I entirely understand that the more secure and private a means of communication gets, the less convenient it is. That being said it seems like there should be some way to be reasonably secure while still being able to promote these types of things.
To be completely transparent I am not planning on being said organizer of protests, but recent events have simply piqued my interest in the topic. I’ve read certain frequently referenced materials like “What is Security Culture”, “Confidence Courage Connection Trust”, and “Mobile Phone Security for Activists and Agitators”. I feel like the more resources I read the more it seems like there is no general consensus on the best solutions even for similar threat models.
So far the only thing I’ve truly gathered is that if you want the best security and privacy you should just not use online communications, which obviously is sub-optimal for gaining traction.
Some people say using Signal is the best means of communication, but that the use of phone numbers and centralization could be a concern. Some people say SimpleX, but cite concerns about notifications or how it hasn’t been around long enough to be fully vetted. There’s Briar which actually seems great but goodbye to every iPhone user.
Is there any completely solid answer to such a scenario where privacy and security must be upheld while maintaining outreach? I get all things will have their tradeoffs, but is the best solution really just using network communications as little as possible and being careful about your presence?
I don’t agree with the overall logic of that first article. It makes a huge assumption that the CIA has influenced Signal, but as with F-Droid (who just received a grant from the same OTF), the funds go from Congress to the USAGM (formerly RFA) to OTF to regular folk, nonprofits, charities, etc.
The OTF is an independent nonprofit corporation, with its own set of board members, and they make their own decisions. Could they all be bought by the CIA to secretly fund backdoors in open source projects? I suppose, but that would be a possibility fallacy to imply: because it could, it therefore is.
Lots of money moves around the government, and even it doesn’t always know where it all goes. People should be able to make informed choices, but paranoia and tinfoil aren’t going to help anyone.
I also like how the “good alternatives” blog post shows a bunch of apps that basically have “less secure”, “not compatible” or “unstable” as caveats. Signal is (for now) still gold standard for messaging apps overall.
It’s also stupid easy to set up. I got my whole family to switch in two days.
I like the way SimpleX does everything much more, with the anonymous contact tokens, but Signal is still open source and doing things like local-only storage, ephemeral chats, password protection for the app, etc.
It’s fair to keep an eye on any service that’s centralized, but thus far, it’s probably the best option out there for people who aren’t technically-minded or otherwise don’t have the patience to get into the weeds of some of those other apps.