Signal – an ethical replacement for WhatsApp

After Trump was elected and inaugurated, Signal has finally been gaining some steam here in the Netherlands.

It's still an American company, so it's not ideal. But it's still significantly better better than letting a tech giant like Facebook have control over the most commonly used chat app.

WhatsApp needs to go and Signal is the most likely way in which we can achieve that. We can worry about the American elephant in the room later.

There is threema, a Swiss messenger that gained some popularity earlier since they had end to end encryption before whatsapp.
Unfortunately the source code is not open (even though they do get annual audits with public reports), and the client costs 3 EUR or something (once).
- Yeah, but Threema has basically no momentum behind it at all at this point.
  I'm putting my social capital behind the option that currently stands the most chance of beating out Whatsapp
- And Switzerlands records in terms of privacy sadly is far worse than most people think - even with the last attack being repelled.
  Matrix (preferably on a non-matrix.org instance) currently is the preferable non US and privacy friendly way.
- They also offer Threema Libre on F-Droid for all us folks who degoogled their phone
- Until Facebook buys them like they did with WhatsApp...?
- Unfortunately the source code is not open
  Wrong.
  https://threema.com/en/why-threema/open-source
Sadly many still don't want to switch. My most active chats are in signal now but the large majority of chats are still on whatsapp
- If you leave WhatsApp, your chats will usually follow.
Signal is based in America but it's a non profit organization, not a company. Important difference
- But being based in the United States it is still subject to American laws, and that comes with the risk of potential American spying and embargoes. Software from any American entity (be it coorporation or non-profit) comes with that risk.
America is not a monolith. Signal's developers are very much aware of the risks of operating there and probably already have several escape plans given recent developments. I also think five-eyes probably has access but getting it might be computationally expensive.

It's ethical because it runs on donations and has a non-profit business model.

Meta likely spends at least $1 billion a year running WhatsApp.

Please donate to Signal if you use it.

I like Signal. I even got all my close friends and family on it, specifically to message me because I won't use whatsapp. The PIN reminders are annoying it enough to be legitimately holding it back from mass appeal imho

Turn them off
- The fact that it's opt-out is already a reason to push people away from the app

Wish more of my contact list would switch over to Signal. It's nearly the same. I don't see why it's so hard for some people to just start using Signal instead of WhatsApp.

Oh well.

Because people are beyond stupid. "i dont want to download another app" - while having an app for almost every other store and bullshit game and whatever
- I think what they really mean is "I don't want another account".
My dad won't switch from Facebook messenger so now we have to talk via unencrypted sms
"But why, everyone is on WhatsApp", and also a lot of businesses. "Privacy? I've got nothing to hide, what are they gonna do eith my info?"
I tried switching my family over, but being unable to install it on a second device or tablet was a deal breaker.
groups/channels?

Humans are too stupid to switch from convenience to slightly less convenience even if they get privacy for free. Any amount of discomfort is too much and changing an app is basically death.

They see no value in it. They don't see that privacy is proactive measure that can protect you.
On Facebook, especially in my family, accounts get lost and hacked. One fine day, it might be someone with more influence in the family who's attacker might make off with stolen bank information or passwords.
but "that'll never happen", right?

Proprietary servers is still proprietary software

Don't let perfection stand in the way of good enough
It may not be the holy grail, but moving away from Meta-owned Whatsapp is already a pretty significant improvement
- I agree and it would be much better if people would use Signal instead of WhatsApp, but I think there's still one problem.
  Due to how messaging platforms work, every time you switch you lose pretty much everything (messages, media, etc) This makes switching very hard even for a nerd like me, because if Signal is not "perfect" it means that I will have to switch again at some point and lose everything again.
- Be careful with that ol' Chestnut. Circumstances may dictate perfection, where less than such may be catastrophic.
- https://dessalines.github.io/essays/why_not_signal.html

signal not being on fdroid is a strike against them

It is though. I currently use Signal installed through F-Droid. You just need to add a separate repository.
Fair. There is Molly on fdroid if you like.
- Molly is great.
- Can't find it though
Signal is on F-Droid.
You can always install a release of any Android APK from a git repo using Obtainium.
Signal releases

signal requires a phone number and won't even allow you to send sms to those that aren't on signal.

its better, but still not great.

