Signal feed
Post
Remote status
#Signal seems to be down, so this is a good moment to consider if you have backup comms channels with people you care about.
A Signal Contingency Plan, if you will:
https://signal-contingency-plan.info/
I agree with the recommendation there and am working on making Delta Chat @delta that kind of backup channel for me and mine.
Replies
50@dougwade Delta Chat would still be a better option, besides being YEARS ahead of such new solution, in Delta Chat you don't depend on a particular server, for example here in fediverse if your instance goes down suddenly you lose your profile, with delta chat you can have several instances at the same time so if one goes down the other keeps working (this is new and still under development), the fedi solution would also need that level of resilience to be comparable
@arcanechat @rysiek thanks for this thorough answer. Sounds like if I want this someday from the fediverse, it’d be some combination of distributed identity, e2ee, and time, but for today just install delta chat and we’ll worry about all that later.
@feld @dougwade @arcanechat @rysiek 2. and 4. is just ‘we can’t improve just the part of fedi we’re on’. if it was any true, Pleroma would be merely a worse Mastodon clone. there are apps creating new kinds of experiences using ActivityPub and they’re planning to implement the MLS over AP spec. just telling users you can’t use E2EE messaging with some of your friends is much less confusing than the experience mainstream IM users are used to, like whatever recently happened to Facebook Messenger when they switched to E2EE by default
@mkljczk @arcanechat @feld @dougwade @rysiek At least with Pleroma, the chat part has been partly solved. Using classic AP DMs (to: ["https://example.com/users/recipient"]) for E2EE isn't doable without lots of added complexity, because you can add new mentions at least according to how most implementations do it.
E2EE over AP is suffering from the Linux case of reinventing the same wheel all over again. Instead of Ciscoware and XML, we have AP/JSON(-LD) and endless extensions, neither work great. Instead of reinventing a protocol never meant for private communications (although never explicitly said) as a simple transport layer, people should have tried to fix XMPP.
Here's Pleroma Chats as they should have been from the start, and I'm not joking that much: https://docs.ejabberd.im/developer/extending-ejabberd/elixir/#embed-ejabberd-in-an-elixir-app
@phnt @arcanechat @feld @rysiek @mkljczk
> we have AP/JSON(-LD) and endless extensions, neither work great
At the risk of revealing how completely out-of-my-depth I've gotten myself, is there a good explainer on the limitations of JSON-LD you're referring to here?
If you're worried about Delta Chat being e-mail based and using OpenPGP, you should probably read this:
https://blog.feld.me/posts/2025/03/deltachat-is-actually-good-though/
@davep I'm sure it's going to come back up sooner rather than later. But it's a good reminder how much we rely on it, and to have a backup plan.
@lxo @feld @rysiek Are you implying Signal shares your information with third parties? Or that they even can?
I understand your desire for autonomy, which is cool. That doesn't mean you have to throw shade where it's not needed. The issue here yesterday for Signal was resilience, not access to your data.
@lxo @feld @rysiek
I agree with the centralisation risk. But those articles have nothing to do with needing a telephone number. They're more of an indictment of Windows and tend to back up Signal's worry about LLMs embedded into the OS.
If your endpoint is compromised, anything you read is also compromised.
As for the "magic" comment, it's just that they encrypt basically all the metadata that the likes of WhatsApp don't. And with the double ratchet protocol they can't decrypt that data. They *could* make logs of who called or messaged who, but don't. If this were decentralised, what's to stop a bad actor logging such information? Just curious. It may need a rethink of the whole architecture (I'm not saying that's a bad thing by the way).
your Signal account key is stored in Signal's cloud as you can recover your account with a PINholy gnu! that's bitlocker all over again 😞
@lxo apparently there are secure enclaves behind the pin so your data is protected. It's pretty clever.
@davep
Doesn't Intel hold private keys for SGX enclaves or something? I remember hearing something like that. Is that a concern?
Then again, I guess we are trusting chip designers anyway. But Intel has recently been partly bought out by the US gov; which is concerning as all the Minneapolis ICE watchers and similar groups are using Signal.
@lxo @feld @rysiek
We can't find the internet
Attempting to reconnect
Something went wrong!
Attempting to reconnect
