Like the title states looking for E2EE apps (Android and iOS) without going into much details or needs to be robust enough and easy to use for anyone and stable for operations that are susceptible to constant electronic warfare. I did some research and thought about replacing Signal with Molly and wondering if it will still work if Signal leaves the EU, but am also worried about its updates to patch vulnerabilities in a timely manner. I appreciate the help I am a “Jack of all trades and master of none” when it comes to these types of programs, but am also the go to currently in my unit since I am somewhat knowledgeable about exploits and attacks that can compromise systems would be great if there was an desktop as well (like Signal) and would also be nice if it was FOSS and auditable ( I know that’s kind of redundant ) I know it’s a tall order to ask but figured I would try. I really appreciate the help so much and hope I did things by the rules here and don’t get flamed if this has already been covered ( I searched but my skills with searching the fediverse is low
Can you please link an article or something explaining what you’re going on about? When was this announced?
Edit: guessing it’s related to this. https://cyberlaw.stanford.edu/blog/2023/06/eu-member-states-still-cannot-agree-about-end-end-encryption
If so, banning E2EE because of CSAM is like cutting off your hand because you stubbed your toe. Banning E2EE won’t stop child porn nor will it prevent the use of E2EE.
Yes, [https://www.patrick-breyer.de/en/chat-control-2-0-eu-governments-set-to-approve-the-end-of-private-messaging-and-secure-encryption/](https://www.patrick-breyer.de/en/chat-control-2-0-eu-governments-set-to-approve-the-end-of-private-messaging-and-secure-encryption/ This is exactly how I feel I don’t understand the logic behind this at all.
Understanding is simple. Every few years, 5 or 8 or 10, there’s a big marketing push and brain wash around trying to destroy encryption by using the excuse of CSAM. Nothing new, a play as old as ever. It’s basically (and really the whole point) trying to pass mass surveillance into law hoping that people forget the arguments of the last time or that people are not paying attention or trying to put it wrapped into a different gift wrapping and see if it goes into effect before anyone notices. The time frames for these things are getting smaller and smaller and more and more people don’t care at all about privacy and basic rights and are ok with things like mass surveillance. It will eventually pass.
It’s a real shame the eu is doing this. I’ve agreed with most of their policies recently regarding IT and phones.
I don’t agree with that stupid cookie shit though.
I just felt that there was a lone voice of reason trying for a better future but I guess we are on our own.
As a fellow cookie warning hater, the Firefox extension “I don’t care about cookies” is great. It’ll dismiss the box.
And please keep the reminder that most cookie popups are not required and it’s mostly bad actors/companies that keep insisting on being annoying by saying they are just complying when in fact they are forcing all that on purpose on us users so we turn out heads to hate on the law instead.
Pretty sure signal won’t be forced to do anything:
Encryption plays an essential role in securing communications. The international human rights law test of legality, necessity and proportionality should be applied to any measures that would affect encryption. Both the UN Commissioner for Human Rights[1]and the European Data Protection Supervisor[2]have concluded that the EU’s proposal for a regulation on child sexual abuse material fails this test[3].
this is from May this year, when Spain proposed this. How in the everliving fuck the EU can get away with violating human rights?
So yeah I’ll eat my hat unsalted if this actually will break encryption
you should eat it hashed and salted in protest.
Genius.
Best comment in this thread
Well, they don’t need to break encryption, since the scanning of messages is supposed to happen client-side.
And by defenition breaks e2ee. https://en.wikipedia.org/wiki/End-to-end_encryption
Technically not touching your valuable encryption would still be an excuse they’d make, wouldn’t it
Even though it functionally does break encryption
deleted by creator
You can just continue using Signal. All the alternatives will disappear from the app stores too unless they spy on you.
A recent alternative with even better privacy is SimpleX: https://simplex.chat/
the author has a lemmy community about it too: [email protected]
deleted by creator
XMPP or SimpleX. It’s easy to block signal, given they require a phone number and the servers are centralized. But it’s quite hard, potentially impossible, to block the federated XMPP network or the decentralized relay structure of SimpleX
I caution mentioning both Matrix, and Element as if they are synonymous – they are not (I’m quite certain that that wasn’t your intent, but the usage of the forward slash could be interpreted as such). It may lead to confusion for newcomers. It would essentially be the same as saying “I recommend ActivityPub/Thunder” to someone who you want to introduce to Lemmy. Matrix is the protocol, and Element is simply a client that interacts with the Matrix protocol.
I personally think that it’s sufficient to recommend Matrix if one is mentioning chat-app alternatives. Of course, nothing is stopping one from also recommending a client, but I don’t believe that it’s entirely necessary.
Removed by mod
Seems to be getting recommended by other users as well I will check it out and thanks for the reply.
I have not, but will read up on these two and thank you for your reply.
Briar, xmpp with omemo, matrix, jami…
There are over 200 alternatives to Signal, Open Source and encrypted, out there. The attempt by governments to ban them all seems a little far from reality to me. https://alternativeto.net/category/social/encrypted-chat/?feature=end-to-end-encryption&license=opensource
I’ve been using DeltaChat (available on F-Droid) for a few months now.
What I like about it is that because it’s email based, it uses OpenPGP for encryption, making it easy to have compatibility with other email-based solutions.
If you want to go the extra-secure route, you and your contacts can even self-host your emails - as long as you’re not going to send messages to people on Gmail or other big providers, you can avoid your messages being treated as spam.
The multi-device support is still a bit rough around the edges, but has gotten better in the last few months since the app is under active development.
deltachat uses autocrypt which apparently doesn’t support key verification yet. how secure is it if you can’t even verify that your messages aren’t being intercepted? I also didn’t see anything about rotating keys after every message like Signal does, so anyone sucking up your encrypted messages just needs one key to see your entire message history. that doesn’t sound very good.
deleted by creator
It depends on what you want. I encourage people to use Jami (distributed, so might be a thing, if not self-hosting your own service, since what is said decentralized in reality is a set of centralized services). If too hard, then XMPP + OMemo. And only then, Matrix (by design it gives up more meta data than XMPP).
Matrix
Pardon my ignorance but is EU really truly considering this colossaly stupid move to ban E2EE?
Is there a reason no one has mentioned Telegram yet in this thread?
possibly because Telegram is as “private” as Facebook.
It has end to end encryption though, so could you clarify why you think that it’s not private?
I’m not saying it can’t be private, but defaults matter and by default every message sent on Telegram (unless you opt into a “secure chat”) is viewable by anyone with access to Telegrams infrastructure and you have no way to know your message history has been compromised.
In contrast, everything within Signal is completely private and end-to-end encrypted with no compromises. Your groups, group names, profile pictures, stickers, reaction, voice/video message etc are all private without anyone having to make do anything. Privacy is enforced, not an option.
Telegram does have secure chats, but - either intentionally or not - they have made them incredibly inconvenient to use as they are not enabled by default, don’t work in group chats, and don’t sync across your own devices.
So yes, Telegram is private, just as private as a PGP encrypted email.
