Secure messaging (Signal)

Yep it is, and you can expect this kind of practices from any GAFAMs (Google Amazon Facebook Apple Microsoft) (or most of the tech companies that has got some financial interest).

No (you can check all the source code of everything that Purism uses), and Purism has no interest in doing any of that since their market is privacy oriented devices and services while being a social purpose company.

I assume it will since GNOME supports it OoB on desktop. (can’t say I’m a 100% sure about that but I’m pretty confident, anyway if it doesn’t support it on day 1 you can expect an update/patch from Purism and/or the community pretty fast as it’s a really important part of the system)

Even if they are a US company I have faith in Purism and I really trust them, so for me it should be fine, but anyway they have a warrant canary that shows you that they haven’t been “corrupted” by any kind of intelligence agency. (and we can’t just start a company on Mars and have our own set of rules) :slight_smile:

2 Likes

The google-free version shows update notfications and you can download and install it with two clicks.

Too bad. I was hoping for signal, also because purism made some comments in this direction. Signal is an important feature for the L5 as I think many of the potential customers are using signal and don’t want to give it up.
I like the concept of matrix but I don’t think it will ever (in the near future) get any mass adoption.

1 Like

Signal is open source but you have to use and trust their servet, you cannot use your own server, that’s why i prefear matrix and support matrix is the best things for purism because everything is open. I prefear the purism team will focus to bring e2ee on fractal for day1 this is important.
If someone else will bring signal, telegram on librem i’ll be happy but i wont use it, can’t trust someone else pc

What about Protonmail app? If I have to use Firefox for my emails it will be a chore because I’d have to input my password every day.

So, everybody should host their own matrix server?
I host many services myself but you still have to be realistic. I would say the risk to get compromised is higher with such an approach because it’s hard to keep all instances updated and if average Joe ist hosting his own server, how secure will it be?
This is why I think signal is a good compromise.

1 Like

There was a statement about development by the community but not by Purism I think:

I haven’t found any trace of such a development since then.

1 Like

Last time I checked you couldn’t do that, so again sorry for the outdated knowledge.

1 Like

The average jou could use purism or matrix server, tech people can host their server, signal do not offer this choice

Well theoretically it does, the issue is no federation.

@Yuno Umm haha, sorry, but Signal can be used without Gapps now adays. After an update its able to work without Google Services or MicroG and will recieve SMS instantly.
Not too easy to know this if you haven’t touched Signal for… that long… I get that! :3

Yup I didn’t use it since Riot.im and matrix was “good enough” so about 2-3 years ago. So my informations on Signal are very outdated and I should have checked out before assuming things.

1 Like

With a phone using Google Play Services/microG, the Signal app uses Google’s FCM only sends a call to the device to wake up and get messages from the Signal servers; it does not give Google the contents of the notification. If you use a phone without Google Play Services/microG, the Signal app opens up a direct websockets connection for notifications (which does drain more battery)

Signal server is open source and there is even a community guide on how to set up a server: https://gist.github.com/aqnouch/9a371af0614f4fe706a951c2b97651e7

Though the official Signal apps do not let you choose a custom server in the way the Riot does for different homeservers. This would mean that in order to use a custom server, you would need to modify the app source code and use your own Signal binaries.

The developers do not seem to be providing official support for the server but there is a section on the Signal community forum to help with server setup

1 Like

Thank you for the info, i hope they will make running a your own server and setting the client more user friendly

I’ve put an order in for this phone but I was unable to pay by bank transfer from my business account. But I’ve had a think and although purism has a good ethic being based in the USA means they can’t be trusted because the USA has the patriot act. Might as well stick with lineageOS.

Running on what hardware, with which (unknown) security implications?

For what I know LineageOS is an Android distro, so it’s also ruled by the patriot act and like @jtl said your phone is a black box, so privacy-wise even if Purism is a US company the Librem 5 is still way better than anything that exists.

Well assuming you remove all proprietary components (don’t flash GAPPS if your paranoid, drivers/blobs are more difficult) a backdoor or “deliberate bug” would need to be in the public source code. But auditing the mountain of code that makes up AOSP is a different story.

On the topic of secure messaging, I’d like to add that Keybase is worth checking out. https://keybase.io/

1 Like

Transfer: I used transferwise several times with very low costs and without any problems. Can recommend it so far for international transfer.

Gapps: i saw that word and an alarm went off. Having an old Transformer TF101 tablet laying around. Didn’t use it for years as it wasn’t usable anymore. Just some weeks ago i put an old Timduru KatKiss Rom on it. With Gapps it rebooted over and over. Furthermore it want’s to force you to subscribe, give all your details and so on. Installed it again without Gapps and off it goes like a charme. It’s fast. It’s smooth. No login, registration and whatsoever. Google - beside other things - did millions of people really big favours and provided an unbelievable lot of free tools, bandwidth and whatsoever. But for me that’s history…

My Librem 13 is in use since about half a year. There were some - admitted - very small nooks and crannies. Beside that it just runs and works like a charme. And itself is a charme.

If you’re not sure about Purism’s integrity, have a look for it’s canary page, read their news, make yourself a picture. And then decide. Good luck.

I endotse this, hopefully Purism people take a lookt at it