Signal to Ottawa: We'll Leave Canada Before We Help You Spy on Users
(www.iphoneincanada.ca)
from floofloof@lemmy.ca to privacy@lemmy.ml on 17 May 01:18
https://lemmy.ca/post/64976745
from floofloof@lemmy.ca to privacy@lemmy.ml on 17 May 01:18
https://lemmy.ca/post/64976745
cross-posted from: piefed.ca/…/signal-to-ottawa-we-ll-leave-canada-b…
Signal is drawing a hard line on the federal government’s proposed surveillance legislation: comply with Bill C-22 or leave the country. The secure messaging app says it would rather ditch the Canadian market than be forced to weaken the privacy protections it has built its reputation on. In an interview with The Globe and Mail
threaded - newest
If they left the Canadian market, what’s preventing Canadians from still using it?
I think they can use the VPN to get access to it. It’s a way to make sure governments doesn’t exert too much pressure to give up data!
True, until VPNs are also banned (like some US states are doing). One anti-privacy law passed will bring up another, then another, then another.
The Canada-region app stores like Apple or Android would be unwilling to let you download the app if the law passes. So without sideloading, it just wouldn’t be accessible.
Am I the only one who has app store accounts for multiple regions?
But actually, if this happens (and it won’t, at least this time), the next bill to go through would have to be for the right to sideload. Because all of the politicians use Signal and would need a way to install it.
And by side loading you mean installing software on a device you own, like PCs have been forever. Side loading is a 100% bullshit term created by Apple and Google to try and make sure you don’t think you actually own your devices
Ok, I’m on board. So like what do we call installing an app outside of a store?
Installing a downloaded application.
Installing for short
Installing an apk, installing directly, …
As opposed to installing from Fdroid, from gplay, …
You can also go by source, like with the stores. For example Signal android can be installed from their website (by downloading an apk).
That’s factually not true though. Side loading was a term used before Google was even a company and before devices had internet access or peripherals/accessories to directly connect media other than plugging into your computer. Before devices had internet and you had to plug them into your computer to transfer files and install non-stock software. They would just say unauthorized or unofficial software if side loading wasn’t a term. It’s not like they need that term to exist for their shit behavior.
Or people could just install it from fdroid.
Oh wait, signal isn’t FOSS so it isn’t allowed on fdroid.
what about Molly, then?
Molly is Foss, but it’s not on fdroid for likely other sketchy reasons
Its on Accrescent though
You can import the repo into F-Droid.
…and make yourself less secure, sure
github.com/signalapp/Signal-Android AGPL
Lol no.
Download the apk. It includes that AGPL and also non free blobs. Just because part of if is Foss does not make if foss
Nothing to laugh at here in my view. It is FOSS. The reason it isn’t on there is sort of procedural. You could easily build signal from source, but signal prefers only their builds connect to their servers. They of course can’t enforce this but fdroid is happy to do so.
I get it from FDroid via the Guardian repo. No issues.
Security issues. guardian repo has no acceptances criteria. Closed source blobs? Allowed.
Molly is on fdroid I believe
Yep and Molly is even better :)
I think it used to, but unfortunely Molly is not on Fdroid’s repo. You can download it from the app, but you’d need to add Molly’s repo
Not the official repo…because they couldn’t meet it’s acceptance criteria. Which is a red flag
GrapheneOS frowns upon fdroid because of apk security reasons
Well unless they want to add verified APKs of all the apps I do use to their app store, their frowning is useless because every graphene user basically needs f-droid as it stands now.
And we frown upon grapheneOS because of numerous human concerns
Any reason Signal couldn’t offer a web app client?
cuz they dont store msgs on a server. feature, not a bug
Web browsers have a local storage API.
Signal mentioned that their apps were best for security and a web browser had too many vulnerabilities that they couldn’t guarantee.
They prefer to manage their own apps - a signal desktop app being one of them.
It’s not sideloading.
This is one of the things that bugs me.
If you’re in Country A, with all your operations in Country A, and what you do is legal in Country A, why should you give a single fuck about Country B’s laws?
Seems to me the appropriate answer is basically to do what The Pirate Bay did with DMCA notices- respond that your laws don’t apply to us as we have nothing to do with your country, and if your citizens use our software that’s between you and them. It’s not our job to enforce your laws on your citizens.
so THAT’S why they are clamping down on installing apps from outside the play store.
I still dream of a keyboard that encrypts all messages regardless of the application being used. Like you type and then select the message, a pop up menu lets you encrypt the message using the code that you have chosen with somebody.
The other person receives the message directly unscrambled otherwise this implementation is DOA
Oversec is like that, but IIRC it doesn’t work correctly on the latest versions of android
Pretty sure I read stories in the past of Google or someone like them banning people who were sending pre encrypted messages over one of their chat services.
wow so they were reading every single message, amazing
A computer was anyway. These services arent necessarily reading our messages personally, but the algorithms parse them for ad placements or whatever, and it probably got flagged as being unreadable.
Edit: Some services that arent intending to be secure chat might not like the idea of encrypted content on their system either. What is it? What are they now harboring which wasn’t their intent at all? Like if you made a lemmy community and only had encrypted messages on it, a mod from the server might have something to say about it.
They still ban you now and then, if you encrypyt to their drive.
OpenKeychain has an implementation like this (not 100%) maybe that fits your use case?
www.openkeychain.org
Look up oversec.io
It basically uses android accessibility features to both encrypt and decrypt messages.
It is a bit tedious but works: fdroid.gitlab.io/…/com.amnesica.kryptey/
Edit: Just saw that the last update was 3 years ago, just keep that in mind. I think for some situations it is still useful and can be used, as the encryption and key-exchange seems to be solid.