you.

[hellojesus]

Given the risk of xyz agency, there seem to be only a couple options to me:

- side-load a peer reviewed apk so you can check the sigs and make sure all crypto is being done locally (and to make sure that the implementation is solid)

- manage your own keys like you would with traditional pgp emails. Give your public to your friend. Force them to send anything sensitive using it. Maybe change to symmetric keys from asym but rotate occasionally. But you still have to trust the app you use to do this unless you want to do it manually each time.

*These don't necessarily solve the Metadata issue

[heydabop]

> side-load a peer reviewed apk

Signal has open sourced clients with reproducible builds (on Android) and their encryption library has been reviewed by multiple 3rd parties to great acclaim.

PGP lacks forward secrecy, meaning if a key does get compromised all of your past correspondence is now also compromised.

[hellojesus]

This solution works then, right? So given this implementation (and not a play store or ios download), one should be safe from xzy snooping?

Edit: As someone that has heard of forward secrecy but not how it relates to pgp, these were helpful reads:

https://signal.org/blog/advanced-ratcheting/

https://signal.org/blog/asynchronous-security/

[heydabop]

So what do you use instead?

[ekianjo]

It's not about what to use, it's about having expectations of zero privacy when communicating online. Expect everything to be potentially public.

[ewzimm]

I'm curious about your concerns about a Nest/Ring doorbell. Since it would presumably face a public space, if there was a privacy concern, it would seem easier for a third party to set up their own camera for surveillance. If I was worried about being watched, I would think the best strategy would be to set up vulnerable cameras on my own network, monitor them for access, and hope that someone would try to use them instead of installing their own.

[robotguy]

>Next time someone says that ask if they use blinds in their house/apt

I think this is the closest analogy I've heard yet, but not in windows on suburban, tree-lined street. People walk down those streets and the windows are at eye level. Someone could accidentally see into those windows. No, I think if we consider windows in hi-rise buildings in a major city, the analogy is getting much closer. Seeing into one of those windows requires a bare minimum of intent and possibly an inexpensive tool, say binoculars or a telescope. However I would be willing to bet that a large portion of hi-rise dwellers do NOT close their blinds on the theory of "No one is looking in MY window."