this post was submitted on 18 Jul 2026
97 points (99.0% liked)
Open Source
47942 readers
301 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 7 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Signal is a centralized, US-based service which requires your phone number (thus your real identity, IE name and address), has social networking graphs of everyone you talk to, and must forward that information to the US government when asked, as well as (by law) not tell you that they've been asked to do so. During the Obama era, 60 NSLs were issued for this private information every single day.
People overlook its privacy concerns for the same reason they do with apple: it has a shiny interface and is easy to use, and makes people very attached to it. Behind all that, is a surveillance network that its creators have explicitly said they do not want it to be able to run in a decentralized, private manner.
It has a long history of privacy offenses below (such as refusing to publish its server's source code for years, its reliance on other US tech services (amazon, google), US-government funding, and a US-defense-tank friendly administration) which get ignored or shouted down by many of those above. See the article below.
Why not signal.
Pretty much any alternative is better, as long as its not hosted in a five-eyes country, and especially if it doesn't require phone numbers or real identities like signal does.
I personally have been using SimpleX for friends and real life contacts, and Matrix for larger more anonymous group chats.
Source?
US government funding does not mean it's immediately bad... The internet, thr flu vaccine, closed captioning, and wheather radar were all funded by the US government. A truly secure messaging encryption is beneficial to the United States, and is evem good enough for the president apparently.
Since their messages are truly secure, it wouldn't matter where you store them. Just store them in the cheapest places possible. It being centralized makes it far more usable to the average person, making it much more likely for them to use.
Good question. I looked in the attached essay source, and he covers this there https://dessalines.github.io/essays/why_not_signal.html#social-network-graphs
This is my comment to the other person, I just don't want to type the same ideas out a second time:
I read it. They also have no source or evidence.
You can't simply say "we must assume" as evidence. In fact, they implemented "Sealed sender" in 2018 where they are not able to see who the message is being sent to.
They are also legally required to provide all information they have on users for warrants and subpoenas. Any time they do that, they post the (slightly redacted) document they provided to the courts. See the list here: https://signal.org/bigbrother/ This confirms they did not have any metadata on those users. The only info they have is what they openly state (phone number, date of registration, and last time a message was sent).
While there may be other US government requests they are not alllwed to disclose, they were legally required to provide the same information to the courts, and we can see what they provided.
And sure, while the US government funds Signal, you know who else endorses it? Edward fucking Snowden. If anyone knows about secure messaging, it's the man that physically removes the microphone and camera from his phones before using them.
Read the linked doc, because it's clear you didn't.
I read it. They also have no source or evidence.
You can't simply say "we must assume" as evidence. In fact, they implemented "Sealed sender" in 2018 where they are not able to see who the message is being sent to.
They are also legally required to provide all information they have on users for warrants and subpoenas. Any time they do that, they post the (slightly redacted) document they provided to the courts. See the list here: https://signal.org/bigbrother/ This confirms they did not have any metadata on those users. The only info they have is what they openly state (phone number, date of registration, and last time a message was sent).
While there may be other US government requests they are not alllwed to disclose, they were legally required to provide the same information to the courts, and we can see what they provided.
And sure, while the US government funds Signal, you know who else endorses it? Edward fucking Snowden. If anyone knows about secure messaging, it's the man that physically removes the microphone and camera from his phones before using them.
Okay yeah you definitely didn't read it. Large sections in that doc just before that are on phone number identifiers, NSLs, and 5-eyes countries, the US goverment pushing signal in privacy spaces... literally the reasons why signal isn't trustworthy. Unless you can tell me what an NSL is, then I'll assume you didn't read it.
Did you ignore the large section on NSLs? These come with a gag order, meaning its illegal for signal to notify their users about them being spied on.
This is a "just trust me" from signal, since neither of us have access to their centralized DB, but you also ignored two paragraphs down, where it showed that with message timestamps and recipient information, this would be trivial to find the real sender of a message, regardless of sealed sender. Again, actually open source software can't say "just trust me" like signal can, we actually have to show code to prove it, and let people run that code in a private manner.
Elon musk and jack dorsey also endorse signal. An endorsement means nothing, especially for centralized software based in a 5-eyes country.
Insightful! Thanks. I agree and I'll give SimpleX a try as others suggested.