yes. use any of the following, in no particular order:

• ecosia.org - A non-profit certified B corp that plants trees by serving ads in your search results. Bing search underneath.
• duckduckgo.com - A privacy friendly search engine. Primarily sourced from Bing but mixes in a few other sources.
• any SearXNG instance - A self-hostable search front-end to various search engines.
• marginalia.nu - specifically 'random' - An independent DIY search engine that focuses on non-commercial content, and attempts to show you sites you perhaps weren't aware of in favor of the sort of sites you probably already knew existed.

I really tried making Logseq work for me but even if they added some kind of organization/hierarchy, I still had performance issues with my limited notes (just testing things, didn't want to go all the way in), and various copy/paste drag and drop UX issues that made the experience frustrating.

in alpha: https://github.com/streetwriters/notesnook-sync-server

Notesnook.

I was previously using Obsidian, which is great! but didn't like that it was closed source. I then went on to try various options [0] but none of them felt "right". I eventually found notesnook and it hit everything I was looking for [1]. It's only gotten better in the last year I started using it and just recently they introduced the ability to host your own sync server, which is one of the requirements it didn't initially make, but was on their roadmap.

[0] Obsidian, Standard Notes, OneDrive, VSCode with addons, Joplin, Google Keep, Simple Notes, Crypt.ee, CryptPad (more of a collabroation suite, which I actually really like, but it did not fit the bill of a notes app), vim with addons, Logseq, Zettlr, etc.

[1] Requirements in no particular order:

• Open source client and server.
• Cross-platform availability as I use Windows, Linux, Mac, and Android.
• Cross-platform feature parity.
• Doesn't fight me over how notes should be taken - looking at Logseq's lack of organization.
• Easy notes syncing.
• End-to-end encryption (E2EE). It's about to be 2025, if the tools you're picking up aren't E2EE, you're letting unknown strangers access your data and resell it. It doesn't matter what their privacy policy says as that can always change and/or they can get compromised/compelled to expose your data.
• Ability to publish notes.
• Decent UX.

I had zero hardware issues with the Pixel 8 before.

it was either a hair or dust, its not cracked/there anymore

can you post a link to this rule?

and it's only gonna get worse around the world 🤠

Miami Horror's All Possible Futures (album on YouTube)

while true, that doesn't mean that it isn't compromised but not hackable yet, or that a weakness won't be found in the future. I would heed the advice of those in the field of cryptography and stay away from Telegram and MProto

lets not forget AI was trained on human data. some people will "sound like AI" because they likely make up a big portion of its demographic training data.

agree to disagree

From the POV of someone who's never used a bidet, you come off like someone who was just looking for conflict.

Ah, you're just trolling. Got it.

“Responsible” and “Bitcoin” is an oxymoron due to the inherent multi-level marketing pyramid/Ponzi scheme aspect of crypto“currencies”.

First, you're removing the next two words "financial diversification" from the statement. Your own personal opinions and emotions aside, financial diversification is not a bad idea. It's all about percentages and risk calculations. I would agree with you if they went "all in" on crypto, but they didn't say that.

Second, you're lumping in bad people with good tech that has solved a very specific problem - the ability to transfer funds without relying on a central bank or authority. Is email bad because the majority is spam? No. Is the internet bad because the dark web exists and thousands if not millions of crimes are being carried out on it? No. Are encrypted messengers bad because they allow criminals to send message? No. Same concept here. There can exist a good technology that gets abused by bad people.

“Money corrupts; bitcoin corrupts absolutely.

You can stop at "money corrupts". bitcoin is money and money corrupts.

Disregarding all of bitcoin's shortcomings, a financial instrument that brings out the worst in people—greed—won't change the world for the better.”

Disregarding all of the U.S. Dollar's shortcomings[1], a financial instrument that brings out the worst in people—greed—won't change the world for the better.”

Fixed it for you.

[1] The US spent 877 BILLION dollars on its defense budget (as much as the next 10 countries combined!) to ensure the USD keeps its power.

Corporate Memphis

Link for the lazy: https://en.wikipedia.org/wiki/Corporate_Memphis

Do you disagree with their reason?

Responsible financial diversification requires holding some assets outside of the traditional government controlled banking system.

They didn't say they were going all in. They aren't continuously promoting - at least not that I'm aware. They were just being open and honest about how they're handling their finances.

container tabs don't just isolate but also give you the option to have multiple profiles without having to log in + out of websites. if you don't need that feature, then probably.

Imagine saying that without a hint of irony after Snowden revelations

Funny enough, "Edward Snowden has reiterated his faith in the Signal app by saying that he uses it every day." - published 2021.

I’m going to stop replying to you here because I’ve said all there is to say on the issue and we’re just going in circles.

