Signal Contingency Plan (spoiler: it's Delta Chat)
Do you use Signal for chatting securely with friends and loved ones? Us too! We endorse it wholeheartedly, and rely on it for nearly all our communication.
But the vibes are deteriorating here in the US, and we should have a communications contingency plan for if Signal goes down.
like this
Señor Mono
in reply to glitching • • •If the vibes keep on deteriorating and there would be a crackdown on messengers and signaling infrastructure a messenger is the last of your worries.
And if Signal gets specifically targeted, there will be warning signs and time to shift away.
Vegan_Joe
in reply to Señor Mono • • •FBI investigating MN Signal groups tracking ICE, Patel says
David Ingram (NBC News)Señor Mono
in reply to Vegan_Joe • • •Nope. That's not how Signal and E2E encrypted messaging works.
If a government asks Signal for user data they get an almost empty sheet of paper. Search for " what data does signal collect" to confirm that.
If - on the other side - your smartphone is compromised or unlocked there is almost nothing Signal can do to prevent governments from looking into your data. Also it reads like some agents simply joined a group chat. Again: nothing Signal could prevent.
Vegan_Joe
in reply to Señor Mono • • •I was not suggesting that the encryption was compromised. I was suggesting that signal is being targeted.
Likely, they are infiltrating Signal groups specifically. Not through breaking encryption, but still joining these groups BECAUSE of the encryption.
The fact that these groups are using private encrypted messages are what piques the interest of the FBI in the first place. Signal is just the most popular and thus the most likely target.
Señor Mono
in reply to Vegan_Joe • • •iByteABit
in reply to Vegan_Joe • • •raicon
in reply to glitching • • •Blip6338
in reply to glitching • • •Cyberflunk
in reply to glitching • • •~~i wouldn't follow this advice
threema is swiss based, requires no account, e2e, etc.
simplex had a newer stack, i'm not sure about its bonafides
briar is tor based and has a bt backup
deltachat will leak metadata everywhere, and encryption is opportunistic, not default~~
Edit: I am clearly full of shit, and I apologize.
~~Also - strikeout doesn't work~~
eodur
in reply to Cyberflunk • • •Cyberflunk
in reply to eodur • • •oh fuck..
uh... nevermind?
Threema has  been through two private equity acquisitions now. In 2020, the original cofounders sold to AFINUM (German PE firm) but retained leadership and a significant share. Then the founders left the company entirely in 2024.
... Show more...Just announced in January 2026: Comitis Capital (Hamburg-based PE) is acquiring Threema from AFINUM. The deal is expected to close this month.  This is what’s called a secondary buyout - one PE firm flipping to another.
The concerning pattern:
∙ 2020: Founders sell majority to AFINUM
∙ 2024: Founders exit completely
∙ 2026: Flipped to another PE firm
Threema claims “our core values, corporate mission, and management remain unchanged”  - which is the standard line in these acquisitions.
They emphasize that technical infrastructure and data centers will remain in Switzerland , but the company is now fully owned by German investors with zero founder involvement.
Why this matters:
PE firms optimize for exit value. Two buyout
oh fuck..
uh... nevermind?
Threema has  been through two private equity acquisitions now. In 2020, the original cofounders sold to AFINUM (German PE firm) but retained leadership and a significant share. Then the founders left the company entirely in 2024.
Just announced in January 2026: Comitis Capital (Hamburg-based PE) is acquiring Threema from AFINUM. The deal is expected to close this month.  This is what’s called a secondary buyout - one PE firm flipping to another.
The concerning pattern:
∙ 2020: Founders sell majority to AFINUM
∙ 2024: Founders exit completely
∙ 2026: Flipped to another PE firm
Threema claims “our core values, corporate mission, and management remain unchanged”  - which is the standard line in these acquisitions.
They emphasize that technical infrastructure and data centers will remain in Switzerland , but the company is now fully owned by German investors with zero founder involvement.
Why this matters:
PE firms optimize for exit value. Two buyouts in 5 years with founders completely out suggests the product is now a financial asset, not a mission-driven project. Compare to Signal, which is a 501(c)(3) nonprofit.
One commenter on the news put it bluntly: “I so liked this product… simpleX is now the only clean option in the market.” 
If you want something without VC/PE ownership risk, SimpleX and Session are both structurally different - Session is backed by a foundation, SimpleX is open source with a different funding model. Delta Chat also dodges this since there’s no company to acquire.
HumbleExaggeration
in reply to Cyberflunk • • •pineapple
in reply to HumbleExaggeration • • •It's a fine alternative. While not super secure it is decentralized which is nice.
The biggest problem I think is that it isn't very easy to use, I think it's a better replacement for discord rather than instant messages.