It used to function as a fallback SMS/MMS messenger (like how iMessage does) but when Google started moving to convert Android from SMS/MMS to RCS Signal made the hard decision to cut the fallback functionality rather than follow Google's new framework.
I personally hope once the dust settles Signal designs a RCS engine and restores the fallback functionality.
- Yeah killing the sms function was basically a deal breaker for me, no matter how much I tried I could only get three people to use Signal, the rest were all sms. When the sms feature was removed 2 of the 3 dropped Signal completely, so now the only person I know who still uses it is my mom and even she still flips back and forth between Signal and Google messages when texting me.
  I still have Signal on my phone and suggest it people when they ask how to contact me, but everyone just wants to text my phone number.
If you need to send sms to someone not on signal, why not just send them an sms
- if they need my phone number to have an account anyway, they can offer both.
  i dont need more apps that do the same thing. i need less.

The exit plan from WhatsApp is quite simple. Start by installing Signal and setting it up – it takes only a couple of minutes. Then, resume any WhatsApp conversations on Signal if that person is already a Signal user. If they are not, then switch to regular text messaging and gently suggest to that person to switch over to Signal.

Sadly for me, this doesn't really work for some relatives as

They live abroad and the cost of sending text messages abroad is not insignificant
Some are so tech un-savvy that even installing a new app by themselves is too much.

All I can do for those relatives is to leave WhatsApp installed but take away basically every permission I can, including running in the background.

They live abroad and the cost of sending text messages abroad is not insignificant
Signal is free just like whats app. For text, calls, and video. So that isn't a problem.
I too have friends and family in different countries, one of which is crazy about whatsapp. I simply tell them this is how we are going to do things now, and walk them through it. It is not hard. If they can't do it, well then we don't need to communicate this way. Whatsapp is not an option. It is that simple.
- Signal is not capable of SMS and quite a lot of people still use it.
  yes, i know SMS isn't secure at all. but if the option is "keep in touch with close family" or "don't keep in touch" they will probably choose the former if they want to keep that.
They live abroad and the cost of sending text messages abroad is not insignificant
Signal is free just like whats app. For text, calls, and video.
How did they get WhatsApp installed? Is a FaceTime or other video option available? Never give up, never surrender
- I was with them helping them out. For reasons I won't discuss here I won't be able to visit them anymore, so that avenue is gone 😞.

I wish I could do this, but trying to convince people to ditch an app they've never had problems with and where they all have their family, friends, work groups and school groups already mashed together, how do you convince them? Its not even about me convincing my friends or family, its about everyone else doing the same and when everyone has so many contacts in WhatsApp, that number starts to snowball real quick. Its just not feasible to try and explain this to someone who literally doesn't care. I mean even though I myself know what Meta is and how Zuck is complete asshole, I still can't switch off of WhatsApp because nobody I know is on Signal and I'd just be alone there. What's the point? WhatsApp is pretty much the first app anyone installs on their phone (regardless of platform), they're not gonna switch now.