Same here, lets end this amicably and find common ground. I think we're both pushing for what we believe is best in attempts to guide people towards a secure platform, can we both at least agree that SimpleX is superior under more threat models compared to other messengers, even if it does have a few UX issues it needs fix?

Matrix doesn’t harvest metadata like phone numbers by design while Signal does.

You're right, Matrix doesn't ask for a phone number but it damn sure leaks metadata like a sieve. Unless things have significantly changed in the last year, here's a list of things Matrix can see about you in an encrypted room, that an app like Signal cannot:

• Your content
  • Your username
  • Your display name
  • Your avatar
  • Your rank within the room (admin, moderator, etc)
  • The Sent date of every message
  • A link to every message you responded to (the contents of which are encrypted)
  • Every emoji reaction you send, and to which message
  • (If on your home server) your IP address
• The room content
  • The room name
  • The room icon
  • The room description
  • The room membership
• Your changes
  • The time and message ID of messages you edit
  • The time and message ID of messages you delete
  • A history of rank changes (promotions, demotions) and who changes your rank
  • A history of things you do to other users, if appropriate
• Room changes
  • Who enters the room and when
  • Who leaves the room and when
  • Who gets promoted/demoted and when
  • Changes to the room name, avatar, description, etc - when they happened-

I love how I’ve addressed this numerous times but you’re still unable to understand the difference. Trusting that the protocol works correctly is different from trusting people operating a server. Clearly this is a concept that is beyond your comprehension.

I clearly understand the difference, what you fail to address is that at the end of the day you are placing your trust in a third party, whether its the code, the protocols or a back-end server. Matrix removes the server if you host your own and never interact with other instances, but otherwise, you're still trusting the code and the protocols and that - as I've pointed out above - that what you're recommending isn't already leaking tons of data. And don't get it twisted, I'm ROOTING for Matrix, it just has a long way to go to address issues that Signal clearly identified early on would hold back the platform (federation + third party clients).

Maybe go read up on where Signal comes from instead of spending your time trolling here. http://surveillancevalley.com/blog/internet-privacy-funded-by-spies-cia

I know what you're talking about but you don't want to bring it up because its all tinfoil hat wearing flat-earth conspiracy theory web of poorly connected dots. Your response is the MAGA equivalent of "do your research". I've done my research. The onus is on you to bring forth the evidence. To quote Carl Sagan, "Extraordinary claims require extraordinary evidence". Don't try and connect dots that don't back up your claim and stand proud behind what's at best poorly thought out misinformation.

first I doubt anyone compiled the code themselves and use what’s in the app store

Molly-FOSS exists and is basically a Signal fork built by a third party that removes any non FOSS components. So there are groups of people who are building the Signal code and enhancing it.

the insistence to be tied to the phone number

This is a legacy requirement (Signal used to send encrypted messages via SMS) and is now primarily used for spam mitigation. This feature is unfortunately (or fortunately depending on your POV) costing them millions now, so I suspect they will eventually be forced to look to alternative spam mitigation methods as the cost to benefit ratio starts looking cheaper at spending engineer/developer time to figure out some alternative method.

refusing to work if you don’t update (in the app store)

If you're referring to the expiration of the app ever ~90 days, this is security feature. It prevents people from using old/outdated and potentially insecure or unpatched versions of Signal. Secondly, you don't need to update via the app store. There are some Signal forks (not sure if Molly is one of them) that remove this expiration, but even they will state that you should not expect the app to work forever as Signal's always being updated and using an old client will always be liable to break as its basically not being maintained.

Even Matrix is far better in terms of privacy and it’s plenty mature at this point.

I would disagree, this guy's been finding issues and reporting them to Matrix for a while now and appears to find them every time he glances at the project. I LOVE Matrix. I would recommend it over Discord, Telegram etc, but I would not recommend Matrix over Signal.

The fact remains is that I simply do not trust Signal knowing where it originates.

This is fair. No critique against this stance.

Trusting countless researchers an security experts to read the code, understand the protocols, and provide reproducible builds,

I agree! Trust the countless researchers, security and cryptography experts.

... is a lot better than trusting a sketchy US company that was started by the CIA and NED.

You're gonna have to cite your sources.

Those clients exist despite Signal Foundation, not because they encourage community development. They are doing everything they can to discourage third party app development.

That was your original claim. None of the sources you provided back up your original claim. We can talk about Google libraries or the delay in server side code if you want to go down that path, but that's a completely different discussion. Why are you pivoting to other topics? Will you concede your original point or do you have evidence to back it up?

Look another American obsessed with Russia!

A single comment on Russia's bullshit spyware tactics does not equate with obsession. Are you going to refute the facts or continue to troll?

