“Signal is being blocked in Venezuela and Russia. The app is a popular choice for encrypted messaging and people trying to avoid government censorship, and the blocks appear to be part of a crackdown on internal dissent in both countries…”

  • whyNotSquirrel@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    3
    ·
    3 months ago

    could matrix.org be as easily blocked, since it’s decentralized I’m wondering?

    At least it means that Signal is working as intended if they are blocking it, I guess that they don’t have back doors.

      • TarantulaFudge@startrek.website
        link
        fedilink
        arrow-up
        3
        ·
        3 months ago

        I can answer this! All matrix calls are over https APIs. Ports and addresses are stored in a text file on the base domain or in DNS txt entry.

        • ivn@jlai.lu
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Thanks, nice to have someone knowledgeable.

          Would you say matrix is censorship resistant? I’ve very limited knowledge of it but given what you said I imagine that if I was trying to block matrix I would just need to query the url of the text file and check the DNS text entry, if either exist just add the domain to the blocklist.

    • foremanguy@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      Matrix is in fact decentralized but in reality it is not so much, I don’t know the number exactly but the majority of users use the matrix.org server

      • TarantulaFudge@startrek.website
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        It cannot be easily blocked especially if you use your own homeserver every homeserver replicates the channel and it can operate without the original server! That’s why signal and telegram are inherently flawed.

  • Railcar8095@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    3 months ago

    Why countries that do not prosecute political dissent bock apps used by political dissenters? /s

    • ivn@jlai.lu
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      Telegram is not secure, I guess if you can listen to it better not block it.

    • CaptainSpaceman@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      WhatsApp supposedly uses Signal protocol.

      Why is THAT not blocked? Certainly they wouldnt roll their own encryption and bypass Signal security protocols after having Moxie come in, right? Right???

    • Dark Arc@social.packetloss.gg
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      edit-2
      3 months ago

      I mean it was blocked before Signal was blocked. Russia somewhat famously badly broke their Internet trying to shutdown telegram… and eventually gave up.

      I’m guessing Signal finally has enough market share to get the Russian government’s attention but not enough market share that they think the web of proxies that kept Telegram online will keep Signal online.

    • ReversalHatchery@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      It depends. Somehow it has to discover the peers. Other than that, they could block traffic between residential IP addresses and there goes large part of the P2P network

      • Todd Bonzalez@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        Russia and Venezuela are huge hotbeds of piracy from populations without access or capital to access most forms of entertainment.

        Breaking P2P in this manner would basically be getting rid of the circus part of bread and circuses. Not a good move for an authoritarian.

    • MigratingtoLemmy@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      Yes, but you’ll have to install them from sources other than what governments deem official. Like F-droid.

      Now, if they block p2p traffic that’s a different story

    • Dessalines@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      I wrote this, but I’d also like to add Drew Devault - Why I don’t trust signal. There’s a huge disconnect between what privacy advocates are saying about signal, and what reddit “privacy” communities think about it. If you read the article I linked, you’ll see its because the Open Technology Fund (a US state-run entity), actively pushes signal in privacy spaces.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        3 months ago

        Signal is secure and anyone who says it isn’t needs to have very strong evidence. It has been audited by hundreds of people at this point.

        • Dessalines@lemmy.ml
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          edit-2
          3 months ago

          Source: trust me bro.

          Seriously tho, that’s been most of the defense of signal advocates, with zero backup other than signal’s own claims. Signal is not self-hostable, and all the data lives on a centralized, US-domiciled server, subject to NSL requests (the US issues ~ 60 of them per day).

          Unfortunately you can’t verify what their server stores, nor the metadata that they are legally required to share with the US government (which includes phone numbers, and your name and address).

          BTW if signal is secure, can you give us your phone number, so we can use it with you?

          • Possibly linux@lemmy.zip
            link
            fedilink
            English
            arrow-up
            1
            ·
            3 months ago

            Signal is end to end encrypted. Everything related to encryption happens inside the app. It doesn’t matter if the server is in mainland China it would still be secure. However, that doesn’t mean it is anonymous. Signal is pretty bad from that perspective.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      Signal might be one of the most audited pieces of software in existence. Any criticism is likely either coming from or is supported by countries that fear encryption such as China, Russia and Iran.