Well, just an anecdote:
I simply deleted my WhatsApp and moved to signal. Just did it.
People installed the app, at least the ones that cared about staying in touch. Which was most everyone I cared about staying in touch with. A few of my friend groups also moved the group chat to signal, though all of them do have other ones with the people who didn’t care enough to move too, but I hear it isn’t that big a deal, they had multiple groups before and will have in future, doesn’t really feel like any extra hassle they say.
It’s been fine. No problems. I’ve had more trouble trying to explain to my extended family why I’m no longer posting on instagram. Those I never had in WhatsApp either back in the day, so they “stayed in touch” by watching my pictures I suppose. But I just consistently tell people they can reach me always via signal or plain old sms.
I guess the biggest thing to be scared about would be fomo for most, but I don’t really care enough, I’ve got so much going on already that it’s more of a blessing that I don’t have to be involved in every conversation or meme sharing or whatever.
It really gets so easy after simply switching. Just do it and that’s that. The people worth anything come with you, it’s just another app and another group chat or personal chat. Most already have discord and the meta messenger whatever its name is these days anyway. I know zero people with only one messenger/chat app and unsplintered groups across them. It’s not a big chore, and if it is, there’s always sms.
- I guess the biggest thing to be scared about would be fomo for most
  I don't mind missing out on some things, but I would mind missing out on literally all of the things. Everyone is on WhatsApp and trying to convince people to switch to a different app when, from their perspective, their current app has over 99% uptime, their kids, their family, their extended family, their friends, all are on WhatsApp. Its the same for me, its everyone. Its just a different situation in Europe.
Yep. I know the details. I'm tech savvy enough, but I use what my contacts use, and I'm not leaving WhatsApp. Same goes for youtube. The content I consume is there. There is no suitable alternative until the content creators switch. It's not really about the technology at all.
WhatsApp is pretty much the first app anyone installs on their phone
Is this really the case?
Maybe it's a regional thing. I'm in the northeast US, and nearly everyone I know uses Facebook Messenger as their main form of communication, even people who don't touch Facebook at all. I hate Messenger for the same reasons that people hate WhatsApp, but I still have to use it because my entire social circle does. If I want to message someone outside Messenger without giving my phone number out, I use my Google Voice number.
I've only ever used WhatsApp to talk to work contacts overseas, and I've only ever used Signal to talk to paranoid drug dealers, which is a use case that's mostly been replaced by Telegram now.
- In my region in Europe, it really is. EVERYONE uses WhatsApp. I'm not sure the last time I saw someone use SMS, its all WhatsApp. iOS, Android, its all there.
Just ditch WhatsApp. Don't give in to social pressure to install malware on your phone
- The problem is there's no one on signal that I want to talk to. So "just ditch the app" isn't actually helpful.
- There's nobody on Signal, that's the problem. If I want to miss out on all of my group conversations, work conversations, messages between myself and others, then yeah, I can switch. But if I want to receive any messages at all, I have to keep WhatsApp installed.

A truly ethical replacement would not need a phone number

- Matrix still has it's problems. All the meta data is still saved on every server permanently.
  There is still space to improve from there.
And it would have as much spam as email.

You can use Signal with a different client. Signal being operated within the US has no effect. As of now the jurisdictions that I know of to be worried about are:
The UK, where Apple was recently ordered to remove end-to-end encryption features, and have been gagged from talking about it
Sweden, where a law is proposed to add an encryption backdoor
The EU, where leadership is pushing for an encryption backdoor
My understanding is that the Indian government under the BJP and Congress has been pretty consistently anti-encryption, and violated privacy rights
France arrested the founder of Telegram for using end to end encryption in Telegram
Australia in 2018 passed a law that enabled the government to require communications platforms add a backdoor for government decryption. The Director of the Australian Security Intelligence Organisation (ASIO) said that “privacy is important but not absolute”. Which has the same vibes as "this is not about human rights, this is about human life."
WhatsApp was previously suspended in Brazil for refusing to hand over decrypted messages.
Austria is in the process of passing legislation allowing police to backdoor encryption in messaging apps
China and Russia are very obvious problems. Here's an easy one of many examples
The White House both in Trump's first term and in Biden's presidency were pro-encryption. Signal and Tor were US government funded projects. That's not to say the US is great on encryption, and there have been laws in the past that did/were proposed to limit it. But, as of now, it seems that the US is (edit: one of) the most hospitable jurisdictions for encrypted messaging non-profits.
BTW, I'm not saying using Tox is bad, or that Signal is good, I'm just talking about the US jurisdiction part.
Well yeah we could also use Briar or whatever... but would your grandma?
- i've only managed to get some of my fam to move over to signal. the other half full on refused
- Not sure if you're actually sincere or are sarcastically making fun of Tox's onboarding. That's a long key.

TIL I have no family I care to keep in touch with and I have no friends.

Ya it’d be better if it didn’t require a phone number but it’s a solid start as it’s build up a user base over the past decade. Matrix is good but I know far less people that use it and it’ll be a long time of growing with nerdy/geeky communities before it starts getting more mainstream users

How do we know signal isn’t also run by a techbro who just wants our data?

I don't think that the founders are bad people. If you look at their history of work, they have done enormous amounts of work in the computer security sector. The founder, however, did run a cloud based WPA cracking service.
Meredith Whitaker, who is the president, used to work at Google doing research for "issues related to net neutrality measurement, privacy, security, and the social consequences of artificial intelligence".
In 2018 she then staged walkouts at Google over concerns of sexual misconduct and citizen surveillance.
The people on Signal's board seem to be trustworthy people with a pretty airtight background. You have to worry more about the mobile operating system compromising you than do you about Signal.
Does it really matter who made it if you can see the source code? You don't have to trust them.
- That’s kind of a core tenet of libre/open software, innit? Independently verifiable software that you can change at your pleasure.

