Twilio Incident: What Signal Users Need to Know

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • Peergos

    A p2p, secure file storage, social network and application protocol

    If you're looking for a Keybase replacement, check out Peergos (https://peergos.org). Peergos is a P2P E2EE global filesystem and application protocol that's:

    * fully open source (including the server) and self hostable

    * has a business model of charging for a hosted version

    * designed so that you don't need to trust your server

    * audited by Cure53

    * fine-grained access control

    * identity proofs with controllable visibility

    * encrypted applications like calendar, chat, social media, text editor, video streamer, PDF viewer, kanban

    * custom apps - you can write your own apps for it (HTML5), which run in a sandbox which you can grant various permissions

    * designed with quantum resistance in mind

    You can read more in our tech book (https://book.peergos.org) or source (https://github.com/peergos/peergos)

    Disclaimer: co-founder here

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • session-desktop

    Session Desktop - Onion routing based messenger

    I think you're missing the part where they are in the trying to figure out how to relax that constraint phase (they have not yet) and having trouble in paradise. They're run into all the issues and nuances elucidated in this thread. They have been receiving pretty intense feedback from people who have stopped using their product because of the concessions made. And even saw their product forked the minute it became clear what they were doing: https://getsession.org.

  • TextSecure

    A private messenger for Android.

    All of your answers are in the links I provided, I'm more than happy to help, but please make an effort too.

    Here is the data that gets collected and stored in the cloud:

    https://github.com/signalapp/Signal-Android/blob/3553a28683d...

    > It also doesn't store any lists of who you contact; this claim is false.

    The entire point of Signal adding pins was to protect the data Signal now stores so that you can recover it. That includes: your contacts, profile, and settings. Signal is required to store your contacts in order for that to happen.

    Signal does not every try to deny that they collect and store your contacts. They just don't say so plainly and they often present the fact in misleading ways. Here's one example of them explaining their reasoning for storing your contacts on their servers:

    "We're trying to add support for identifiers that aren't phone numbers, since that's what we've heard from users. If we do that, your signal contacts can't live in your address book anymore. Every other app just stores that in plaintext on their servers, which we don't want to do." [source](https://twitter.com/moxie/status/1277737851107471360?s=20)

    > You linked to a repository that uses Intel SGX which is used in this instance specifically to address your false claim that the e2e encryption used is easily bruteforced.

    It doesn't "address my false claim" it supports it. Again, please read the links. Especially https://community.signalusers.org/t/proper-secure-value-secu... since it addresses both the brute force issue, and why SGX is not able to protect the data. You might find https://community.signalusers.org/t/sgx-cacheout-sgaxe-attac... helpful as well.

  • SecureValueRecovery

  • Signal (or, more accurately, one of its predecessors) used to use client-side private set intersection for contact discovery, but this scales poorly [1].

    Now they use a solution based on Intel SGX and server-side trusted computing [2].

    [1] https://signal.org/blog/contact-discovery/

    [2] https://signal.org/blog/private-contact-discovery/

  • Signal-iOS

    A private messenger for iOS.

    From my 5-minute reading of the Signal source code it seems that disabling the PIN results in the generation of a random 256-bit master key for cloud storage encryption:

    https://github.com/signalapp/Signal-iOS/blob/main/SignalServ...

    The primary developer has stated previously that cloud storage is used even with the PIN disabled:

    https://community.signalusers.org/t/beta-feedback-for-the-up...

  • ipfs-nucleus

    A minimal IPFS replacement for P2P IPLD apps

    Yep, we built a super minimal ipfs replacement - ipfs-nucleus (https://github.com/peergos/ipfs-nucleus) with added block level access control, which is also post-quantum.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Telegram is 'not a secure platform,' NATO-backed strategic comms chief warns

    2 projects | /r/privacy | 26 Aug 2022
  • Privacy vs. Parental Control

    2 projects | /r/parentalcontrols | 22 Aug 2022
  • Is anyone here using Signal?

    7 projects | /r/privacy | 24 May 2022
  • When is enough, Enough?

    3 projects | /r/collapse | 8 Nov 2021
  • Signal is experiencing technical difficulties

    4 projects | news.ycombinator.com | 27 Sep 2021

Did you konow that Java is
the 8th most popular programming language
based on number of metions?