[sourraspberry]

Signal is the only WhatsApp/Messenger alternative I've managed to get friends and family to actually move to.

I suppose this Sealed Sender issue is problematic for some people, but it's not enough for me to seriously consider jumping ship.

[ezst]

> Signal is the only WhatsApp/Messenger alternative I've managed to get friends and family to actually move to.

And what good did that achieve, practically? In effect, your friends and family:

- still use a centralised service with Signal (subject to enshittification/changing the deal overnight/acting as a single point of control and failure) - still use WhatsApp because they really have no choice: that's where everyone else is (and so, there is no avoiding Meta's data collection on them and indirectly, on you) - gained nothing compared to WhatsApp+E2EE (being centralised, both Signal and Meta can infer your social graph, the nature and volume of exchanges you have with your contacts, and hence the nature of your relationships, Signal only "pinky swears" it's not looking at it, and that's a very lame "guarantee").

[imiric]

I can't speak on the technical implementation differences between WhatsApp and Signal, but there's a huge trust difference. One platform is owned and run by a trillion-dollar corporation with a long history of privacy violations, data breaches, coverups, and security issues, and the other isn't. Whatever issues Signal Foundation has had, they certainly pale in comparison to Meta's. That's enough of a reason for anyone who cares about privacy and security to choose Signal over WhatsApp any day of the week.

[ezst]

This doesn't fly in light of recent history: first, Signal has some trust issues of its own (I mentioned a couple user-hostile acts in sibling comments), but that aside, do you remember how much praise WhasApp was getting in its early days? There is no guarantee the same can't happen to Signal (though it's pretty clear that it will become a major target for takeover and under significant scrutiny and influence would it ever grow past a certain point).

[imiric]

I repeat:

> Whatever issues Signal Foundation has had, they certainly pale in comparison to Meta's.

At this point I would trust a vibe-coded messenger app over anything produced by Meta. Security and privacy are completely opposed to Meta's business model and track record, regardless of how WhatsApp was once designed, and especially regardless of what their PR army claims. The idea that the same couldn't hypothetically happen to Signal is pure fantasy that's not worth entertaining in this discussion.

[ezst]

I repeat: when confronted to bad or evil, you should expand your options.

[throwaway89201]

Meta sees your entire social graph by design, and stores the name and participants of groups you create. You (meaning: experts) can independently audit and through reproducible builds verify that Signal does not do this by design, while nothing about WhatsApp can be audited in the same way. Meta is also a plainly for-profit company with bad track record, while Signal often gets flak from (IMO mistaken) radical nerds but otherwise has a very good reputation.

The privacy fatalism in your comment here and in other comments is plainly incorrect.

[ezst]

What you say is barely different from what the opponents to generalized https were saying back in the days "true your ISP can see all your traffic, but they are the good guys, you are their customer after all".

With SSL, we no longer have to care, and that's much better that way. Signal has all the same means of (meta)data harvesting and analyzing as Meta. It can't be made different: this is built into their very centralised service. All I'm saying is that we should aim for better, and have guarantees baked into the protocol to avoid absolute metadata centralisation. Federation is a good start.

[kamranjon]

What do you mean signal “pinky swears” it’s not looking at it? It’s E2E encrypted and the code is open source - am I missing something? How would they possibly look at it?

[fragmede]

ezst is referring to the metadata — who you're talking to, not the contents of the message

[ezst]

Precisely. The metadata and some basic packets analysis suffices to reveal if you are at home or at work, sending text or images, traveling/from approximately where to where or still, on the toilet or working, etc, all without breaking the glamorous post quantum ratchet encryption.