I'm German and (as stereotypes would have it) extremely privacy conscious. Having lived in the US for over a decade I've reluctantly come to terms with the lesser privacy standards here.
For a long time I refused to keep a lot of information on Facebook as Facebook seemed to only consider privacy as an afterthought after users expressed outrage (I appreciate transparency about the use of data so I can make my own decision). I refused to use the sign-in with Facebook functionality as I had no interest in giving third parties access to my FB data. Eventually I just gave up and now use Facebook sign-in everywhere because it simply is much more convenient.
When I traveled to China a year ago the utility of using WeChat or Baidu Maps was simply too great. I was well aware that using these applications almost certainly would surrender information to the Chinese government. Interestingly enough, because I assumed that this would happen one way or another during my 3 months stay I felt more inclined to use these applications.
WeChat is the only viable way to keep in touch with all of my Chinese friends in China and in the US.
I can’t verify the source code of the server, or run my own federated server (Moxie doesn’t do federation), and I can’t trust that Moxie’s server doesn’t relay metadata to a government.
> To be clear: it does better than anything else you can find in an app store.
Wrong, proof by counterexample: Conversations.im is also in appstores, is also open source, but, because it’s an XMPP client, I can run my own servers, and federate, and ensure the servers are also secure.
If you're specifically targeted by 3-letter level organisations, it gets very difficult to protect yourself, sure. "If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://", as James Mickens put it in his hilarious column [1].
However, against mass surveillance, Signal will protect you, I'd think, just by making it much more complicated to intercept than WeChat or Skype, which have backdoors built right in.
There’s a few levels of protection that you might want from a chat system.
#1 Protection from a dumb attacker doing MitM: This is done by anything that uses HTTPS.
#2 Protection from an attacker that can get fake SSL certs: This is done by anything using certificate pinning.
#3 Protection from an attacker that controls the app store:
This can’t be easily done by Signal – and they don’t do it.
#4 Protection from an attacker that can take over the servers running the application: This is NOT done by Signal, and is hard to achieve (even with true E2E, unless you do multicast, you usually can extract metadata here, although there are chat applications protecting against it).
If your enemy is the US government, you’re automatically EOL, due to #4. If your enemy is another government, you’re likely EOL, due to #3, unless you actually build the app from source yourself.
This is not a fault from Signal – nor can they easily fix it – but it’s a realistic problem.
With Signal, you can verify fingerprints. So, what you're saying is:
#4 if some agency "takes over" the Signal servers, they can extract metadata. But only that?
#3 if the binary is not what its supposed to be, then, yes, all bets are off. That's a whole other can of worms, but a) is there any evidence that's ever happened? and b) that much affects any smartphone chat app, so does not help you to decide between Signal and WeChat.
> #4 if some agency "takes over" the Signal servers, they can extract metadata. But only that?
With Signals model, as long as everyone verifies fingerprints, yes.
But, considering XMPP is a thing, XMPP with OMEMO provides all the same guarantees – and you can make it less likely that an agency has taken over the relevant servers (because you can self-host easier).
Signal’s use case is "something as secure as OTR, but easier to use".
I’m not saying you should use something else than Signal, but I’m saying that Signal isn’t ideal if your adversary is a government.
No it's not. There's Whatsapp for starters, which isn't blocked in China. There's always email. If your Chinese friends are ignorant about privacy, it doesn't mean you need to sacrifice yours.
> the utility of using WeChat or Baidu Maps was simply too great
I knew this would come up, but Whatsapp is still miles ahead of Wechat regarding privacy. And especially regarding invasions of privacy where the Chinese government is involved, which I am pretty sure Whatsapp is safe from.
First, Whatsapp advertises to have end-to-end encryption, which Wechat doesn't have. Second, your private Wechat conversations can be used against you as evidence in court, while any evidence collected with NSA tools cannot, since it is technically illegal.
If you want privacy from the US government, then you probably shouldn't use Whatsapp. In any other situation it is vastly superior.
For a long time I refused to keep a lot of information on Facebook as Facebook seemed to only consider privacy as an afterthought after users expressed outrage (I appreciate transparency about the use of data so I can make my own decision). I refused to use the sign-in with Facebook functionality as I had no interest in giving third parties access to my FB data. Eventually I just gave up and now use Facebook sign-in everywhere because it simply is much more convenient.
When I traveled to China a year ago the utility of using WeChat or Baidu Maps was simply too great. I was well aware that using these applications almost certainly would surrender information to the Chinese government. Interestingly enough, because I assumed that this would happen one way or another during my 3 months stay I felt more inclined to use these applications.
WeChat is the only viable way to keep in touch with all of my Chinese friends in China and in the US.