(Please see comments) Alternatives to Signal if they exit EU due to ending E2EE

Like the title states looking for E2EE apps (Android and iOS) without going into much details or needs to be robust enough and easy to use for anyone and stable for operations that are susceptible to constant electronic warfare. I did some research and thought about replacing Signal with Molly and wondering if it will still work if Signal leaves the EU, but am also worried about its updates to patch vulnerabilities in a timely manner. I appreciate the help I am a “Jack of all trades and master of none” when it comes to these types of programs, but am also the go to currently in my unit since I am somewhat knowledgeable about exploits and attacks that can compromise systems would be great if there was an desktop as well (like Signal) and would also be nice if it was FOSS and auditable ( I know that’s kind of redundant ) I know it’s a tall order to ask but figured I would try. I really appreciate the help so much and hope I did things by the rules here and don’t get flamed if this has already been covered ( I searched but my skills with searching the fediverse is low

mypasswordis1234,
@mypasswordis1234@lemmy.world avatar

Matrix

kixik,

It depends on what you want. I encourage people to use Jami (distributed, so might be a thing, if not self-hosting your own service, since what is said decentralized in reality is a set of centralized services). If too hard, then XMPP + OMemo. And only then, Matrix (by design it gives up more meta data than XMPP).

mihor,
@mihor@lemmy.ml avatar

Pardon my ignorance but is EU really truly considering this colossaly stupid move to ban E2EE?

Thisfox,

Just a whole lot of ignorant hype, I believe.

SHITPOSTING_ACCOUNT,

The only alternative that’s FOSS and not centrally controlled is Matrix. By being decentralized, anyone can run their own server and good luck stopping that.

There may be 200 other “alternatives”, but they’re irrelevant to the point where I consider then non-existent. Nobody has heard of them. Nobody is using them. Trying to push them on normal people will most likely result in them no longer talking to you as often or at all, and none of the other ones has any chance of reaching a critical mass. Matrix at least has some recognition among nerds and some, tiny amount of adoption outside.

Stop pushing random niche shit, it does privacy a disservice.

Fungah,

I don’t understand why people think downloading s fucking app is so arduous. I truly don’t. Their stalwart refusal. To do it puzzles tf out of me.

SHITPOSTING_ACCOUNT,

If I installed a different app for every friend I had, I’d have a homescreen full just of chat apps. What’s worse, those niche privacy friendly apps go under or out of favor often.

You might be able to convince some of your friends to install an app just for you once, but by the time you’re telling them “this one now sucks, I’m on other app now” for the second time, they’ll just stop chatting with you, and if you ask them repeatedly, likely shun you even IRL because most people want to live their lives, not chase chat apps for their friends’ weird interests.

And even if they do that, they’ll have one app that they use every day, and one that sits in the bottom of their app drawer. Guess who gets invited to do something on the weekend, the person who shows up on their main contact list, or the person that would show up if they dug out that dusty app? And guess what the phone is gonna do with that app once it hasn’t been opened for a week… it’s going to deprioritize it so it won’t even work properly, while their main daily-opened app always gets push notifications immediately.

You don’t have to like it. You can pretend it’s not happening. But it will happen.

zShxck,

The only alternative that’s FOSS and not centrally controlled is Matrix

That’s not true, there is also XMPP which is lighter and far more decentralized than Matrix

Zerush, (edited )
@Zerush@lemmy.ml avatar

There are over 200 alternatives to Signal, Open Source and encrypted, out there. The attempt by governments to ban them all seems a little far from reality to me. alternativeto.net/category/…/encrypted-chat/?feat…

Nastybutler,

Is there a reason no one has mentioned Telegram yet in this thread?

g.co/kgs/TTe2mp

KLISHDFSDF,
@KLISHDFSDF@lemmy.ml avatar

possibly because Telegram is as “private” as Facebook.

Nastybutler,

It has end to end encryption though, so could you clarify why you think that it’s not private?

KLISHDFSDF,
@KLISHDFSDF@lemmy.ml avatar

I’m not saying it can’t be private, but defaults matter and by default every message sent on Telegram (unless you opt into a “secure chat”) is viewable by anyone with access to Telegrams infrastructure and you have no way to know your message history has been compromised.

In contrast, everything within Signal is completely private and end-to-end encrypted with no compromises. Your groups, group names, profile pictures, stickers, reaction, voice/video message etc are all private without anyone having to make do anything. Privacy is enforced, not an option.