No, you don’t have to trust anyone. That’s literally the point of having secure protocols that don’t leak your personal data. 🤦

Unless you're reading all the code, understand the protocols, and compiling yourself you are placing your trust in someone else to do it for you. There's no way around this fact.

You suggest SimpleX, Matrix, and Briar (which I believe are great projects btw, I've used them all and continue to use SimpleX and Matrix) but have you read the code, understand the underlying protocols, and compiled the clients yourself or are you placing your trust in a third party to do it for you? Be honest.

I will agree though, if you absolutely do not trust Signal, you should use Briar or SimpleX, but neither are ready for "every day" users. Briar doesn't support iPhones so its basically dead in the water unless you can convince family/friends to switch their entire platform. SimpleX is almost there but it still continues to fail to notify me of messages, continues to crash, and the UX needs significant improvement before people are willing to put up with it.

The discussion in this thread is specifically about Signal harvesting phone numbers. Something Signal has no technical reason to do.

Let me give you a history lesson, since you seem to have no clue about where Signal started and why they use phone numbers. Signal started as an encryption layer over standard text/SMS named TextSecure. They required phone numbers because that's how encrypted messages were being sent. In 2014, TextSecure migrated to using the internet as a data channel to allow them to obscure additional metadata from cell phone providers, as well as provide additional features like encrypted group chats. Signal continued to use phone numbers because it was a text message replacement which allowed people to install the app and see all their contacts and immediately start talking to them without having to take additional action - this helps with onboarding of less technical users. Fast forward to today and Signal is only using phone numbers as a spam mitigation filter and to create your initial profile that is no longer being shared with anyone unless you opt into it.

Now, you can say they're collecting phone numbers for other nefarious purposes but they publish evidence that they don't. Will they ever get rid of phone numbers? Unlikely unless they figure out a good alternative to block spam accounts.

Privacy and security are not based on trust

You're 100% right. If you read the code, understand the protocols, and build the clients from source, you don't have to trust anyone 😊

They could be waiting until it becomes a big issue

I guess I don't see that as a problem if its causing a big issue.

Let me throw it back to you: If you were providing a service and a third party client was using your resources and causing a "big issue" like you stated, would you not want to remediate the problem? Lets say you introduced a new feature, but it doesn't work for 15% of your user base because they're using an outdated third party client that may not get fixed for another year or two - if ever. What would you do?

Here's another example, lets say someone develops a client that lets you upload significantly bigger files and has an aggressive retry rate that as more people start using your client, it starts increasing the hardware requirements for your infrastructure. Do you just say "oh well", suck it up and deal with having to stand up more infrastructure due to the third party client doing things you didn't expect? Is that reasonable?

That link, and I could be missing it, has nothing to do with what I claimed. Mind editing your post and quoting a red flag linked at the source you provided?

A billion people tricked into using malware is still a billion people using malware. Telegram is a Russian spyware and misinformation machine. https://www.pravda.com.ua/eng/columns/2024/08/27/7472194/

Putin's Mouthpiece Demands Release of Durov (a likely fsb agent himself)

Pavel Durov has secretly traveled to Russia more than 60 times between 2014 to 2022

Durov concealed that he crossed the border more than 50 times from 2015 to 2022

• Despite the story that "the FSB took Vkontakte away from Pavel in 2014", his relationship with the Russian authorities 2015-present was good enough > that he was not afraid of being detained while entering, reentry& long stays & operations in Russia.

• In response to the publication about his possible ties to Russia, Durov deliberately deceived Ukrainians and the general public, claiming that he > was an exile in Russia and that Telegram had "no ties" to Russia.

• As proof of his lack of ties to Russia, Pavel claimed that he was no longer a Russian entrepreneur, had dual citizenship in France & the UAE.

• After his arrest in France and the statements of the Russian authorities, we know that he has a valid Russian passport.

• Russian authorities are demanding his release.

Pavel Durov, telegrams owner, repeatedly crossed the border and concealed these 60+ trips into mother russia. For those familiar with Durov's official position that he has become an exile and cannot return to his country, this fact alone should be interesting, as it probably means that Durov was not telling the truth about his conflict with the Russian authorities.

But go ahead, keep using Telegram, товарищ.

I'll reiterate my statement as you didn't address it.

If Signal wanted to block third party clients, they would have blocked them already.

Once again, even if this is the way things worked back in 2016 there is no guarantee they still work like that today.

You have to trust someone. You're not building all your software and reading every line yourself are you?

While there's no guarantees, Signal continues to produce evidence that they don't collect data. Latest publication August 8th, 2024: https://signal.org/bigbrother/santa-clara-county/

The code is open has had a few audits: https://community.signalusers.org/t/overview-of-third-party-security-audits/13243

This is the whole problem with a trust based system

Can you point me to a working trustless system? I'm not sure one exists. You might say peer-to-peer systems are trustless because there's no third party, but did you compile the code yourself? did you read every last line of code before you compiled and understood exactly what it was doing?

