Since Signal downloaded from Google Play depends on Google Service, and uses Google Maps for location share, I have the impression that Signal does not show the “right attitude” towards the freedom of the Open Source community, it is more pragmatic. For the users of Nextcloud, there is an alternative: Nextcloud Talk. It truly has the right attitude, it breathes 100% Open Source and freedom. It uses Openstreetmap for location share, for example and fully independently from Google spying eyes and so on.
The question is: should the users of Nextcloud better use Talk instead of Signal when it comes to the privacy, security and the right attitude toward the open source community?
As I mention in the other post, the Gatekeepers as Whatsapp, Signal or whatsoever should in a near future (2 years) become interoperable, which would make it much easier to choose the client you prefer. As for now, I’m afraid Whatsapp can hardly be avoided, at least in the EU, because of the network effect.
As for now, and making abstraction of that network effect, I would recommend Element and Matrix since they promote an open standard.
Element/Matrix is way too complicated for my grandma (or even my parents) to use. I managed to make them use Signal and that is way better than plain SMS.
We can take a look at Nextcloud Talk but it’s highly unlikely it will be recommended over Signal. Signal is pretty much the gold standard for encrypted messengers.
If you’re concerned about the Google libraries in Signal (there is no reason for you to be concerned, really), there’s always Molly.
Molly is a hardened fork of Signal, and it offers 2 flavors:
- Molly, which uses the same Google libraries for FCM push notifications and Google Maps.
- Molly-FOSS, which removes both of those.
We have a section on Molly here:
https://www.privacyguides.org/real-time-communication/signal-configuration-hardening/#molly-android
Surely isn’t more private. Much meta data can be obtained from seeing what servers connect with one other.
Besides Signal having PFS and NC talk does not. It doesn’t even offer end to end encryption. Your messages and files shared are stored on the server in clear. Nothing about this makes it an alternative to Signal. It may be an alternative to other conference calls systems (what it is intended for). But even Microsoft Teams has end to end encryption… so not sure if this is such good idea.
I’m not sure what “attitude” has to do with it. Signal like @anon30510143 mentioned is the gold standard for security and easily accessible privacy centric software. I can almost guarantee it won’t outclass Signal in terms of security.
Too many people get all ideological about open source. Signal is the best, full stop. Let’s not place it below the pretenders.
Mmm, maybe I read it not well on the website of Nextcloud Talk. It says it is “encrypted, peer-to-peer audio/video calls”, and “no leaking of metadata”. Also the following text can be found:
Blockquote Nextcloud Talk benefits from the many security, encryption and authentication capabilities of Nextcloud. Multi-layered encryption, brute force protection, artificial-intelligence based suspicious login detection, password-less login and the backing of our USD 10.000 security bug bounty program provide customers the confidence that their communication and collaboration remains confidential.
It sounds good, I think. But as @matchboxbananasynergy stated, there is really no reasons to be concerned about Google libraries in Signal despite the use of Google Maps for location (how do they match up together?). In that case I’ll keep on using Signal, or even to install Molly-FOSS (thanks for the tip!).
By the way, I admit I’m a bit “ideological” about open source, I’m sorry for that, my bad. Maybe I should be more down-to-earth.
No worries, FOSS is a fantastic tool and great to implement when possible but remember just because its FOSS doesn’t mean its inherently more secure then an alternative.
That is very true, perhaps similar to the following statement: biological food will not say it is healthy for men, it only says that the food has been produced in a biological way. FOSS will only say that a software package meets FOSS requirements (open source, to be verified by everybody, international standard, and so on), not automatically that it is very private-friendly and secure.
Google, Apple, Microsoft etc spend millions each year on security and bug fixes. Closed source.
Meanwhile many open source projects are labors of live by developers who work on it when they can. They don’t earn millions of dollars.
There are many flaws in the “FOSS vs proprietary” argument.
Also true, which is why we should donate to FOSS whenever possible and submit bug reports to fix security issues when possible. A lot of people prefer the term libre software since when most people hear free they think in money rather then freedom.
Encrypted doesn’t mean it is end-to-end encrypted. It may actually be that the audio calls offer that. Not sure, probably just means TLS. But the chat surely is not. If you send pictures with it they end up in normal nextcloud folders nothing about that is e2ee.
We use Element within my family, one of my family members is 86 and the other one is 70, so there’s that.