depend on your usecase.
this post was submitted on 12 Dec 2025
68 points (95.9% liked)
Privacy
3127 readers
84 users here now
Icon base by Lorc under CC BY 3.0 with modifications to add a gradient
founded 2 years ago
MODERATORS
proton's article misspelled CDN in one place as CND
interesting
Signal is safe enough depending on your threat model
If you worry about aws centralization and outages then signal isn't a good option
If your worried about sgx enclave exploitation then it's not a good match
If your worried about us intelligence monitoring traffic then it's not a good fit
So signal is fine for person to person western traffic
Not a good fit for a country needing isolated highly secure messaging... I.e. the french government should NOT use signal, centralized in America, sgx exploits are a concern, and exposing the social and communication graph to the us intelligence services isn't in the french national interest
What it I'm head of the Department of War and I want my war crimes to be secret? Asking for a friend
Then signal probably isn't for you
There's a custom app for that, that's based on Signal.
If your worried about us intelligence monitoring traffic then it’s not a good fit
source:
US law enables to government to demand a backdoor into any private company and makes it illegal for that company to disclose whether or not this has happened. It is best to assume that any private US company is compromised in this way.
It is best to assume that any private US company is compromised in this way
I would say that's ridiculous for most people, but I guess it entirely depends on your threat model... if you're legitimately worried about state-level boogeymen, you've probably got bigger problems and already know all of this.
If you are designing the french government communication systems, would signal work for your requirements?
I block fascists and I can't see who you're talking to 🤷♂️
Delta chat is the real secure and lrivate option.
I'd like a comparison of Signal vs Jami, Briar, and SimpleX. They are all decentralised to some degree.
Based on what I know, in a nutshell, Signal is centralised and requires phone number (both of which may not be ideal), SimpleX is decentralised (not one central server) and doesn't require phone number, Jami and Briar are peer-to-peer networks (but this means that both users must have the client running to receive new messages/notifications, which is not ideal). Signal seems to be more audited in terms of security and such compared to the smaller fish (but that's because it is a much, much bigger fish). For me, I would go with Signal since my threat model isn't super high, and it's much easier to get others to switch to it. SimpleX is a decent option if you don't want to share your phone number I guess, but it's more obscure and less established compared to Signal (in terms of users and security audits). Jami and Briar don't seem all that great for the everyday user due to the limitations of the peer-to-peer model (needing both clients running at all times drains battery it seems), but could be decent options if your threat model is super super high
Matrix is another option but is a bit complicated to set up, and unless you know how things work, it can seem quite confusing. It's more of a Discord competitor with the different communities and rooms.
Isn't simpleX also starting shitcoin crypto scam enshittification? https://feddit.org/post/20942973
Also apparently the founder is also a raging right winger his twitter account aources and supports fascist states. It doesn't mean the technology isn't good, but makes donating to the project supporting a fascist...
At that point, delta chat might be the better option.
uh oh
You do need a phone number to signup to Signal but you don't need to share it with anyone. Just create a new username for each new person you want to add.
That still means all your chats are identifiable to your phone number.
For an org that claims they're interested in privacy, that's a major contradiction.
"Major contradiction" how? It's simply admitting a limitation in their reality and working around it. It's pretty reduced from what it used to be, that would be that the phone number would be known to all chat participants. Do consider that it took some guy spending years in jail to learn enough of the telecom system that he might (not even "will", but "might") be able to spin up his own mobilecom that only requires a ZIP code to sign up.
Signal is not 100% perfect, they're barely reaching 98% perfect, but. Fantastical (fanatical) absolutism in goals helps no one make step progress.
You both make good points but I have to agree that having to give them my phone number and knowing all my data is correlated with that is an issue for the privacy-oriented user (ie. their target userbase)
What data? The only thing they know is when the account was created and when was the last access.
Yeah, it's a data point it'd be useful not to have to count on. But, then again, it's only the one. And it mostly serves as a data point only, not as an entry point. It's not possible to (normally) access anywhjere near all that data — in particular, the chats — primarily via the phone number, so in as much as it's about privacy, privacy is preserved (note however: not increased). Signal's intended use is for privacy, not anonymity.
Do you know deltachat? I think that one hit a sweet spot in decentralization.
Doesn't using EMail & PGP allow for major leakage of metadata?
It definitely does