I’m using Signal, but after I found out that it’s not as privacy-friendly as it claims, I’m uneasy about sharing my address there. I trust the person who asked for my address, but not the service. What’s a safe way to share? I was thinking of something like a self-destructing pastebin, but surely you have better ideas.

  • Dessalines@lemmy.ml
    link
    fedilink
    arrow-up
    5
    arrow-down
    29
    ·
    3 years ago

    Pretty much everything about it is unverifiable, because its a centralized service and you ultimately don’t know what the server is running. Contrast that with self-hostable apps which must pass verifiability checks, because people can host their own instance.

    • ancom@lemmy.ml
      link
      fedilink
      arrow-up
      32
      arrow-down
      1
      ·
      3 years ago

      Clients are open source. Independent clients exists and they work. So the server must kind of do what signal claims, otherwise those devs would notice.

    • shrugal@lemmy.world
      link
      fedilink
      arrow-up
      27
      arrow-down
      1
      ·
      edit-2
      1 year ago

      This is suspicion on the level of “you can’t be sure reality didn’t just pop into existence 10 seconds ago”. You can never be 100% sure of what others are doing on their hardware, or of anything really, especially if other people are involved. Your chat partners could leak all your chats and metadata for all you know!

      What we do know is that Signal is operated by a non-profit foundation, their client and protocol are open source and considered the gold standard for privacy by pretty much every expert on the subject, they had multiple independent audits and a very good track record, they were subpoenaed and couldn’t comply because they didn’t have the requested data. That’s about as good as you can get.