How about Delta Chat? At least as secure as Signal, open source, and decentralized.

Not saying that it's necessarily a bad option, but my biggest issue with delta chat is that it does not offer forward secrecy (if a user's private key is compromised, past messages can be revealed); Signal does. Delta no question beats signal in decentralization, though email is less decentralized than it seems--how many people do you know who still use gmail? Delta also inherently leaks metadata on whom you're communicating with to the email host (that's just imap/smtp). Signal can mitigate this somewhat with Sealed Sender (which gives one-way anonymity), though it can be broken with statistical analysis, and signal metadata is more identifying due to requiring a phone number.

My wishlist is an app which is not linked to a phone number, is multi platform and has a web app. It should be none US and open source. That isn’t too many requirements and yet nothing seems to full fit the bill? Anyway good luck trying to get school parent’s groups to use something other than WhatsApp.

https://delta.chat/
Matrix fits the bill.
Unless you don't like the federated nature.
XMPP/Jabber via a web client like movim.eu sounds like it ought to work!
You can also look into Snikket as a host for small groups like friends or family, but can continue to use the Movim web client even if you're hosting with Snikket rather than Movim itself.
Matrix and Element. Run your own server if you want or use a server that's not in the US.

Don't ask me for a phone number and I'll use it.

When did WhatsApp start allowing signups without a phone number?
- No clue. Never even tried to use it since it's a Meta product. I was referring to Signal's phone # requirement being a non-starter.
The irony of you posting this on lemmy, which won't allow posting from a VPN or masked email addresses is not lost on me.
The amount of hoops I had to jump through to make this comment and maintain some semblance of privacy is infuriating but at least it's not reddit I guess?
But do go on about your security standards...
Edit: BTW, you can set signal to hide your number completely. Combined with FOSS-based encryption keys on-device makes signal the only choice for trying to maintain freedom of expression globally.
Nothing will protect anyone from messaging with a snitch who knows how to screenshot though. Food for thought.. get to know your neighbors now.
- If you're reading this comment, I posted it from proton vpn
- You're using the wrong lemmy server then, no problem with mine
- It doesn't matter if you hide the number; at some point they deanonymized you when you signed up.
  Want to be a dick about "hoops"? Get a number that isn't traceable. It can be done, but it's tough. I doubt its possible in the countries that really need anonymity of association.
- Duck duck Go VPN connection here

I would like nothing more, but so few of my contact group are willing to switch away... despite all of Meta's bullshit. I resent being made to use it whilst their AI/ads encroach further and further.

How about matrix?