Telegram does have secure chats, but - either intentionally or not - they have made them incredibly inconvenient to use as they are not enabled by default, don’t work in group chats, and don’t sync across your own devices.

So yes, Telegram is private, just as private as a PGP encrypted email.

SirEDCaLot,

Much has been said about the idea of ‘signal leaving UK or EU’. Little has been said about how exactly that would happen.

AFAIK, Signal has no business presence in the UK or EU. IE, no offices, no registered corporate entities. Thus, they (arguably) have no more requirement to comply with UK’s or EU’s regulations than, say, Iran’s or China’s or any other jurisdiction where they do not do business and have no presence.

Signal’s leadership has a record of giving any regional restrictions the middle finger, so I doubt Signal would voluntarily block EU countries. So that means the EU would either pressure Google and Apple to delist Signal (easily worked around, at least on Android, and soon on Apple too as EU is trying to force sideloading) or they’d pressure ISPs to block connections to Signal (more or less impossible).

If EU tried to do that, it’d just create a giant game of whack-a-mole. And people doing real CSAM shit would just move to even more private distributed systems.

7heo, (edited )
@7heo@lemmy.ml avatar

expired

sir_reginald,
@sir_reginald@lemmy.world avatar

XMPP or SimpleX. It’s easy to block signal, given they require a phone number and the servers are centralized. But it’s quite hard, potentially impossible, to block the federated XMPP network or the decentralized relay structure of SimpleX

Natanael,

You need to add encryption on top with OTR plugins or equivalent

Or use Matrix where it’s on by default

ngn,
@ngn@lemy.lol avatar

i would argue that matrix is not decentralized enough (almost everybody is on matrix.org)

also all popular XMPP clients (conversations, gajim etc.) supports OMEMO and OpenPGP/PGP out of the box

EngineerGaming,
@EngineerGaming@feddit.nl avatar

Also Matrix servers are way more resource-intensive than XMPP ones. Synapse one is probably not even possible to run on my low-spec VPS, idk about Dendrite or Conduit. And from what I’ve heard, the server is harder to manage.

ngn,
@ngn@lemy.lol avatar

thats actualy one of the reasons i stopped using matrix - synapse kept crashing my server lol

but i should also mention that XMPP servers have less documentation/tutorials, i spent an entire week just to get prosody to work as i wanted it to

Chobbes,

In my experience prosody is pretty easy to set up, but there’s also Snikket now which is built on prosody and hopefully makes setup even easier (but I haven’t used it).

tavu,

Use a good XMPP client like dino/siskin/conversations and OMEMO just works. XMPP client OMEMO support status.

You can’t argue “not all XMPP clients support e2ee” without arguing the same for matrix – not all matrix clients support e2ee.

gasull,
@gasull@lemmy.ml avatar

You can just continue using Signal. All the alternatives will disappear from the app stores too unless they spy on you.

A recent alternative with even better privacy is SimpleX: simplex.chat

cypherpunks,

the author has a lemmy community about it too: !simplex

possiblylinux127,

I would still use Signal. By ignoring bad laws you are turning the EU government into a laughing stock

Hazel,

Take a look at the matrix network. Its decentralized like lemmy and the cryptography is on point. And it cant really be cencored due to this reason.

library_napper,
@library_napper@monyet.cc avatar

Unfortunately its possible to send messages on Matrix that are not encrypted

Hazel,

Yes its possible, but you are free not to send unencrypted matrix messanges.

library_napper,
@library_napper@monyet.cc avatar

Human error is possible. Happens to our users PGP emails all the time.

As an org we dont allow any software where its possible to send unencrypted messages. It too much risk.

Hazel,

I completely agree. Though pgp emails usually have to be set up. At least when using element nothing has to be set up and it is enabled by default. But this doesnt change the point.

As an org self hosting a matrix server would be an option. But the issue would still remain. So its a tradof

vitriolix,
@vitriolix@lemmy.ml avatar

this seems easily fixable by choice of end user app, Element surely defaults to sending encrypted messages, if a user goes out of their way to figure out how to send clear text good on 'em

ptman,

Yes, because for large public rooms it makes no sense as anyone can leak the message contents anyway and e2ee is expensive for large rooms.

library_napper,
@library_napper@monyet.cc avatar

Also DMs

Mubelotix,
@Mubelotix@jlai.lu avatar

Signal. Any restriction can be bypassed

whale,

deleted_by_author

    •
    echo64,

    Soo… this whole thing is about the eu not the uk. Which are (now) different things. The uk dropped their dumb idea with a “when this is technically possible” restriction, which it won’t be because maths isn’t changing anytime soon.

