I’m using Signal, but after I found out that it’s not as privacy-friendly as it claims, I’m uneasy about sharing my address there. I trust the person who asked for my address, but not the service. What’s a safe way to share? I was thinking of something like a self-destructing pastebin, but surely you have better ideas.

    • Dessalines@lemmy.ml
      link
      fedilink
      arrow-up
      5
      arrow-down
      29
      ·
      3 years ago

      Pretty much everything about it is unverifiable, because its a centralized service and you ultimately don’t know what the server is running. Contrast that with self-hostable apps which must pass verifiability checks, because people can host their own instance.

      • ancom@lemmy.ml
        link
        fedilink
        arrow-up
        32
        arrow-down
        1
        ·
        3 years ago

        Clients are open source. Independent clients exists and they work. So the server must kind of do what signal claims, otherwise those devs would notice.

      • shrugal@lemmy.world
        link
        fedilink
        arrow-up
        27
        arrow-down
        1
        ·
        edit-2
        1 year ago

        This is suspicion on the level of “you can’t be sure reality didn’t just pop into existence 10 seconds ago”. You can never be 100% sure of what others are doing on their hardware, or of anything really, especially if other people are involved. Your chat partners could leak all your chats and metadata for all you know!

        What we do know is that Signal is operated by a non-profit foundation, their client and protocol are open source and considered the gold standard for privacy by pretty much every expert on the subject, they had multiple independent audits and a very good track record, they were subpoenaed and couldn’t comply because they didn’t have the requested data. That’s about as good as you can get.

      • balance_sheet@lemmy.world
        link
        fedilink
        arrow-up
        13
        ·
        1 year ago

        Selfhost your own self destructing pastebin.

        Just be sure to read every single line of code before you do. You don’t know what that selfhost solution which has 5k+ stars and dozens of forks is hiding.

        Or just write one your own.

        You should be using TailsOS the whole time. You know what? They’re scummy too. Just write your own OS.

        You know what? Just don’t use computer. Use good ol paper and hand it to him.

  • Azzu@lemm.ee
    link
    fedilink
    arrow-up
    23
    ·
    1 year ago

    Matrix and even Signal you reject for some reason work fine with no one being able to see the content of your message except the one you sent it to.

    • JDubbleu@lemmy.world
      link
      fedilink
      arrow-up
      51
      ·
      edit-2
      1 year ago

      I’ve never heard anyone other than OP have any privacy concerns over Signal. Their encryption method is rock-solid, and they win the award for best response to a government subpoena

  • crunchpaste@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    1 year ago

    I guess you can use wormhole to transport the data to your peer, and if you’re extra paranoid encrypt it asymmetrically with something like age.

    Then again you can just encrypt it with age and send it over Signal. There should be no risk involved in sharing public keys even if you don’t trust their servers.

  • treadful@lemmy.zip
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    https://1ty.me would be described as a “self-destruting pastebin.” I’d generally be careful about what you can put in there (e.g. put partial information in it with no context) but it seems to do the job.

    But the real answer is probably PGP/GPG.

  • latca@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    You can both get PGP, exchange public keys and send encrypted text with whatever service you want.

  • LazaroFilm@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    The cloud is just someone else’s computer. If you want real privacy self host it. Raspberry Pi are cheap again.