Comment by giancarlostoro
6 years ago
Wire seemed like a decent alternative where you're not required a number, I think only an email. Also you can delete your account.
6 years ago
Wire seemed like a decent alternative where you're not required a number, I think only an email. Also you can delete your account.
It's fine, but you should know that pretty much everything Moxie and Signal talk about contrast sharply with Wire. For instance: last I checked, Wire stores your entire social graph on their servers in a database --- effectively forever, Wire stores a plaintext log of everyone you've communicated with.
To be fair, since there is no remote attestation possible for the Signal servers, and you realistically can't run one yourself, you only have their word that they don't store any of that information.
This is similar guarantees that a lot of other chat and VPN companies offer. Personally I would consider any information given out to a company non-secret, especially to those operating outside my jurisdiction.
> You only have their word that they don't store any of that information.
No, we have the fact that they don't collect it in the first place. The whole point of the Signal design, reflected in the published source code, is that the server doesn't need this type of information and so it isn't sent to their server at all.
As Thomas explained this takes a bunch of extra effort in the Signal design, hoop jumping that normal users will never appreciate. Moxie believes this is worth doing, although I think people's constant cynicism is gradually wearing him down or maybe that's just the jetlag.
If you tell me and Alice and Bob your real name, and then it's leaked to the press, I guess I sympathise if you distrust me as a result even though Alice is a famous gossip.
But if you only gave Alice your name, and then you distrust me because she sold it to the press that makes you a crazy person. "It could have been anyone". No, it couldn't, it was Alice. She's the only person you gave it to.
The difference is that Signal's competitors are designed in such a way that they have to keep this information, and Signal has delayed key features, like user profiles, until they've managed to create designs that don't have these restrictions.
So the logic you're using here is essentially: "since we have to take Signal's word for some part of this, we might as well use services that promise the exact opposite". I don't find that argument persuasive, but you do you.
3 replies →
Maybe I'm misunderstanding what you're trying to say, but remote attestation is in fact exactly what they're doing with their contact discovery: https://signal.org/blog/private-contact-discovery/
4 replies →
On the other hand, Wire lets you look at their server code, I assume there's nothing stopping you from hosting your own server.
What source code does Wire let you see that Signal doesn't?
I read on a privacy-oriented website that Wire was purchased by an American company not trusted for its record on privacy (or perhaps it was that since the company is American, their data can be read by the US govt.). I can't find it now though. There isn't anything mentioning it on the website of `www.privacytools.io`: https://www.privacytools.io/software/real-time-communication...
I never continued with Wire cause... nobody uses it, even less people use it than Signal. I think Keybase is the next best thing to some extent.
That seems unlikely, since they just raised 8MM a few weeks ago.