    The eu thing is different and technically possible.

    winterayars,

    At least the UK is willing to acknowledge they want something impossible, haha. In the US they’d just say “do it, math be damned”.

    scott,
    @scott@lem.free.as avatar

    “The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.” ~ Malcolm Turnbul, former Australian PM.

    uriel238,
    @uriel238@lemmy.blahaj.zone avatar

    Turnbul has done less study on the matter than king Cnut.

    EngineerGaming,
    @EngineerGaming@feddit.nl avatar

    AFAIK in Iran, the issue is that the real local phone numbers could not be accepted for registration due to sanctions, so it only ever worked for existing accounts. Another problem of such a system.

    Mubelotix,
    @Mubelotix@jlai.lu avatar

    Yeah, Signal should work on its reliance over phone

    whale,

    deleted_by_author

    •
    EngineerGaming,
    @EngineerGaming@feddit.nl avatar

    Not just a phone number, but a non-sanctioned phone number.

    devfuuu,

    It’s a feature that keeps being said to be “almost ready”, but phone number for registration will continue to be required from what I understand. What they were working on was the ability to have usernames to connect to strangers and other people without the need to share the phone number.

    gaael,

    I’ve been using DeltaChat (available on F-Droid) for a few months now.

    What I like about it is that because it’s email based, it uses OpenPGP for encryption, making it easy to have compatibility with other email-based solutions.

    If you want to go the extra-secure route, you and your contacts can even self-host your emails - as long as you’re not going to send messages to people on Gmail or other big providers, you can avoid your messages being treated as spam.

    The multi-device support is still a bit rough around the edges, but has gotten better in the last few months since the app is under active development.

    KLISHDFSDF,
    @KLISHDFSDF@lemmy.ml avatar

    deltachat uses autocrypt which apparently doesn’t support key verification yet. how secure is it if you can’t even verify that your messages aren’t being intercepted? I also didn’t see anything about rotating keys after every message like Signal does, so anyone sucking up your encrypted messages just needs one key to see your entire message history. that doesn’t sound very good.

    Ihnivid,

    I’d just like to point out that if Signal leaves the EU, it will most likely just mean that it’s not available through the official app stores. With Signal updating itself, it’s just a little inconvenient to install it on a new device, though, they even said that they’ll try to make it as easy as possible.

    tVxUHF,

    Yup. At most, Signal gets removed from the Play Store. There’s no meaningful way to block Signal, especially now that big CDN providers are starting to rollout Encrypted Client Hello.

    freebee,

    “If it’s not allowed in the play store and we need to click away a Google warning or 2, maybe it’s dangerous and we shouldn’t use it” - average Joe. Next step: “… suspect was using signal, so we decided to …” yada yada yada same as it already is perceived in general for tor and even with VPN in some countries. Just the fact you’re not using the thing most other people use makes you stand out.

    blkpws, (edited )

    Molly Moxie will need to go back to F-Droid 😂

    Referable2424,

    Molly has its own F-Droid repo, it’s one of the default available in Droid-ify.

    blkpws,

    Yes, I wanted to mean Moxie, sorry. The one that said “NO SIGNAL ON F-DROID REPOS”… hahaha blaming f-droid was insecure and that’s why we should use Google services.

    barryamelton,

    He didn’t want Signal on FDroid because surprise surprise he just wanted to roll their own crypto coin with insiders knowledge. You can’t do that with open source so easily. There’s a reason they didn’t publish code for years. That people still support those crooks, who have lost all credibility, for a privacy app, baffles me.

    Thank god we have Matrix now.

    stepanzak,

    www.f-droid.org/en/…/com.amnesica.kryptey/This looks like a good backup plan that can’t be banned very well.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • ngwrru68w68
  • DreamBathrooms
  • modclub
  • GTA5RPClips
  • InstantRegret
  • magazineikmin
  • Youngstown
  • thenastyranch
  • rosin
  • slotface
  • mdbf
  • khanakhh
  • kavyap
  • anitta
  • tester
  • normalnudes
  • Leos
  • cisconetworking
  • osvaldo12
  • everett
  • Durango
  • tacticalgear
  • provamag3
  • megavids
  • ethstaker
  • cubers
  • JUstTest
  • lostlight
  • All magazines
    •