Many Signal alternatives also have security issues of their own, often making them less secure than Signal. This includes Matrix and XMPP. In the blog post regarding XMPP+OMEMO, the author replies to a question about which would be better than Signal, Matrix, and XMPP with this suggestion:
Anyone who cares about metadata resistance should look at Cwtch, Ricochet, or any other Tor-based solution. Not a mobile app. Not XMPP. Not Matrix.
In regards to Ricochet, not having a mobile app version makes it difficult to recommend to less tech savvy people.
Sure, every platform has its own set of problems, and it’s fine to make an informed decision that you’re willing to accept the deficiencies of a particular platform you’re using. The issue I have is with people pretending that Signal doesn’t have the problems that it has as we can see happening in this very thread.
I’m with you there. This wasn’t meant as an argument against your statement. I brought up the issues regarding Matrix and XMPP as they are often recommended as alternatives to Signal, and after learning about this blog in a previous conversation I had about this topic, I thought it would be a good resource to bring up so people can be informed about those platforms and some alternatives that may be better than Signal while being metadata resistant.
I’m not denying that major flaw of Signal, in which part, yes exposing your phone number tied to your Signal account basically negates Signal’s security, as well as Signal’s centralized server being proprietary. Nevertheless, when using Matrix, you need to ensure you and everyone you communicate with uses a client that isn’t still using the deprecated libolm cryptography backend (and that it uses vodozemac).
Many Signal alternatives also have security issues of their own, often making them less secure than Signal. This includes Matrix and XMPP. In the blog post regarding XMPP+OMEMO, the author replies to a question about which would be better than Signal, Matrix, and XMPP with this suggestion:
In regards to Ricochet, not having a mobile app version makes it difficult to recommend to less tech savvy people.
Sure, every platform has its own set of problems, and it’s fine to make an informed decision that you’re willing to accept the deficiencies of a particular platform you’re using. The issue I have is with people pretending that Signal doesn’t have the problems that it has as we can see happening in this very thread.
I’m with you there. This wasn’t meant as an argument against your statement. I brought up the issues regarding Matrix and XMPP as they are often recommended as alternatives to Signal, and after learning about this blog in a previous conversation I had about this topic, I thought it would be a good resource to bring up so people can be informed about those platforms and some alternatives that may be better than Signal while being metadata resistant.
Matrix, even if it was a siv, would be better than Signal, because it doesn’t know your phone and passport numbers.
I’m not denying that major flaw of Signal, in which part, yes exposing your phone number tied to your Signal account basically negates Signal’s security, as well as Signal’s centralized server being proprietary. Nevertheless, when using Matrix, you need to ensure you and everyone you communicate with uses a client that isn’t still using the deprecated libolm cryptography backend (and that it uses vodozemac).
deleted by creator