Recent searches

No recent searches

Search options

Not available on photog.social.
photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
🌈 An inclusive place for your photos, silliness, and convos! 🌈

Administered by:

Server stats:

253
active users

photog.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.3

#signalmessenger

0 posts0 participants0 posts today
PrivacyDigest

#Microsoft has simply given us no other option,” #Signal says as it blocks #WindowsRecall

#SignalMessenger is warning the users of its #Windows Desktop version that the #privacy of their messages is under threat by #Recall , the #AI tool rolling out in #Windows11 that will #screenshot , index, & store almost everything a user does every 3 seconds.

Effective immediately, Signal for Windows will by default block the ability of Windows to screenshot the app.
#security

arstechnica.com/security/2025/

Ars Technica · “Microsoft has simply given us no other option,” Signal says as it blocks Windows RecallBy Dan Goodin
Replied in thread
Heiko R.

@Oliverkochnet "Wer nicht will der hat schon", würde ich sagen. Halte das schon jahre so, und nach und nach kommen sie nun doch bei #signalmessenger angesch*** ... angekrochen.

Außerdem: Ein kurzer Anruf schafft schneller Klärung als lieblos ins Display geschmierte "Nachrichten". Und *echte!* Briefe wiederum sind mir lieber als alles andere.

Es geht, man muss nur konsequent sein. :wink:

Replied in thread
Linux G. Fossman

@drew_belloc @noodlejetski @drew_belloc @noodlejetski I don't have a dock either. I do have a favourites row though, and currently these are the pinned apps (arranged in no particular order):

1. Calls by #GNOME & #Purism
2. Chats (#Chatty) by Purism & GNOME - supports #SMS, #Matrix, #XMPP
3. Contacts by GNOME
4. #Firefox web browser by #Mozilla
5. #SignalMessenger
6. GNOME Settings
7. #Phosh Mobile Settings
8. Tweaks by #postmarketOS
9. #Tuba (client for #Mastodon / #Fediverse)
10. #Kasts by #KDE
11. #DeltaChat (#openstandards-based, #securityaudited, fast #e2ee chats over bloody #email!)
12. Files / #Nautilus by GNOME

All #FreeSoftware /Libre, #OpenSource #FOSS / #FLOSS : )

Note: The home screen and the app drawer / search / overview is all one and the same.

#FreedomTech#LibreTech#Librem5
Replied in thread
Preston Maness ☭

@gedankenstuecke @signalapp Hmm... Apparently, switching between iOS and Android is not supported? Like, at all?

support.signal.org/hc/en-us/ar

>Message restoration or account transfers are not currently supported, if you:
>
> * do not have your old device or lost your phone.
> * wiped or cleared your phone.
> * uninstalled Signal on your iPhone or iPad.
> * accidentally deleted a message or chat.
> * switched between Android and iOS.
> * changed your number.
> * have a linked iPad or Desktop.

Waaaa?? Surely that's not right. Why on Earth would the backups be tied to the OS? Backups are app-level, data-level concerns. But indeed, there seems to be no way to get Signal on iOS to generate a "*.backup" file, like you can on Android.

community.signalusers.org/t/io

>It is highly unlikely we will ever build a file based backup system for iOS. In addition to it being an unfamiliar experience for iOS users, part of our decision making to not build such a system for iOS was based on how much of a nightmare supporting such a system has been for the Android team, both technically making sure it continues to work with any backup file from any version as well as via our support channels where user’s just don’t understand at all how it works. The future for moving your data between devices in Signal likely looks like a choice between direct peer-to-peer transfer or restoration from some form of secure network storage.

Absolutely bonkers. "iOS users don't know what files are." Be so for real, y'all. And "version-tolerant data migration is hard" may be true. But y'all are the best-of-the-best, right? Y'all have tens of millions of dollars at your disposal every year, right? Forcing "Direct peer-to-peer transfer" so you can force equal versioning between the devices, and side-step that problem, is lazy. And "some form of secure network storage?" That's still "just a file," only abstracted away.

If nothing else, I suppose you *could* enable Signal Desktop from iOS, allow it to Sync, and then... you'd at least have some record of the data on your Desktop. Though I don't think you can "reverse sync" from the Desktop to, say, your new install on GrapheneOS.

What a mess.

support.signal.orgBackup and Restore MessagesSignal messages, pictures, files, and other contents are stored locally on your device. Android iOS Desktop Android Use a backup to move your local Signal data between Android devices. How do I...
#signal#SignalMessenger
Preston Maness ☭

@Xeniax Totally nerdsniped :D I'd love to be a part of the study.

I don't think that #KeyServers are dead. I think they evolved into Verifying Key Servers (VKS), like the one run by a few folks from the OpenPGP ecosystem at keys.openpgp.org/about . More generally, I believe that #PGP / #GPG / #OpenPGP retains important use-cases where accountability is prioritized, as contrasted with ecosystems (like #Matrix, #SignalMessenger) where deniability (and Perfect Forward Secrecy generally) is prioritized. Further, PGP can still serve to bootstrap those other ecosystems by way of signature notations (see the #KeyOxide project).

Ultimately, the needs of asynchronous and synchronous cryptographic systems are, at certain design points, mutually exclusive (in my amateur estimation, anyway). I don't think that implies that email encryption is somehow a dead-end or pointless. Email merely, by virtue of being an asynchronous protocol, cannot meaningfully offer PFS (or can it? Some smart people over at crypto.stackexchange.com seem to think there might be papers floating around that can get at it: crypto.stackexchange.com/quest).