      The big downsides of Signal are that it requires a phone number and that is depends on Signals servers. That is it. You messages are completely safe as all messagers use the same underlying cryptography.

      • Dessalines@lemmy.ml
        link
        fedilink
        arrow-up
        0
        arrow-down
        1
        ·
        3 months ago

        The audits mean nothing for a server domiciled in a Five-Eyes country. Signal has your phone number, and the other phone numbers you talk to (social connection graphs), and it is 100% illegal for them to tell you that they’ve been issued a national security letter divulging that information.

        • fira959@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          3 months ago

          The entire protocol is build under the assumption that you do not need to trust the servers. Let the NSA have then, it doesnt matter. On the other hand 95% of Matrix users are hosted on Matrix.org which was not only hacked several times, but would be an ideal target for any agency to compromise. Its naiive to belive the big Matrix hosts arent compromised. The only effective defense is to build your system around the assumption that the server is compromised, which is what Signal did.

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          You shouldn’t trust a server to do your computing for you. Assume any data the server has about you to be available to all.

  • D61 [any]@hexbear.net
    link
    fedilink
    English
    arrow-up
    1
    ·
    3 months ago

    blocks appear to be part of a crackdown on internal dissent in both countries.

    Or… you know… at least for Venezuela, the USA constantly fucking around with their elections and politics and local assets using Signal or something. Maybe, I dunno?

    • Railcar8095@lemm.ee
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      3 months ago

      Yeah. Telegram, should be next, there’s a huge risk with it too. And email! Social networks too, just in case. And postal mail, we can’t forget that. We should crack down any form of uncensored communication.

      All for the benefit of the people, of course. \s

        • Dessalines@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          3 months ago

          The current president of Signal is also still happy to do interviews with US-defense-oriented think tanks like Lawfare.

          They probably still are funded by USIntel, considering how interested RFA was in pushing Signal in privacy-oriented spaces.

      • D61 [any]@hexbear.net
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        Self defense is self defense, would we expect some different behavior from a country being attacked from outside interests with publicly accessible end to end encryption services?

        • Railcar8095@lemm.ee
          link
          fedilink
          arrow-up
          0
          ·
          3 months ago

          Publicly accessible: reviewed and audited by hundreds of teams that confirmed there’s no backdoor. Venezuelan, Russian and Chinese governments didn’t find the holes, even having access to the code. If they did, they would be exploiting it to… reeducate.

          Yeah, I would expect to trust that. Still, you said yourself, the problem is that is used by dissidents. And we can’t have that, right?

          • Open source, except when they do not publish it. Funded incredibly heavily buy the United States Intelegency Agencies. That would be more than enough to raise red flags for any nation that is not on the best terms with the United States.

            Signal in all likelyhood is a honey pot

            • fira959@lemmy.ml
              link
              fedilink
              English
              arrow-up
              0
              ·
              3 months ago

              Funded by the US? Well thats the entire internet, including Tor, Linux and Matrix…

              Amazing how much BS is spread here

              • The server is arguably more important, that is where the data and meta data itself are stored. Linux has never hid its source code for a year, and matrix can be self hosted.

                I mean if you want to trust a honey pot go right ahead

                • fira959@lemmy.ml
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  3 months ago

                  Your claim about it being a honey pot is entirely baseless. There is a significantly better chance you are working for the US to prevent people from using signal…

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        3 months ago

        We can’t have individual thinkers running around can we. We need a shared vision that is dictated from the top down.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      2
      ·
      3 months ago

      I’m pretty sure Venezuela was unstable before the US started getting involved.

      Anyway Signal is secure so that shouldn’t be the problem. It has more to do with the government working to crush civil liberties and independent thought.

      Same story in all authoritarian countries

      • ☭ Comrade Pup Ivy 🇨🇺@lemmygrad.ml
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        3 months ago

        First no Venezuela was stable before US medeling.