Don‘t.
- Overdramatic blog post,sorry. I can't stand the whole "fremmium" crybabies that then literally recommend the next freemium or "non transparent funding model" service.... And don't understand the fundamental difference between the Protocol and one of its implementations.
  Matrix as a protocol is solid and is used far beyond the Matrix messenger. (e.g. the French and German governmental messenger, the German healthcare messenger,various armies,etc.) With a lot of commits coming from there - but not enough funding,that is definitely an issue.
  The current issue with Freemium is solely limited to the matrix.org instance. There are hundreds of federated instances out there that aren't Freemium and won't have the need to go that way as they are funded differently.(e.g. the Lemmy Instance I am currently writing from, feddit - we are financed through other means) As they are federated it doesn't matter - and honestly, I personally tend to see this as a good thing - it will lead users away from matrix.org towards other instances, making the whole network more reliable and decentralized.
  There are two other issues that are relevant, though: The way the foundation is run is not ideal, definitely - there are and were issues and I am not happy with some management decisions, but at least they are getting somewhat better recently (government board). The whole protocol does not evolve as fast as it should be and this is an issue,especially as a it also affects bug fixing. As an executive for a (much smaller) company myself I see management issues and infighting due to lack of leadership within the foundation and I am not happy with that. The second issue is Element as a company that does things companies do - focus on making money. This in theory would be a good thing if Element would send enough money AND effort upstream to seriously bring the whole project forward. For a long time this seemed to be the case,but licensing issues and the "stale" development off Element X(Matrix 2.0) has me questioning that as well - but recent changes show us hope in that regard. We also need to carefully reconsider if element is keeping too much"closed" source code for monetized features and what influence VC really has. In conclusion: We need better leadership for Matrix,more transparency and more funding.
  The good news is: It doesn't mattter too much - if the current foundation fucks up and goes belly up it is not the end of Matrix - the protocol is decentralized enough and the licencing of the core components permissive enough for another (better?) foundation to start over. There are dozends of clients available and we have alternative servers available by now.
  The funding part nevertheless is my major pet peeve here. All around Europe governments try to get rid of US tech - and use Matrix protocol based products. But they hardly if ever fund that. If Germany, France, Poland and Luxembourg (the big users) would give 5€ per year for each client they implement all issues with funding would be gone, Matrix 2.0 would be available in a few months, VC could be pushed out of elements AND they could mandate more transparency.
  The issue with funding is relevant for all NGOs and especially in tech. Running servers costs a fuckton of money.
  Signal has a respectable amount of backers but is a centralized protocol and when Trump does something shady moneywise their infrastructure,money and possibly even people will be gone within 24 hours.
  Threema has a more sustainable business model but Switzerland is,well, difficult, in terms of privacy and intelligence services overreach, especially towards traffic pointing to foreign servers or hosts.
  Revolt is a centralized service with no federation,limited selfhosting capabilities,with unclear funding(we are waiting for a financial transparency report for ages now).
  Polyproto is still not quite there feature wise and funding, etc. is unclear.
  Delta Chat is indeed an option but has massive technical limitations.
  That leaves XMPP as the sole big competition if you want non-centralised, non-US based, privacy friendly, messaging.
- That blog post was my reason to double down on Matrix.

Signal has been a good option because you can get "normal" people to use it, which hasn't been true for many of the alternatives (except Telegram, but that's a mess).
- The problem is that it was easier to get people to move to Telegram since it had an abundance of features compared to WhatsApp which was compelling for the average person that doesn't care about encryption. Signal doesn't have any of these features that make it enticing for the person.
Signal used to be the best answer to this conundrum, since it would use its own internal protocols if it could or fall back to SMS if it couldn't, unfortunately they decided to drop SMS support a few years ago, citing users that sent sensitive information not realizing they were using SMS (that always felt kinda flimsy). I really disliked this change, because it raised the difficulty of adoption, from just getting people to replace their default app with Signal to making them manage multiple apps.
Now though, you basically need to advocate socially for the change you want to see in the world. Anecdotally, I started using Signal when they still supported SMS to talk with 1 friend group, and eventually convinced most of my closest family groups to also use it, many after SMS support was dropped. Apart from 1 tech illiterate elderly couple and 1 extended family member, I haven't received any personal (non-company related) text messages in like 5 months.
- The sad truth is that the majority of people are treating WhatsApp exactly as a social network. It is there to send memes and stickers. See what others are up to without having to interact. Then mindlessly scroll through reels. Ocassionally purchase something via chat with a corporate bot.
If you quickly uninstall it because you don’t know anyone using it it sounds like you’re part of the problem. If someone you know installs it to try it out that’s one less person they see as well. Personally I got the vast majority of my friend group to move to it years ago by just saying like “hey Facebook sucks we should move to signal”. If you don’t want to do that should at least leave it installed it’s not like it’s taking up much space

Anyone using Session? I finally got most of my friends and family on Signal so I'm not gonna switch but I just heard about it, seems pretty good.

Basically Signal but without the weakness of a phone number & runs on a Tor-like network. It's still a work-in-progress thing but you CAN use it to send messages
Have a look here: https://www.messenger-matrix.de/messenger-matrix-en.html
I like the comparison and prefer simplex as an replacement to Signal in the Future. Self hosted Matrix Servers are a good idea aswell if you have the money and knowledge.
- Xmpp is far lighter on resources and not ran by a company with funding issues.
The only thing I don't like about Session is, it runs on a underlying crypto token, incentivizing the network to keep on going. https://getsession.org/blog/migrating-from-the-oxen-network-to-session-network imo

When they dropped sms support I was no longer able to convince people to migrate to signal.

Before I could make the argument that you need one sms app anyway so that app might just as well be Signal instead of the one that comes preloaded with your phone. That way people would gradually get more and more secure messaging as time went on. When sms support was dropped, Signal could not replace an existing app and adding another messing app is much less appealing than replacing one.

