Secure messaging


#21

Yup I didn’t use it since Riot.im and matrix was “good enough” so about 2-3 years ago. So my informations on Signal are very outdated and I should have checked out before assuming things.


#22

With a phone using Google Play Services/microG, the Signal app uses Google’s FCM only sends a call to the device to wake up and get messages from the Signal servers; it does not give Google the contents of the notification. If you use a phone without Google Play Services/microG, the Signal app opens up a direct websockets connection for notifications (which does drain more battery)

Signal server is open source and there is even a community guide on how to set up a server: https://gist.github.com/aqnouch/9a371af0614f4fe706a951c2b97651e7

Though the official Signal apps do not let you choose a custom server in the way the Riot does for different homeservers. This would mean that in order to use a custom server, you would need to modify the app source code and use your own Signal binaries.

The developers do not seem to be providing official support for the server but there is a section on the Signal community forum to help with server setup


#23

Thank you for the info, i hope they will make running a your own server and setting the client more user friendly


#24

I’ve put an order in for this phone but I was unable to pay by bank transfer from my business account. But I’ve had a think and although purism has a good ethic being based in the USA means they can’t be trusted because the USA has the patriot act. Might as well stick with lineageOS.


#25

Running on what hardware, with which (unknown) security implications?


#26

For what I know LineageOS is an Android distro, so it’s also ruled by the patriot act and like @jtl said your phone is a black box, so privacy-wise even if Purism is a US company the Librem 5 is still way better than anything that exists.


#27

Well assuming you remove all proprietary components (don’t flash GAPPS if your paranoid, drivers/blobs are more difficult) a backdoor or “deliberate bug” would need to be in the public source code. But auditing the mountain of code that makes up AOSP is a different story.


#28

On the topic of secure messaging, I’d like to add that Keybase is worth checking out. https://keybase.io/


#29

Transfer: I used transferwise several times with very low costs and without any problems. Can recommend it so far for international transfer.

Gapps: i saw that word and an alarm went off. Having an old Transformer TF101 tablet laying around. Didn’t use it for years as it wasn’t usable anymore. Just some weeks ago i put an old Timduru KatKiss Rom on it. With Gapps it rebooted over and over. Furthermore it want’s to force you to subscribe, give all your details and so on. Installed it again without Gapps and off it goes like a charme. It’s fast. It’s smooth. No login, registration and whatsoever. Google - beside other things - did millions of people really big favours and provided an unbelievable lot of free tools, bandwidth and whatsoever. But for me that’s history…

My Librem 13 is in use since about half a year. There were some - admitted - very small nooks and crannies. Beside that it just runs and works like a charme. And itself is a charme.

If you’re not sure about Purism’s integrity, have a look for it’s canary page, read their news, make yourself a picture. And then decide. Good luck.


#30

I endotse this, hopefully Purism people take a lookt at it