• a Kendrick fan@lemmy.ml
    link
    fedilink
    arrow-up
    4
    arrow-down
    39
    ·
    4 months ago

    Please don’t use Signal, the US government has all the keys. Self host XMPP, Matrix and SimpleX servers and make sure encryption is properly configured. If you’re not generating your encryption keys, why should you use them?

    • Timber@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      34
      arrow-down
      1
      ·
      4 months ago

      Source? And fyi, if you use Signal you are generating your own encryption keys. Your private keys are generated on your phone and stay on it. So what gives you the idea that

      the US government has all the keys

      ?? Sounds a lot like a conspiracy theory

      • Jolteon
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        4 months ago

        Plus, the signal client is open source. You can literally be 100% sure that your keys are being securely generated.

    • EngineerGaming@feddit.nl
      link
      fedilink
      arrow-up
      8
      ·
      4 months ago

      I don’t think Signal is unsafe, but agree that it is a weird middle ground. Depends on threat model, of course, but overall I would prefer something selfhostable - for the sake of independence, easier anonymity and censorship resistance. Plus, Signal by default doesn’t allow desktop registration (and desktops are much easier to make private than phones), so you’d need either a VM or a command-line application for it, which is a big pet peeve of mine.

      • Possibly linux
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        4 months ago

        I think the best option is to communicate about alternatives. Maybe get a few close friends on each and then decide