Regarding Signal, beyond the (very warranted in my opinion) concerns about the composition of their board and funding by entities affiliated with the US government, the sign-up process and the use of phone numbers is an easily exploitable attack vector, especially due to their reliance on a third party for that (Twilio):
This is obviously not an issue unique to Signal but there are other IMs where said attack vector is simply not present (by design!). Session is one such example but there are others.
Does Delta Chat use phone numbers as unique identifiers for user accounts similar to what Telegram itself does?
Delta Chat is very different, it builds up it's own chat infrastructure on top of email.
It's goal is to be as backwards compatible with ordinary email as possible, while still prioritizing security.
So the advantage is that you can use delta chat with a decent email provider (but not something like Proton that doesn't support other clients) so everyone has the same identifiers they already have.
They've also rolled out their own (faster) "chatmail" servers that you can run to have a refined email server built for working with Delta Chat.
What I love about Delta Chat is that it's just an email (and can even be a self-hosted one) and it doesn't require a phone number (or even a smartphone) at all. Unfortunately, I wish development was moving faster because Durov's arrest would have been the perfect time for them to roll out invite links for channels.
My hope is that people start to find Delta Chat useful, and developers get more interested in building up that ecosystem. The idea of a chat provider having literally zero user data (because it's all stored in user-configurable email boxes (encrypted in rest & transit)) is something that's vastly under-appreciated these days.
There are some brilliant flawed people. McAfee may have been one of those.
One thing I tell people is that even if Langley has a way to watch every communication, most of it is impersonal and if they encrypt, then at least the neighbor's bored fourteen year old isn't listening. That's not nothing.
I'm impressed, based on what I can find this is definitely something I would trust over Proton mail. Bookmarked!
Of course, with the usual disclaimers that even if they're doing the best possible, that may not be enough for some who likely need to steer clear from email as a whole.
Thanks, this is good to know. I came across Posteo on the info that came with the German version of the Citizen Four.DVD. Quite a few of my German friends use it now. It's at least easier with email to switch, unlike messaging apps where you have to persuade your contacts to switch too.
Thank you for providing the necessary nuance and context for those McAfee soundbites.
Do you have any articles or advice about checking for and eliminating malware? I don't trust traditional anti-virus software - it seems like they are data harvesting.
I think that's worth an article on it's own. As linked to in the article there are fears that anti-virus software either is sometimes, or can be leveraged for nefarious purposes.
Anti-virus choice depends on what kind of system you're running.
The go-to recommendation on Linux is clamAV but Windows already has Windows Defender built in. I'm not very knowledgeable about the Mac / iOS ecosystem...
There's nothing wrong with downloading a signature database and checking it against your files, but the first thing a malware developer does is check to see if they can make something that can survive these checks. In most cases, just being careful where you browse and what files you download takes you a long way, a little preventative effort can take you a long way.
So the trust certainly isn't there when it comes to commercial anti-virus software.
Ideally we would have an advanced open source toolkit aimed for individuals that included a wide variety of useful features. Of course, even in that scenario one is effectively giving Malware developers an automated testing kit, but that could also help make it stronger in the long run...
Seeing as how the majority are still paying for permission to live within the boarders of the governments territory. . .in housing that the government built for you. . .it can do whatever it wasn't on ITS territory.
That you are forced to pay for the permission and privilege to be on.
You have a gift Gabriel! Outstanding work!!
Regarding Signal, beyond the (very warranted in my opinion) concerns about the composition of their board and funding by entities affiliated with the US government, the sign-up process and the use of phone numbers is an easily exploitable attack vector, especially due to their reliance on a third party for that (Twilio):
https://thehackernews.com/2022/08/nearly-1900-signal-messenger-accounts.html
This is obviously not an issue unique to Signal but there are other IMs where said attack vector is simply not present (by design!). Session is one such example but there are others.
Does Delta Chat use phone numbers as unique identifiers for user accounts similar to what Telegram itself does?
Sorry meant to reply to this earlier!
Delta Chat is very different, it builds up it's own chat infrastructure on top of email.
It's goal is to be as backwards compatible with ordinary email as possible, while still prioritizing security.
So the advantage is that you can use delta chat with a decent email provider (but not something like Proton that doesn't support other clients) so everyone has the same identifiers they already have.
They've also rolled out their own (faster) "chatmail" servers that you can run to have a refined email server built for working with Delta Chat.
What I love about Delta Chat is that it's just an email (and can even be a self-hosted one) and it doesn't require a phone number (or even a smartphone) at all. Unfortunately, I wish development was moving faster because Durov's arrest would have been the perfect time for them to roll out invite links for channels.
My hope is that people start to find Delta Chat useful, and developers get more interested in building up that ecosystem. The idea of a chat provider having literally zero user data (because it's all stored in user-configurable email boxes (encrypted in rest & transit)) is something that's vastly under-appreciated these days.
There are some brilliant flawed people. McAfee may have been one of those.
One thing I tell people is that even if Langley has a way to watch every communication, most of it is impersonal and if they encrypt, then at least the neighbor's bored fourteen year old isn't listening. That's not nothing.
If he is really dead…
Gabriel, I use Posteo for email. How does it compare with Proton, do you know? Thank you!
I'm impressed, based on what I can find this is definitely something I would trust over Proton mail. Bookmarked!
Of course, with the usual disclaimers that even if they're doing the best possible, that may not be enough for some who likely need to steer clear from email as a whole.
Thanks, this is good to know. I came across Posteo on the info that came with the German version of the Citizen Four.DVD. Quite a few of my German friends use it now. It's at least easier with email to switch, unlike messaging apps where you have to persuade your contacts to switch too.
Thank you for providing the necessary nuance and context for those McAfee soundbites.
Do you have any articles or advice about checking for and eliminating malware? I don't trust traditional anti-virus software - it seems like they are data harvesting.
I think that's worth an article on it's own. As linked to in the article there are fears that anti-virus software either is sometimes, or can be leveraged for nefarious purposes.
Anti-virus choice depends on what kind of system you're running.
The go-to recommendation on Linux is clamAV but Windows already has Windows Defender built in. I'm not very knowledgeable about the Mac / iOS ecosystem...
There's nothing wrong with downloading a signature database and checking it against your files, but the first thing a malware developer does is check to see if they can make something that can survive these checks. In most cases, just being careful where you browse and what files you download takes you a long way, a little preventative effort can take you a long way.
So the trust certainly isn't there when it comes to commercial anti-virus software.
Ideally we would have an advanced open source toolkit aimed for individuals that included a wide variety of useful features. Of course, even in that scenario one is effectively giving Malware developers an automated testing kit, but that could also help make it stronger in the long run...
Seeing as how the majority are still paying for permission to live within the boarders of the governments territory. . .in housing that the government built for you. . .it can do whatever it wasn't on ITS territory.
That you are forced to pay for the permission and privilege to be on.
Be interested to see your take on Michael McKibben's latest foray into communication privacy. mysqif.com
I'm biased against commercial products, but will take a look at it!
The site not having an RSS feed and using Google tracking makes me sad.
Id be interested in your opinion on it.😉
Thank you