It's absolutely shocking to me that people have such a hard time accepting this basic fact.

What's shocking to me is the lack of understanding that unless you're developing the entire platform yourself, you have to trust someone at some point and Signal continues to post subpoenas to prove they collect no data, has an open source client/server, provides reproducible builds and continues to be the golden standard recommended by cryptographers.

I would recommend to anyone reading this to rely on the experts and people who are being open and honest vs those who try to push you to less secure platforms.

He was specifically talking to that developer. The "You" and "You're" in that quote was specifically targeted at the LibreSignal developer.

I recall the gurk-rs developer specifically mentioned that his client reports to Signal's servers as a non-official app. The Signal admins can see the client name and version - just like websites can tell what browser you're using - and could easily block third party clients if they wanted to but they don't.

If Signal wanted to block third party clients, they would have blocked them already.

They have demonstrated history of asking third party clients to not use the signal name, and not use the signal network.

The lead developer, nearly 10 years ago now, specifically asked LibreSignal to stop. A single event does not make a demonstrated history.

• Molly ~5 years in development
• gurk-rs ~4 years in development
• signal-cli ~9 years in development
• Flare ~2 years in development
• Beeper

The client that currently exists that do this do it against the wishes of the signal foundation

If you have evidence to back this claim, I would like to see it so I can stop spreading misinformation.

They are doing everything they can to discourage third party app development.

I'd say you're moving the goalpost. Other than the hostility the founder showed towards LibreSignal nearly 10 years ago now, can you source any evidence to support your claim?

Signal has been forced by court to provide all the information they have for specific phone numbers [0][1]. The only data they can provide is the date/time a profile was created and the last date (not time) a client pinged their server. That's it, because that's all the data they collect.

Feel free to browse the evidence below, they worked with the ACLU to ensure they could publish the documents as they were served a gag order to not talk about the request publicly [2].

[0] https://signal.org/bigbrother/

[1] https://www.aclu.org/news/national-security/new-documents-reveal-government-effort-impose-secrecy-encryption

[2] https://www.aclu.org/sites/default/files/field_document/open_whisper_documents_0.pdf#page=8

Signal doesn't disallow third party clients, you should always understand the risk when messaging anyone on any platform. See my post here: https://lemmy.ml/post/19672991/13312234

That's outdated information:

• Molly ~5 years in development
• gurk-rs ~4 years in development
• signal-cli ~9 years in development
• Flare
• Beeper

Go forth and contribute, fork, or create your own.

They also refuse to distance themselves from Google’s app store.

This link has existed forever at this point if we count in internet years: https://signal.org/android/apk/ - getting an app directly from the developer with no middleman is about as distant as you can get from Google's app store.

I feel like the difference is not that big, though.

But the difference is massive. Telegram, because E2EE does not work for the majority of its use cases, is hoarding tons of CSAM and other illegal content. This isn't just about the "criminals" who are adding illegal content, its about Telegram's access and hoarding of this data.

On the other hand, Signal is simply a transport vehicle for data. No illegal content is stored or accessible by Signal, its developers or anyone who may gain access to their infrastructure - the complete opposite of the situation over at Telegram. Signal cannot be implied to be storing illegal content because they simply don't store any content. Law enforcement can ask Signal to provide all the data they have on specific users, and they have, but the only data they have is when you created your account and the last day (not time) a client pinged their servers.

Texas reeks of freedom

ftfy

It's okay to not tolerate hatred, fascists and misinformation.

The paradox of tolerance states that if a society's practice of tolerance is inclusive of the intolerant, intolerance will ultimately dominate, eliminating the tolerant and the practice of tolerance with them.

Source: https://en.wikipedia.org/wiki/Paradox_of_tolerance

The fact that Signal has not run into legal trouble when Telegram has.

Because Signal cooperates as much as they can with law enforcement. Signal happily gives all the data they have and thankfully, for its users, the only data they have is the date/time the account was created and the date (not time) a client last pinged their servers; both in unix timestamp format, they don't even convert it to a proper date.

Additionally, Signal has no "public groups" like Telegram. Everything's private, end-to-end encrypted by default.

Also Signal has some really shady practices, such as rejecting and killing all third party clients.

Yeah, so that's outdated misinformation:

• Molly
• gurk-rs
• signal-cli
• Flare
• Beeper

Three of these have existed for multiple years and have not been asked to stop development. The gurk-rs dev even commented (on reddit, unfortunately I can't find the source) that it reports to Signal's server as a non-official client and that if the Signal devs wanted to block it, they could easily do so.