12-10-2020, 08:50 AM
(12-10-2020, 06:41 AM)ryo Wrote: Mind you, I'm using 2 chat apps (3 if you count the Jabber server at work), neither of them are considered secure.And therefore, the logical thing to do is employ techniques like app isolation.
They're both closed source even.
But because of that, I keep the risks in mind, and not simply assume that they will keep me safe.
My point is that being careful is great, and no security system can't be improved by using it carefully. The most hardened, airgapped system in the world can be defeated by a privileged human logging in and manually running malware with root access out of carelesness. However, the opposite is true as well: you can be as careful as you want, but there's always both the possibility of slipping up (we're all human after all), or that it turns out you weren't careful enough.
That's what defense in depth is. More layers of defense, rather than trusting any single one to be infallible. Being careful is a layer of defense like any other - a perfectly good one, but best used in complement with others.
Quote:Speaking of Signal, thanks for pointing out a "secure chat app" that isn't actually secure at all.I mostly mentioned it because it's widely used and generally accepted to have good quality e2e encryption (unlike Telegram, Whatsapp, etc.). I myself mostly use Jami.
Consider this, are you sure you want to trust an app recommended by 2 rather questionable individuals (one being the CEO of Twitter, and the other being a CIA agent who might probably not even be in Russia but in China instead, working closely with the CCP)?
While I'm all for being paranoid, the fact is Signal is open source, and has received plenty of scrutiny. They're using established crypto protocols (Telegram, looking at you here) and no significant issues have come up yet. I've heard plenty of criticism about requiring a phone number to sign up, which was a privacy issue, but I believe that has been relaxed some time ago.
In the end, one thing is true: if all your acquantainces use Facebook Messenger, and you download The Perfect Secure Chat App™, your conversations are all still gonna be as secure as Facebook Messenger. If Signal is what you can convince your family, friends, etc. to use, because things like Matrix or Jami aren't polished enough or suffer from issues due to their federated and p2p nature (respectively), then it's far, far better to talk to everyone over Signal, than to have all your favourite chat software installed but still talk to people over Whatsapp and the like because nobody else is using it.
