Do you use Signal for chatting securely with friends and loved ones? Us too! We endorse it wholeheartedly, and rely on it for nearly all our communication.
But the vibes are deteriorating here in the US, and we should have a communications contingency plan for if Signal goes down.
OpenPGP for encryption through autocrypt is a BIG NO for me. OpenPGP is inherently flawed, read any reasonable cryptographer’s opinions on it. DeltaChat is a significant security downgrade from Signal. I would much rather use SimpleX or Briar.
I couldn’t find any criticiques of OpenPGP aside from LibrePGP’s. Do you have sources I could look into?
This article was more constructive (suggesting alternatives) than destructive (leveraging critiques), but it did link to several critiques/vulnerabilities with OpenPGP.
Unfortunately, half are about implementation issues (granted, it’s made more difficult to implement something correctly when it’s as convoluted and all-encompassing as PGP)—which are hopefully not applicable to Delta due to their 3rd party, applied cryptography audit—and the rest are obsolesced by the 2024 updates to the standard—RFC 9580, the so-called “crypto-refresh.”
Do you have any critiques that address the current state of the PGP protocol’s security?
If the vibes keep on deteriorating and there would be a crackdown on messengers and signaling infrastructure a messenger is the last of your worries.
And if Signal gets specifically targeted, there will be warning signs and time to shift away.
Nope. That’s not how Signal and E2E encrypted messaging works.
If a government asks Signal for user data they get an almost empty sheet of paper. Search for " what data does signal collect" to confirm that.
If - on the other side - your smartphone is compromised or unlocked there is almost nothing Signal can do to prevent governments from looking into your data. Also it reads like some agents simply joined a group chat. Again: nothing Signal could prevent.
I was not suggesting that the encryption was compromised. I was suggesting that signal is being targeted.
Likely, they are infiltrating Signal groups specifically. Not through breaking encryption, but still joining these groups BECAUSE of the encryption.
The fact that these groups are using private encrypted messages are what piques the interest of the FBI in the first place. Signal is just the most popular and thus the most likely target.
If Signal gets blocked, why not use a Signal Proxy?
You can use all the proxies you want, it won’t matter if the servers are shut down.
https://eylenburg.github.io/im_comparison.htm
Falling back to email isn’t a most preferred backup, I’d rather do simplex
