We started a new privacy podcast.
from signaljam@lemmy.ml to privacy@lemmy.ml on 25 Jul 13:57
https://lemmy.ml/post/33650112
from signaljam@lemmy.ml to privacy@lemmy.ml on 25 Jul 13:57
https://lemmy.ml/post/33650112
Hey, everyone. If you’re looking for a fresh privacy podcast, we recently started a new one called Signal Jam.
Here’s a bit about why we made Signal Jam and what we’re hoping to do differently.
We even have preliminary ways for you to participate in the project, which you can read about here.
Feel free to connect with us on Proton, Tuta, Signal, or here on Lemmy. Looking forward to your feedback and thoughts!
threaded - newest
You mean: signaljam.me/welcome-to-signal-jam/
Hah! Good catch! Fixed. Thank you! 🙂
Much disappointment. Could have been signalj.am
I agree. Unfortunately .am TLDs do not support WhoIs privacy. ☹️
This looks cool, I’ll give it a listen later. Wish you good luck with this
Thank you! Feel free to leave us feedback and share what you’d like to hear more about down the road.
Listened to the first episode and I don't have any negative feedback. You might consider running your audio through Auphonic. Really great hands-off editor that can take quality to another level. But it's fine as is.
Thanks for the feedback and suggestion! I’ll look into Auphonic a bit and maybe do some experimenting.
-M
This looks cool. Thank you for creating and sharing! I’ve added to my (privacy-respecting, I think) podcast app of choice and will give a listen.
Thanks for following! Out of curiosity, what’s your preferred podcast client?
Well I just went down the rabbit hole to verify that my podcast app is simply that, and not tracking tons of data to send back to who knows where. I had been using Overcast but a few months ago changed to RSS Radio after reading a recommendation - perhaps on Reddit? RSS Radio now seems to be all but disavowed by both Dorada Software, who links from the site for it, and Maple Media Apps, LLC, who is the publisher on the app store. The app privacy cards on the iOS App Store do not instill a ton of confidence, showing: Data Used to Track You (Identifiers, Usage Data) and Data Linked to You (Usage Data)
Perhaps it’s time to switch… Podverse is at least open source, although they track Usage Data and link Contact Info to you. But good ol’ Overcast only has a card for Data Not Linked to You, which seems like a big improvement.
Good on you for the thorough research, and I like your logic. Things change fast, and it’s good to have backups in place. Overcast would probably be my choice if using iOS. I wish there were more open source and privacy-friendly versions available.
-M
AntennaPod is the obligatory open source client.
I’m still on iOS (I know - don’t yell at me) but thinking to make moves soon. I trust Android less than iOS, but perhaps GrapheneOS or something else will be for me. I’m always open to recommendations (with a minimum of yelling).
USE GRAPHENEOS
No stress! I was on iOS for a really long time, mostly out of entrenched habits, and trepidation into jumping into something like GrapheneOS. However, I did end up making the switch to Graphene, and arguably with the most restrictive settings (no Google Play Services, no Aurora Store, etc.). There was a small learning curve, maybe about a week or so, but in hind sight, it’s one of the best privacy decisions I’ve made to date. Feel free to reach out to me on Signal or one of emails if you have questions or want to talk more in depth about it!
-M
anytime has an ios app!
Nice find!
The holy Data Not Collected card!
I’m not the person you asked, but I self-host AudioBookShelf (it’s a podcast manager too), and listen to all my podcasts through its app, connected to my instance. Its app isn’t as sleek or fast as Antennapod or some or the other ones, but it works fine.
That way I also automatically have all my podcasts backed up on my server too, if the creator of a podcast I listen to suddenly decides to delete everything and disappear.
Ooooh, this is interesting, and I like the backup feature. Since you mention it…I have to ask… you don’t happen to have the coveted Episode 306 from Bazzell’s show, do you?
-M
Nope, never heard of that podcast, sorry.
Cool idea and will check it out later. I also found a small grammatical error.
I assume you would want to strike “try”, but I suppose you could strike “strive” instead.