        Second, “is secure” is quite a leap, it is funded to a sickening extent by the United States government, has gone about a year before opening up its source code, and is in the US where there is a law that says if the US government says show us everything and keep quiet, they have to do that. There are real concerns

        Or you can uncriticaly say “Athoritarian Country” with no defineing term there, or real understanding of Athoritarianism and disreguard all concerns from these countries.

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          arrow-down
          1
          ·
          3 months ago

          The US government funds it because they use it heavily. I think you should pay for software you use.

          Also Venezuela has never really been stable. You could argue that the US made it worse but honesty the problem is everyone getting involved.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      Matrix isn’t secure depending on how you use it. It also doesn’t protect individual identities terribly well.

      Simplex Chat would be the better option however the main Simplex Chat server and matrix server could end up blocked as well.

      • Dessalines@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        3 months ago

        Matrix is entirely self-hostable, and you can turn off both federation, and the requirements for any linkable identifiers.

        Signal by contrast requires your phone number, isn’t self-hostable, and is based in a five-eyes country.

        • Lemongrab@lemmy.one
          link
          fedilink
          arrow-up
          1
          ·
          3 months ago

          Matrix doesn’t protect metadata, which is arguably just as (if not more) important than message data. Signal by contrast does protect metadata and proper implements Perfect Forward Secrecy for all chats. I do think Signal’s centralized design and phone number requirements problematic, but Signal still has many merits. Such as its massive user base for a AGPL-only project.

  • Dessalines@lemmy.ml
    link
    fedilink
    arrow-up
    0
    arrow-down
    1
    ·
    3 months ago

    Smart move, considering Signal is a US-hosted centralized service that has to comply with US NSL laws.

    These comments below seem to be unaware of all the issues privacy advocates have of signal.

    • ivn@jlai.lu
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      I don’t get it, are you really arguing that Russia and Venezuela are blocking Signal to protect their citizens from American snooping?

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          3 months ago

          Mass censorship is never good for civil liberties. Let people decide on there own.

          Also Signal is cryptographically sound. Many other messagers use a similar protocol

          • Dessalines@lemmy.ml
            link
            fedilink
            arrow-up
            0
            arrow-down
            1
            ·
            edit-2
            3 months ago

            As I commented below, US security forces aren’t that interested in message content anyway, since they don’t have time to parse through every message to construct meaning. Signal does require your phone number tho, as well as message timestamps, meaning they can build social graphs of real people. Tons of metadata living on a single US-based server.

            • Possibly linux@lemmy.zip
              link
              fedilink
              English
              arrow-up
              1
              ·
              3 months ago

              It doesn’t matter if it is US based. You shouldn’t trust the server.

              Signal has known issues. That doesn’t mean it is entirely bad though. Saying things like Signal is insecure is simply untrue. It has weaknesses but it also has the benefit of protecting your messages completely and being well established.

        • QuadratureSurfer@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          3 months ago

          Isn’t the whole point of something like End-to-End Encryption so that not even the company themselves can read your messages?

          In that case it wouldn’t matter even if they did turn the info over.

          Edit: I read more into the page you linked. Looks like those NSLs can’t even be used to request the contents either way:

          Can the FBI obtain content—like e-mails or the content of phone calls—with an NSL?

          Not legally. While each type of NSL allows the FBI to obtain a different type of information, that information is limited to records—such as “subscriber information and toll billing records information” from telephone companies.

          • XTL@sopuli.xyz
            link
            fedilink
            arrow-up
            1
            ·
            3 months ago

            The company, or any middleman, can read your messages if they have the keys. In many services, the keys come from the company. EEE is only as trustworthy as the clients and processes you use.

          • Dessalines@lemmy.ml
            link
            fedilink
            arrow-up
            0
            arrow-down
            1
            ·
            3 months ago

            You can read my article, or Drew Devaults on why he doesn’t trust signal, which get more into this, but the short version is that US security forces don’t have time to read the content of everyone’s message anyway, they care more about the metadata: message timestamps and social graphs.

            Signal stores all that data (via required phone numbers, meaning its linked to your real name and address), and via the US’s key disclosure laws, it would be illegal for them to tell you that the US government is hoovering up that data.

        • ivn@jlai.lu
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          My question was more about the motives in this case.