ArcaneSlime
in reply to HumbleExaggeration • • •I moved away from it because:
oranki
in reply to Cyberflunk • • •I thought Delta Chat encrypts all messages. Don't even know how to send unencrypted ones.
delta.chat/en/2024-03-25-crypt…
I can't say about the header stuff, but please check your statements. As far as usability (for regular people) goes, Delta Chat beats the other options by far.
Delta Chat: Hardening Guaranteed End-to-End encryption based on a security analysis from ETH researchers
delta.chatastropenguin5
in reply to Cyberflunk • • •Strikeout might have to not have the spaces between the tilde and the words?
~~test test test~~
Edit: yeah just remove those spaces between the tildes and the contents
Autonomous User
in reply to Cyberflunk • • •Cyberflunk
in reply to Autonomous User • • •Alb
in reply to glitching • • •eodur
in reply to glitching • • •Proxy Please: Help People Connect to Signal
Signal Messengerartyom
in reply to eodur • • •artyom
in reply to glitching • • •IratePirate
in reply to artyom • • •GitHub - holepunchto/keet-mobile-releases: Keet mobile releases
GitHubAutonomous User
in reply to IratePirate • • •IratePirate
in reply to Autonomous User • • •Autonomous User
in reply to IratePirate • • •Calmarius
in reply to glitching • • •You can move to any other service, but once it becomes popular enough to draw attention they might also get blocked as well.
If it's centralized, then the central servers can be blocked and it's not longer working. If it's decentralized and peer to peer, then the bootstrap nodes can be blocked and it's no longer working.
Even if it's self hosted and not advertised, the adversary can run active probes to detect banned services and block it if it detects any.
The only thing that can work reliably is something that can be concealed and can't easily be detected.
A simple HTTPS website that runs a small blog, forum or an image board, can have a lot of bot traffic, and human traffic that makes the traffic analysis hard, it also provides plausible deniability if someone asks why you visit that site often, you can say that you are playing games or browse images there. Such website can have a secret interface that can be used as an interaction point for secure chatting (in a store and forward manner), which responds only if the requests are cryptographically signed by
... Show more...You can move to any other service, but once it becomes popular enough to draw attention they might also get blocked as well.
If it's centralized, then the central servers can be blocked and it's not longer working. If it's decentralized and peer to peer, then the bootstrap nodes can be blocked and it's no longer working.
Even if it's self hosted and not advertised, the adversary can run active probes to detect banned services and block it if it detects any.
The only thing that can work reliably is something that can be concealed and can't easily be detected.
A simple HTTPS website that runs a small blog, forum or an image board, can have a lot of bot traffic, and human traffic that makes the traffic analysis hard, it also provides plausible deniability if someone asks why you visit that site often, you can say that you are playing games or browse images there. Such website can have a secret interface that can be used as an interaction point for secure chatting (in a store and forward manner), which responds only if the requests are cryptographically signed by the participants, otherwise the server can play dumb and show a 404 error. Therefore an active prober can't easily detect that the website hosts that interface the first place, because they cannot produce a signed request unless they manage to compromise one of the participants.
Threat analysis:
Someone should make an app that works this way. Only one tech savvy person of the given group need to set this up (preferably someone who alredy have a website), then others in the group can be invited into it and can use it without much friction.
N.E.P.T.R
in reply to glitching • • •GaumBeist
in reply to N.E.P.T.R • • •N.E.P.T.R
in reply to GaumBeist • • •What To Use Instead of PGP - Dhole Moments
Dhole MomentsGaumBeist
in reply to N.E.P.T.R • • •This article was more constructive (suggesting alternatives) than destructive (leveraging critiques), but it did link to several critiques/vulnerabilities with OpenPGP.
Unfortunately, half are about implementation issues (granted, it's made more difficult to implement something correctly when it's as convoluted and all-encompassing as PGP)—which are hopefully not applicable to Delta due to their 3rd party, applied cryptography audit—and the rest are obsolesced by the 2024 updates to the standard—RFC 9580, the so-called "crypto-refresh."
Do you have any critiques that address the current state of the PGP protocol's security?
Delta Chat: Hardening Guaranteed End-to-End encryption based on a security analysis from ETH researchers
delta.chatenterpries
in reply to glitching • • •Does Signal host its user's data?
Not sure why privacy-conscious people would be recommending it over something like Matrix. Unless they're paid off or stupid.
WhyJiffie
in reply to enterpries • • •enterpries
in reply to WhyJiffie • • •pucker4676
in reply to enterpries • • •WhyJiffie
in reply to enterpries • • •la93
in reply to glitching • • •