this post was submitted on 27 Feb 2026
1007 points (98.6% liked)
Privacy
47483 readers
1786 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 6 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's also important to continue educating people about the fact that Signal is incredibly problematic as well, but not in the way most people think.
The issue with Signal is that your phone number is metadata. And people who think metadata is "just" data or that cross-referencing is some kind of sci-fi nonsense, are fundamentally misunderstanding how modern surveillance works.
By requiring phone numbers, Signal, despite its good encryption, inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.
Being able to map out who talks to whom is incredibly valuable. A three-letter agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a "person of interest" for any reason, they instantly have your entire social circle mapped out.
Worse, the act of seeking out encrypted communication is itself a red flag. It's a perfect filter: "Show me everyone paranoid enough to use crypto." You're basically raising your hand.
So, in a twisted way, Signal being a tool for private conversations, makes it a perfect machine for mapping associations and identifying targets. The fact that Signal is operated centrally with the server located in the US, and it's being developed by people with connections to US intelligence while being constantly pushed as the best solution for private communication should give everyone a pause.
The kicker is that thanks to gag orders, companies are legally forbidden from telling you if the feds come knocking for this data. So even if Signal's intentions are pure, we'd never know how the data it collects is being used. The potential for abuse is baked right into the phone-number requirement.
Opinion: I think painting in Signal in such negative light is more harmful in the practical sense. Having fragmented messaging towards the public that does not care about many of these aspects just makes them a lot more hesitant to change, from my perspective.
We as a community should, in my opinion, pick a "good enough" solution for the majority of the people we interact with. That in itself is a market force to show interest and demand for private solutions. Most people I know don't have the tools or knowledge or time to understand nuances and all they'll hear are conflicting messages.
For us more technically inclined people: hell yeah, let's figure out the ideal model and bring it up to maturity so others can join when it's fleshed out. E.g. when lemmy came to my attention in the reddit 3rd party app fiasco, I was really confused on how to sign up and use it. And I'm no stranger to tech.
Edit: spelling
I'd probably suggest Deltachat. It's decentralized and has always on encryption, but is so incredibly simple and easy to onboard and use, and doesn't require a phone number or even an email. It also works on all platforms with a single app.
wait, doesn't it rely on the email system?
I would rather have signal possibly collect my social graph than google through gmail.
It uses a subset of the email protocol (which makes it very difficult for governments to block) but it no longer uses an an actual email address to function by default.
Even if someone did use a gmail exclusively for this (you can't use it with an email account you use for normal emails too), everything would be entirely encrypted, and only the app itself would be able to decrypt it (google would not be able to decrypt the messages). But again, no normal user is going to use an actual email address.
You can read more about how it works in their FAQ. But the short version is once you pick a username, it just gives you a QR code or link to send to people, which connects you immediately in an encrypted chat room with no faffing around with emails.
There are plenty of good enough options like SimpleX Chat out there that don't have this problem. The whole argument that people should just ignore the obvious issue with Signal is frankly weird.
Accept defects != ignore
My original comment that you replied to was explaining the defects. People are free to decide whether they want to accept them or not. Your comment is saying that it's harmful to discuss these defects which implies that we should just ignore them.
Apparently they don't store contact info.
https://signal.org/blog/looking-back-as-the-world-moves-forward/
The problem is that you just have to trust them because only people who actually operate the server know what they do or do not store. Trust me bro, is not a viable security model. As a rule, you have to assume that any info an app collects, such as your phone number, can now be used in adversarial fashion against you.
And that is the problem with anything you don't write yourself. And for anything you do write yourself: Are you smarter than the three-letter agencies?
There are plenty of chat services that aren't centralized and hosted in the USA.
Sure… and my point is that you have to trust those services that aren't hosted in the USA. It's a choice you have to make. I'm not judging either way, just pointing out because what I responded to in the comment to which I replied was:
Which is true of open source unless you read the code and can verify nothing nefarious exists; which is true if you use a service in a country you trust; which is true no matter what you're doing.
Not all entities are deserving of the same level of trust - some are more trustworthy than others - but you are still making a decision to trust someone unless you write the code yourself or verify the code yourself.^[And had the capability and time to do so]
Not at all. Not everyone needs to audit open source, only a few interested experts do. Most importantly, auditing is possible because its out in the open.
The just trust me model of signal means its impossible to audit, unless they give us their centralized database and server code.
You don't have to trust anybody when you run your own server, or you use a server that doesn't collect information it has no business collecting.
No need for that when self hosted open source projects exist
Yeah there's a reason they don't allow you to use your own self hosted server.