To me, the killer feature of PGP is actually not encryption per se. It's certification, signatures, and authentication/authorization. I'm more concerned with "so-and-so definitely said/attested to this" than "i need to keep what so-and-so said strictly private/confidential forever and ever." What smaller countries like Croatia have done with #PKI leaves me green with envy.

keys.openpgp.orgkeys.openpgp.org
Preston Maness ☭

@isilzha314 @evacide @danjones000 @eff @CNN That's not the point that Dan is making. Dan is saying that Signal's present infrastructure and architecture provide significant opportunities for a sufficiently funded and motivated adversary -- i.e., the NSA, or some other branch of the US government -- to monitor metadata about who is talking to whom. Signal may not explicitly collect that data and store it in a discoverable database, but that won't stop an adversary from gathering the metadata anyway. And the phone number requirement --which Signal *does* store and which *is* available to discovery-- is itself a very risky gambit when that adversary decides that anyone using Signal is a fair target.

And since [we kill people based on metadata](abcnews.go.com/blogs/headlines) and a fascist coup is currently in progress in the United States, Signal's users (as well as the Signal Foundation itself) should be laser focused on eliminating those opportunities. Unfortunately, Signal has

* Recently indicated that it does not consider network-layer anonymity as within its scope: gist.github.com/hackermondev/4
* Has shown no interest in working with others (including myself) in the Free Software ecosystem to integrate such anonymity technology into its stack and make it a default for its users: community.signalusers.org/t/us
* Has remained mum on the fediverse when the organization and its current president have been invited to previous conversations on this matter: tenforward.social/@aspensmonst

Signal has an ethical responsibility to bring anonymity into scope.

#Signal #SignalMessenger @signalapp @Mer__edith

ABC NewsEx-NSA Chief: 'We Kill People Based on Metadata'"‘…but that’s not what we do with this metadata," says Gen. Michael Hayden.
Replied in thread
Preston Maness ☭

@craige @jwz @claudius @mathowie I've played with #SimpleX chat before. I don't know if it's ready for primetime yet, but I'd definitely keep an eye on it. As it stands, I'd love to recommend #Signal #SignalMessenger, because I think it has better UX (and less metadata via sealed sender) than #Matrix with its #Element client. But Matrix does not require phone numbers. So, my current reccomendation to anybody organizing vulnerable people is to use Matrix rather than Signal, and to ensure that users run it over #tor via the #orbot app.

Preston Maness ☭

@jwz @claudius @mathowie Signal still, in the face of fascism, is requiring phone numbers in order to utilize its service. That alone makes it a non-starter, no matter how good the interface and how strong and validated the cryptography is. The non-profit behind Signal is based in the US. If it gets a court order to hand over all of its phone numbers then it will comply.

As it stands, Signal is a giant pile of data and metadata shouting: "The people you want to target are all here! Come and get them wholesale!"

#Signal#SignalMessenger
Replied in thread
Preston Maness ☭

@jwildeboer Additional recommendations for hardening your #Signal #SignalMessenger application:

* Also install #Orbot, and have all Signal traffic routed through it.
* Configure Orbot to *not* use reduced padding.
* Configure Orbot to use different routes for all hosts, ports, and clients.
* Configure the Orbot VPN to be always-on (Android VPN settings).
* Configure Signal to allow sealed sender from anybody.
* Configure Signal to require PIN for re-registration.
* Configure Signal's chat defaults to erase after a certain period of time.

Signal is a big juicy target with tons of metadata about who is talking to who going over the wire at any given time. The contents of the communication are encrypted, but the metadata is not. And remember: "we kill people based on metadata" (abcnews.go.com/blogs/headlines). If the fascists are willing to kill people based off of metadata, then they're certainly willing to surveil, harass, arrest, and imprison people based off of metadata.

These hardening efforts make building up a social graph from metadata more difficult. Unfortunately, you have to do it yourself, as Signal has made it clear on multiple occasions that it does not view network-layer anonymity as within its scope:

>Signal instantly dismissed my report, saying it wasn't their responsibility and it was up to users to hide their identity: "Signal has never attempted to fully replicate the set of network-layer anonymity features that projects like Wireguard, Tor, and other open-source VPN software can provide".
>
>gist.github.com/hackermondev/4

@signalapp @torproject

Andreas Kilgus

An der mehr aus Neugierde versuchten Registrierung einer Festnetznummer zur Nutzung mit Signal für den Versand von Nachrichten seitens Home Assistant bin ich gescheitert. Authentifizierung via Sprachnachricht ist laut Rückmeldung nur erlaubt, wenn zuvor SMS probiert wurde, und ich habe es nicht hinbekommen, einen dabei anfallenden obligatorischen Captcha-Code so zu generieren und über die API zu übermitteln, dass er akzeptiert wurde.

Dafür war die Einrichtung von E-Mail-Funktionalität via SMTP in Home Assistant sehr unproblematisch.

Nun schickt Home Assistant also eine Benachrichtigung, sobald die Außentemperatur für eine bestimmte Zeitspanne unter einen Schwellenwert gefallen ist. Auf dass nicht vergessen wird, den Roseneibisch nach innen zu verlagern, bevor ihn draußen das große Frösteln beutelt. Praktisch.

github.com/bbernhard/signal-cl…

GitHubGitHub - bbernhard/signal-cli-rest-api: Dockerized Signal Messenger REST APIDockerized Signal Messenger REST API. Contribute to bbernhard/signal-cli-rest-api development by creating an account on GitHub.
#HomeAssistant#SignalMessenger
TrendingLive feeds
About