this post was submitted on 03 Oct 2025
636 points (99.2% liked)

Technology

76362 readers
4155 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] plz1@lemmy.world 109 points 3 weeks ago (4 children)

That means nothing when the servers stop taking EU traffic. I get your point, but the real solution here is putting a bullet (double tap) in Chat Control, once and for all.

[–] 0x0@lemmy.zip 57 points 3 weeks ago (2 children)

putting a bullet (double tap) in Chat Control,

Yes, please.

once and for all.

LOL, no. They'll come back again with some other bullshit to Save the Children!™, it's a never-ending whack-a-mole.

[–] mcv@lemmy.zip 35 points 3 weeks ago

We need to get the right to privacy and control over our own devices enshrined as fundamental rights, like so many other rights the EU protects.

[–] mangaskahn@lemmy.world 20 points 3 weeks ago

And they only have to win once, we have to fight and win every time they introduce a new variant. Its exhausting.

[–] jaybone@lemmy.zip 9 points 3 weeks ago (5 children)

That means nothing when the servers stop taking EU traffic

I don’t use any of these apps, so I’m not quite sure how they work. But couldn’t you just make an app that keeps a local private and public key pair. Then when you send a message (say via regular sms) it includes under the hood your public key. Then the receiver when they reply uses your public key to encrypt the message before sending to you?

Unless the sms infrastructure is going to attempt to detect and reject encrypted content, this seems like it can be achieved without relying on a server backend.

[–] 3abas@lemmy.world 11 points 3 weeks ago (2 children)

That is how the signal protocol works, it's end to end encrypted with the keys only known between the two ends.

The issue is that servers are needed to relay the connections (they only hold public keys) because your phone doesn't have a static public IP that can reliably be communicated to. The servers are needed to communicate with people as they switch networks constantly throughout the day. And they can block traffic to the relay servers.

[–] white_nrdy@programming.dev 2 points 3 weeks ago (1 children)

I think they're suggesting doing it on top of SMS/MMS instead of a different transport protocol, like Signal does, which is IP based

[–] wewbull@feddit.uk 8 points 3 weeks ago

Which is what Textsecure was. The precursor to Signal. Signal did it too, but removed it because it confused stupid people.

[–] conorab@lemmy.conorab.com 1 points 3 weeks ago

Signal does have a censorship circumvention feature in the advanced settings on iOS which may work when this hits provided you already have the app installed. Never had to use it though.

[–] plz1@lemmy.world 7 points 3 weeks ago (1 children)

That makes the assumption you want to use your phone number at all. And I'm sure the overhead of encryption would break SMS due to the limits on character counts.

[–] Alaknar@sopuli.xyz 10 points 3 weeks ago (1 children)

That makes the assumption you want to use your phone number at all

Can't use Signal without a phone number.

[–] plz1@lemmy.world 2 points 3 weeks ago

You CAN use it to interact with people without them knowing your number. The only current requirement is specific to registration.

[–] 0x0@lemmy.zip 5 points 3 weeks ago (1 children)

I think SimpleX removes the need for static relays.

[–] manuallybreathing@lemmy.ml 3 points 3 weeks ago

It was so hard getting people to use signal im imagining thisll never catch on

[–] visnae@lemmy.world 5 points 3 weeks ago

It is potentially doable:

A short message is 140 bytes of gsm7-bit packed characters (I.e. each character is translated to "ascii" format which only take up 7-bit space, which also is packed together forming unharmonic bytes), so we can probably get away with 160 characters per SMS.

According to crypto.stackexchange, a 2048-bit private key generates a base64 encoded public key of 392 characters.

That would mean 3 SMSs per person you send your public key to. For a 4096-bit private key, this accounts to 5 SMSs.

As key exchange only has to be sent once per contact it sounds totally doable.

After you sent your public key around, you should now be able to receive encrypted short messages from your contacts.

The output length of a ciphertext depends on the key size according to crypto.stackexchange and rfc8017. This means we have 256 bytes of ciphertext for each 2048-bit key encrypted plaintext message, and 512 bytes for 4096-bit keys. Translated into short messages, it would mean 2 or 4 SMSs for each text message respectively, a 1:2, or 1:4 ratio.

  • NIST recommends abandoning 2048-bit keys by 2030 and use 3072-bit keys (probably a 1:3 ratio)
  • average number of text messages sent per day and subscriber seems to be around 5-6 SMS globally, this excludes WhatsApp and Signal messages which seems to be more popular than SMS in many parts of the world [quotation needed, I just quickly googled it]

Hope you have a good SMS plan 😉

[–] Jason2357@lemmy.ca 2 points 3 weeks ago

That’s how signal started way back. Doesn’t work well - sms is terrible.

[–] wewbull@feddit.uk 5 points 3 weeks ago (1 children)

Signal has never done that. Whilst the app might not be available in some regions they've been proud to talk about how people can use it to avoid government barriers.

[–] plz1@lemmy.world 2 points 3 weeks ago

The CEO is saying they are willing to, that should be taken seriously.

[–] Korhaka@sopuli.xyz 3 points 3 weeks ago (1 children)

You can run your own server for signal by the look of it

[–] white_nrdy@programming.dev 4 points 3 weeks ago

Not officially I don't think. And even if you did, you'd need a customized app to point to said server, and then you wouldn't be interoperable with the regular signal network