People just accepting what companies say is how we ended up in the current mess. But here we are again. Companies work around how people perceive things to be secure and private all the time. It's just one small cog in the big machine.
It's how some NGOs are part of a intelligence and surveillance network but people only focus on the social work and it becomes immoral to criticize the good things they do as a cover.
There's also reluctance to release it in f-droid. They say they want to becontrol the distribution, but they have no problem with Apple and Google being the main distribution platforms. They haven't even looked at unified push. And that just adds to the "there's something else going on" factors.
Signal protocol might be bullet proof but the app supplier, centralized server, and phone number requirement and the most mainstream OS aren't. When you combine with how mainstream OS companies like Microsoft, Apple and Google work together with the feds, there's ways that the bulletproof protocol may not be sufficient and is only a part of the bigger picture. There's also US government spying on notification.
They may work without them but the inconvenience will deter 99% of people. Being dependent these external factors, It just doesn't feel as bullet proof as a whole.
Whatsapp also uses the signal protocol, but you wouldn't trust them because they're under facebook, would you?
Best alternative?
It really depends on your needs and what people you communicate with are willing to use. A few platforms that are notable in no particular order.
SimpleX Chat is probably the gold standard right now. It uses absolutely no user IDs such as phone numbers, no usernames, no random strings of text. Instead, it creates unique, pairwise decentralized message queues for every single contact you have. Because there is no global identity, there is no metadata connecting your conversations together.
Session is a popular Signal alternative. It doesn't require a phone number and routes your messages through an onion-routed decentralized network that's similar to Tor. Since your IP address is hidden and messages are bounced through multiple nodes, no single server ever knows who is talking to whom, stripping away metadata.
Jami is completely decentralized, open-source platform. It uses Distributed Hash Tables to connect users directly to one another without a central server. Notably, it supports high-quality voice and video calls.
heard SimpleX is really good, the only thing that bothers me is their vc funding model. It makes me feel a bit suspicious.
Yeah, I'm leery about anything where vcs are involved as well for obvious reasons. The tech itself does seem solid though, and it is open source. If it does start moving in a sketchy direction at least it could be forked at that point.
I really want simplexchat to evolve and get more features. If they ever make a lot of mod tools and the possibility to make giant servers with thousands with chatrooms like discord I could see it having mass appeal due to the ease of "signup"
yeah it definitely has some promise
I like your analysis, and would love your thoughts on matrix(assuming you have ofc)
It's better than Signal since you don't have to disclose any personal info, but people have pointed out some issues with federation in it. Again, it's one of those things that may or may not matter based on your use case.
People keep finding significant vulnerabilities in its cryptography and the Matrix team tries to deflect or create strawmans for why it isnt actually a vuln. Soatok found a vulnerability in 2024 by just browsing the source code for tiny bit of time, and again just two weeks ago after looking for a couple hours. In both cases, Matrix then responded to his vuln report with hostility, saying it wasnt actually a vulnerability. He is sitting on another vulnerability.
Having a cleartext mode is a security downgrade and no secure messenger should support cleartext. It only barely got functional forward secrecy recently. VoIP in most Matrix clients (and servers) still use Jitsi backend which isn't E2EE, even with the release of the newer (secure) Element call protocol. Matrix leaks tons of metadata, such as usernames, room names, emoji reactions, generate URL embedded previews. Rooms arent encrypted by default. It is also a UX nightmare and often times you cant decrypt your messages.
Matrix is not secure. You'd be better off with XMPP and OMEMO which has its own problems and isn't secure either. Sill better than Matrix.
Session is a security downgrade. It doesnt support forward secrecy which is hella important.
Probably Briar. Encrypted, P2P, and doesn't require anything but a username and password to sign up. Pretty sure that username doesn't need to be unique, it's just what people will see you as in messages.
Downside is it's only Android, so many people are left out.
sadly Briar has been stuck at the "cool idea" stage for years. Still no desktop app, still no iPhone app.
The only people who know this are people operating the server. Period.
See the link I provided above.
Yup, that's precisely what it's a filter for.
Trust me bro is not a viable model for anybody who actually gives a shit about their privacy.
The reality of the situation is that Signal asks users for information it has no business collecting during the sign up process, and this information can be used in adversarial ways against the users. People using Signal are making a faith based judgment to trust the operators of this server.
I appreciate the comment on the matter. This is good information to know and consider.
People should know that Signal is encrypted and private, but won't make you a ghost.
That being said, the majority of people are not interested in privacy so getting them to use Signal over WhatsApp or SMS is a 99% win.