Edit - I made a word salad on a post about a grammatical error, go me!
Funny how sometimes you miss silly things like this even after proofreading so many times… thank you! Fixed. 🙂
Im glad you are not over ambitious with your schedule. An episode every three weeks / month is a great way to keep going. I remember when privacy guides said they were going to do a “this week in privacy” which unfortunately lasted about 6 weeks. I wish you best of luck!
Appreciate the feedback! We care about producing quality rather than quantity. As I mentioned in our Welcome post, we don’t view ourselves as content creators in the contemporary sense, and we don’t want that associated pressure to constantly pump out new stuff. We hope the project gains enough international relevancy and appeal that we can bring in other contributors (which might result in more frequent episodes/posts), but for now, slow and steady is the goal.
-M
Hello,
Thank you for sharing this, feel free to crosspost to !privacy@programming.dev for additional reach
Hey, will do! Thanks!
Shouldn’t the podcast about passwords and 2FA be called “Security 101” instead of “Privacy 101”? How is that related to privacy? You should have two sections for your episodes: one for privacy and one for security.
I agree. Passwords and 2fa definetly leans more on the security side rather than privacy. It’s important to keep these two terms destinct.
Totally valid point, and just to be ultra clear: yes, this episode was more security focused, technically speaking. Good privacy starts with good security. We’re hoping that newcomers to the space who are primarily interested in privacy as a topic start with that principle in mind. We tried, as best we could, to avoid dropping the word “privacy” throughout this episode in an effort to create that distinction.
Thanks for the call out! You’re right to be mindful that these are related but separate concepts.
-M
imo you should not promote signal, proton, or tuta for various reasons including the ones i mention in those three links.
What alternatives would you recommend?
Matrix is open source, should give that a try,
it could be a bit more user friendly tho
The fact that Matrix was developed in Israel instantly kills it for me.
Pretty sure it was developed in germany
No Matrix was developed by Amdocs, an Israeli company. It has moved to Europe afterwards (I recall UK but might be wrong about that part)
Element is a Matrix client.
It’s difficult enough for getting people to switch from whatsapp to signal.
I don’t know how successful i’d be to get people to switch to simplex.
Is there a particular reason that you don’t recommend signal?
I think signal, proton and tuta are totally fine for most peoples threat model unless they feel they need the extra privacy.
If we want everyone to value privacy then we need to onboard them with easy to use and accessible services first and then they can take steps further if they want.
I only read the signal link you posted, but the first link inside it complains that the signal server needs to know a users ip and that could be used to connect people and users. Ip addresses are required to send data. Ip obfuscation is insanely out of scope for a messenger.
The second link complains about sealed sender not failing closed which is true (or was true at the time) but also a reasonable compromise to prevent abuse and avoid it constantly failing and requiring new expirable tokens.
These are not reasons to not use or even not recommend signal. A person who is taking recommendations to increase their privacy should not be worried about those concerns.
Removing oneself from public records (or taking greater control over what surfaces in public records about oneself) is infinitely more important than expecting ip obfuscation or sealed sender from signal.
I am not making this reply to start an argument and will not engage in one. The point is to help readers understand that your concerns about signal are esoteric.
People are only expecting metadata protection (which is what “sealed sender”, a term Signal themselves created, purports to do) because Signal dishonestly says they are providing it. The fact that they implemented this feature in their protocol is one of the reasons they should be distrusted.
For anyone reading along, that means people you send signal messages to can see your user account name maybe even if you click the button that’s supposed to make it not possible to do that.
Change your behavior accordingly.
No, it isn’t about hiding your identity from the people you send messages to - it’s about the server (and anyone with access to it) knowing who communicates with who, and when.
Michael Hayden (former director of both the NSA and CIA) famously acknowledged that they literally “kill people based on metadata”; from Snowden disclosures we know that they share this type of data with even 3rd-tier partner countries when it is politically beneficial.