I don't believe in signal.

I use it mostly for family chats, I got the extended family to use it rather than Facebook Messenger
What makes you not trust signal as against WhatsApp?
Interesting phrasing. How so?
- I believe in it,... for now.
  I moved my family group to xmpp to have more personal control over our chats. Signal seems benevolent, but I've seen this play out before. Will it stay that way? We treat online forums with the idea that federstion works to stop enshittificstion. I believe XMPP is a good model for federating secure chatrooms for the same reason: People should control the voices of the people, not companies.

I will switch to signal when I can avoid installing stuff on bunch of my devices. Until web version is available, sorry it hard for me to switch and for me to convince other people to switch.

i dont use whatsapp that much anyways

Compare with Zangi Private Messenger. Yes, every country who has jurisdiction has access. Just ask yourself, which gov do I trust more with my private chats?

Anyone know why the Signal app isn't available on F-Droid? Isn't it supposed to be open source?

I think it's by request. the fdroid team build every single app in their repos which means that they are not always fully up to date, so signal argues that whenever they need to push a security release people on froid would take forever to update.
I think I've had this issue with simplex. I've had to wait over 2 weeks for an update. That's why I'm using obtanium for it instead
Molly is in f-droid, though it's technically third party. Looks identical though.
- I was looking at Molly.im and it has its own f-droid repo. There are two options: with and without Google servicios.

Nah, that would be Matrix, XMPP, DeltaChat or SimpleX

Jami*
Matrix isn’t necessarily p2p
- Oh yes that too

For now anyways lol

What does this mean

SimpleX as well!

The founder of SimpleX is out of his mind. Check yourself: https://xcancel.com/epoberezkin
- It doesn’t look good indeed…
  Sadly, that’s what we have to work with. The app is pretty good though
  TIL the founder is a transphobic and conservative piece of shit
IMO the best on-boarding I have seen in a chat app. Just scan each other's QR codes or click a link. No account management because ID is unique to each conversation.
Signal and WhatsApp need a phone number, Matrix/Element is needlessly messy, XMPP/Conversations is sensible IIRC (ID + password)
Just got the app. Really like the idea!

Wasn't WhatsApp essentially built from Signal's base protocol anyway? Why use the meta clone when the original is right there?

No. WhatsApp came first, but later adopted Signal's key exchange and encryption. WhatsApp was an independent company for years and had rejected several acquisition offers, but $19 billion is a big number.
One of WhatsApp's founders is now chairman of the Signal Foundation and a major financial backer of the project.
- Thanks!

I can't call ethical an app that relies on Electron.

Weird goalpost but Ok
- I think it is more of a hill than a goalpost.

No. XMPP would be the best choice.

Tell me you don't know anything about security without telling me you don't know anything about security.
- Could you explain a bit? I see main issue with Signal (though I'm not an expert, and they're not strictly related to security): it's centralized (and the server isn't even open-source).
  The question is also a lot about your threat model right?
- I guess that sucks because I make a living working in cyber security. What do I know, amirite? 🤷

I don't use Signal because they don't release the app in F-Droid. Signal devs refuse to release the app outside of Google Play Store, which is very evil.

You can download the APK once from the website, after that it updates automatically. https://signal.org/android/apk/
- I know I can. But the hostility of Signal devs to open source and F-Droid makes me uncomfortable. Why use an app with such hostility?
You can use Molly from F-Droid. They even have a full FOSS version that you can set up a self hosted notification socket for, to avoid Google Firebase.
I use obtainium to install it and it works flawlessly. The reason they don't publish it elsewhere is due to licences and push notifications iirc
I don't know, the GrapheneOS folks say that F-Droid is a potential security catastrophe.
You can find Molly from Accrescent (and apparently also from F-Droid if you must use that), which is not so much a security catastrophe.

I got tired of asking my family to download yet another app. Went iPhone at this point.

- I went from Telegram to WhatsApp. That was enough to annoy my people.
  You know and I was the biggest smack talker of apple and I got the 16 pro just to get encryption when talking to my mom and husband. I can see why people like these things.
  But it does feel very basic coming from a long time Samsung user.

telegram much better

By features, yes. By 10 miles.
Privacy? It isn't driving anymore at this point.
- any proofs?