this post was submitted on 15 Aug 2025
7 points (62.1% liked)

Privacy

3546 readers
92 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 9 months ago
MODERATORS
fxomt@lemmy.dbzer0.com
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
fxomt@piefed.social
7
future of the signal messenger (lemmy.dbzer0.com)
submitted 2 days ago by cookie019@lemmy.dbzer0.com to c/privacy@lemmy.dbzer0.com
24 comments fedilink hide all child comments
 

I would like to express concern about the future of the Signal messenger. Although Signal currently has a significantly smaller audience than WhatsApp, there are existential risks associated with the messenger covering a larger number of users. Is it rational to say that the goal of this messenger is to be used by the largest number of users, so let's assume for a moment that Signal was able to achieve its mission and most WhatsApp users switched to Signal - I know this is right now unrealistic, but even 30% of users would be an enormous, huge number. Thus, what is the future of the messenger when it starts organizing communications for 1 billion users worldwide?

Would it be rational to assume that counterintelligence forces and special police will send their agents to the organization as undercover workers to sabotage the work and embed backdoors during companies in the context of company growth and staff expansion in this scenario? The question is rhetorical.

I would like to hear the response of the company's president to this existential threat, and to thank for their work.

you are viewing a single comment's thread
view the rest of the comments
[–] Telorand@reddthat.com 11 points 2 days ago (2 children)

Signal Foundation is a nonprofit in California, and they are the ones that operate the relays and maintain the FOSS app. Since they're a regular 501(c)3 and not a religious org, you can look into how their money is spent (to see if it's going to any suspicious recipients) and whether they're getting suspiciously large sums of money.

On top of that, they don't have access to the communication data itself. It's all E2EE, and the app being FOSS means you can inspect how that data is encrypted and sent (and even build your own from source, if you're paranoid). Even if they're unknowingly hiring covert bad actors, it's unlikely their activities would stay hidden for long.

So while it's certainly a concern that it's still centralized messaging, it's probably one of the best options due to the easy access for most people. Other than a billionaire buyout or government laws that force backdoors into encryption, the only real existential threat they currently face is operation costs. They were fortunate to have wealthy philanthropists in the beginning, but if they have an explosion in users (unlikely), it might bring the organization to its knees.

I don't find your particular scenario to be worrisome. And if it turns out that it's compromised in the future, there's other good apps out there, like SimpleX.

[–] int32@lemmy.dbzer0.com 5 points 1 day ago* (last edited 1 day ago) (1 children)

There's also XMPP(on which whatsapp is based on), it's quite good with OMEMO.

[–] Telorand@reddthat.com 3 points 23 hours ago (1 children)

Yep, and I think there's a third option that I can't recall at the moment (not Matrix), but no matter what, there's alternatives that work and could be made to fit people's chat needs.

[–] eleitl@lemmy.zip 1 points 18 hours ago

If you ever recall what the third option is, please post.

[–] cookie019@lemmy.dbzer0.com 2 points 2 days ago (2 children)

Hi, what about gnu linux xz utils backoor scenario? Also is there any regular auditing of signal by third party auditing company?

About simplex its not allowed in my threat model, I will rather use pure xmpp protocol with omem as an alternative.

[–] Electricd@lemmybefree.net 3 points 1 day ago

Why not simplex?

[–] Telorand@reddthat.com 5 points 2 days ago (1 children)

Hi, what about gnu linux xz utils backoor scenario?

This was caught by the community thanks to it being FOSS, and it was somewhat distinct from the scenario we're talking about here, since the repository was wholly taken over by a bad actor who tricked the original (burnt out) maintainer to hand over the repo.

Could a bad actor get their claws in and take over the repo? Possibly, but given the fact that it's maintained by a foundation with lots of devs and not just one thankless hobbyist, that likelihood is probably small.

Also is there any regular auditing of signal by third party auditing company?

Regular? I don't know. They have been audited, iirc, and they have received numerous legal requests to turn over data to courts, to which they've been able to reply "what data?" Bear in mind that they would almost certainly not do this if it meant jeopardizing their entire business. No business is going to go to jail for us, after all.

You do what you feel is appropriate for your threat model, but as far as general threats to privacy or Signal's existence go, I'm not currently concerned about their future.

[–] cookie019@lemmy.dbzer0.com 1 points 20 hours ago

Hi, I think you not really understood threat that I published -undercover agents -developers that will apply for the job at signal and receive it, and they will do their backdoor without Signal foundation knowing,its obvious. About audites that you mentioned - could you provide some link to it?