Signal has long claimed that they don’t record such metadata, but, since they outsource the keeping of their promises to Amazon, they decided they needed to make a stronger claim so they now claim that they can’t record it because the sender is encrypted (so only the recipient knows who sent it). But, since they must know your IP anyway, from which you need to authenticate to receive messages, this is clearly security theater: Amazon (and any intelligence agency who can compel them, or compel an employee of theirs) can still trivially infer this metadata.
This would be less damaging if it was easy to have multiple Signal identities, but due to their insistence on requiring a phone number (which you no longer need to share with your contacts but must still share with the Amazon-hosted Signal server) most people have only one account which is strongly linked to many other facets of their online life.
Though few things make any attempt to protect metadata, anything without the phone number requirement is better than Signal. And Signal’s dishonest incoherent-threat-model-having “sealed sender” is a gigantic red flag.
There’s a big difference between the metadata that the Snowden leaks are talking about and how they’re used and the metadata the signal server (or its subcontracted provider) has and how and under what conditions it’s able to be used.
The metadata that is the subject of the statement “we kill people based off metadata” is unencrypted cell phone signals and other broadly plaintext requests sent over a system that by design also includes location telemetry. That information could be easily obtained en masse through a man in the middle attack or through the lawful intercept backdoors built into the equipment that carries the information itself (which is less of a man in the middle attack and more of a man in the middle design).
This is different from the signal metadata both in form and content. The signal metadata is not vulnerable to a mitm attack and the agencies implicated in the Snowden leaks would have to actually go through the legal hoopla required in order to get just the metadata itself. Same as they would have to if they wanted the actual content.
Amazon does comply with law enforcement requests often without requiring a warrant, but the difference between requiring a request be made as opposed to simply being able to collect that metadata freely and package it as actionable intelligence is significant.
All messaging systems are vulnerable to this attack. If you send or receive a message then you, the other party and any intermediary like a server are subject to the laws of the places they’re physically located.
Again, I’m not arguing, I’m trying to make this very convoluted system clearer.
Hey, Arthur— thanks for dropping these links. Jay and I will look at these and consider your thought process, and might reach out to follow up, if that’s okay! If I may ask, what do you prefer for email and RTC?
-M
For chat, something with e2ee and without phone numbers or centralized metadata. SimpleX, Matrix, XMPP, etc - each have their own problems, but at least they aren’t centralizing everyone’s metadata with a CIA contractor like Jeff Bezos like Signal is.
For email, I’d recommend finding small-to-medium-sized operators who seem both honest and competent. Anyone offering snakeoil privacy features such as browser-based e2ee is failing in at least one of those two categories.
We’re considering moving up our timeline on a SimpleX and Matrix chat as we’ve received interest from others about that, too. Keep an eye on our website or show notes as we’ll update those when new chat channels open up.
As for email, are there specific providers you recommend we look at?
-M
Just wanted to say this is great. Awesome initiative, looking forward for new episodes!
Appreciate the enthusiasm! Thanks for following along. Feel free to provide feedback, and if you feel so inclined, consider participating in the project!
-M
Do you have plans to make a Simplex group soon? You mentioned on the pod it’s where you two first met. Would love to chat and Simplex is the most private option imo.
Hey, there— we’re still open to it, but when we launch it depends on how much demand there is from the community. Realistically, we’ll probably wait a few more episodes down the line before we start one. Out of curiosity, do you use Signal, Matrix, or other platforms you think we should consider?
-M
I use Signal but I keep signal use to personal IRL contacts. I don’t use Matrix as much anymore but if you have a matrix room I’d join in. I’m on the more advanced side of the privacy lifestyle so my communications are highly compartmentalized. Simplex is a bit clunky still but for smaller communities it’s not terrible.
Totally respect the compartmentalization strategy. I’ll chat with Jay about this… maybe we’ll bump up the SimpleX timeline a bit.
We’re trying to prioritize which platforms to start with since the project is so new. As we publish more content and resources, we’re hoping they bring real value to the community, and in turn widen our audience. Once that happens, it would make more sense to open up more channels to accommodate more folks. One thing at a time 🙂