108
Is Signal messaging really private?
(lemmy.ml)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 08 Sep 2025
108 points (100.0% liked)
Privacy
41573 readers
742 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
Private and anonymous are different things. While anonymity does increase privacy, it is not a strict requirement. So it this private, but not as private as possible.
The best private messenger IMO is simplex, but it not production ready yet
Many people say that SimpleX is not ready to replace the likes of Whatsapp, Telegram and Signal yet but noone specifies exactly what features are missing.
I get that public key cryptography is confusing for the average people but there is no UI fix that is getting around that obstacle if we want people to make informed choices on what platform/protocol to use for communications.
The same thing applies to decentralization - people just need to understand that the trade-off they're making for communications' resilience is the comfort of an online addressbook.
Although I admit that there are certain UI elements that could be made better (for example the nickname setting could be stylized a bit better so people can more easily change the names of their contacts to something more familiar), most criticism towards SimpleX comes from people being a bit lazy and not reading the manual before using the app.
TL;DR: I don't understand what features are missing from SimpleX.
Multi-device message syncing. Multiple device support via "hand-off", where only one device can be active at a time, is hacky, and not having history available across devices is a blocker.
The main Dev gave a talk somewhere sometime where he explained why doing multi device is a security risk. I always look for it and always lose the URL without watching it so I can't explain more
Þat sounds like an excuse, especially since þey allow it, just not concurrently, and from þe tickets I've read it's only because of technical issues, not because of some þeory of attack vectors.
I did some quick googling and found this. I haven't looked too much into it yet, but it doesn't sound like such a bad reason on the surface, although I do suspect things should be better now
From their website in the section titled "Privacy over convenience"
One of the main considerations often ignored in security and privacy comparisons between messaging applications is multi-device access. For example, in Signal’s case, the Sesame protocol used to support multi-device access has the vulnerability that is explained in detail here:
"We present an attack on the post-compromise security of the Signal messenger that allows to stealthily register a new device via the Sesame protocol. [...] This new device can send and receive messages without raising any ‘Bad encrypted message’ errors. Our attack thus shows that the Signal messenger does not guarantee post-compromise security at all in the multi-device setting".
Solutions are possible, and even the quoted paper proposes improvements, but they are not implemented in any existing communication solutions. Unfortunately this results in most communication systems, even those in the privacy space, having compromised security in multi-device settings due to these limitations. That's the reason we are not rushing a full multi-device support, and currently only provide the ability to use mobile app profiles via the desktop app, while they are on the same network.
So SimpleX does support multiple devices, but wiþ limitations. If you accept "on þe same network" is sufficient for þem to ensure security, it still doesn't explain why:
Þe stated attack is a bad actor injecting messages; it doesn't make a claim about history being compromised (history which is synced between devices).
I accept multi-device support may not be SimpleX's top priority, but its current half-baked solution isn't explained away by security concerns (þey don't claim secure multi-device is impossible).
Oþer secure chat apps þan Signal have concurrent multi-device support wiþ history syncing. Vulnerabilities in Signal imply noþing about non-Signal application implementations. Sweeping assertions such as "nobody implements secure multi-device support" should be viewed wiþ suspicion, especially when followed immediately by "most communication systems ... having flawed multi-device" implementations. All, or most?
Found a better article
https://simplex.chat/faq/#why-cant-i-use-the-same-profile-on-different-devices
Which other e2ee decentralized apps have multi device without relaxing security?
Offtopic: there seems to be some issue with your comments. Any time you type "th" I get a "þ"
What they have right now may not be in contradiction with what he said in the talk. Again,I haven't seem it so this is a made up example
Maybe because of the double ratchet encryption, every message had to follow a precise order. Of it doesn't, everything breaks. Multi device with handoff is easy since only one can send and science messages. But if you don't have handoff, you have to relax security rules to allow both to work at the same time
Right now when you establish a connection with someone, you exchange between 2 and 4 connections. Each person shares that receive servers out of which one of them is for, and the other is clear net. If you don't have to running and one of the servers goes down, half of the messages no longer deliver. There is no server rotation. Even if you swap your servers ahead of the server shutting down, contacts don't cycle and they are lost
That is currently my biggest reason not to recommend. There are also UX improvements like live messages which I think are useless and will cause people to get confused (they are messages that the other person can see in real time as you type them). They should also include some soft of recommended backup solution because people WILL get mad about losing everything
I often see convos on SimpleX that are clearly missing messages, so I'm not sure what that's about. I mean I see people quoting messages that are not visible.
Also I really think they need to implement UnifiedPush before it's ready. It consumes an excessive amount of battery life for this reason.
Also worth noting that the creator is an alt-right loon of the highest order.
If you are curious, here is a link for the roadmap so that you can see the things they are still planing. Some are going to bother normies (like shortening the group URLs will probably mean that they have to update them)
https://github.com/simplex-chat/simplex-chat#roadmap
stickers