A social networking service is an online platform that people use to build social networks or social relationships with other people who share similar interests, activities, backgrounds or connections. The most popular social network is Facebook – with Twitter coming in a distant second.
However, in response to draconian censorship, many have fled Facebook and Twitter and now communicate on so-called Privacy and Free Speech respecting platforms such as Telegram, Signal and Discord. But these platforms are only as secure at the devices you use to access them. There is no security in setting up a Telegram or Signal or Discord group if your members are using Windows computers, Apple computers or Android phones to access the platform.
Secure communication is only possible if every member of the group is using either a Linux computer and or Linux phone. This is why I offer free courses in computer and phone security and teach folks how to create and use Linux computers and Linux phones.
While it is not difficult to add a Telegram or Signal or Discord account to your Linux laptop or your Linux phone, I still have concerns about the security of communication on these platforms. Given the important of secure communications, here are some questions we should all be asking about Telegram and Signal:
Who owns Telegram? Who owns Signal? Who owns Gab? Who owns Discord?
Where are the Telegram servers? Where are the Signal servers? Where are the Gab servers? Where are the Discord servers?
Who controls the databases?
Does Telegram, Signal, Gab or Discord censor or shutdown user accounts?
Here is some information that partially answers these questions.
Telegram
Telegram currently has more than 700 million active monthly users and more than one billion downloads. It claims to be the most popular communications app in the world. Telegram was launched by a Russian billionaire in 2013. It is organized as a LLC or Limited Liability Corporation in Dubai. Telegram launched their Android app in October 2013. Telegram is estimated to be worth $40 billion.
In 2021, Telegram confirmed that it had blocked hundreds of right wing channels with tens of thousands of followers. In fact, Telegram banned more than 350,000 channels.
In August 2021, Telegram was one of several Social Media Companies whose records were demanded by the US Congress. Other platforms required to turn over all of their data included Facebook, Twitter, YouTube, Gab, Parlor, Reddit, Snapchat, TikTok, Twitch and Zello.
In the September 2021 Russian election, Telegram caved to what it called “pressure from Google and Apple” by deleting thousands of accounts critical of Vladimir Putin. Telegram claimed that Apple and Google had threatened to take down the Telegram app from their app stores.
Hundreds of millions of people who thought their posts were private have had their accounts exposed over the past 7 years.
Telegram requires either an Apple or Android phone to create an account. If Telegram actually cared about security, they would not be promoting either Android or Apple.
The data generated by Telegram users is stored on servers located in Dubai and several other locations around the world.
Telegram software is closed source and proprietary – meaning that it can not be inspected. In addition, it is not possible for you to set up your own Telegram server in order to control your own data. I am therefore not a fan of Telegram and will not promote it. But what about Signal?
Signal uses AWS and MS Azure to host their servers!
In 2021, Elon Musk encouraged all of his Twitter followers to use Signal in replace of or in addition to Twitter. His recommendation caused Signal to explode from 10 million users to 50 million users in a single day. Signal is also the app recommended by Edward Snowden. So is Signal really secure and private? Let’s see.
As on WhatsApp and Telegram, Signal uses your Android or Apple mobile number to identify you to your contacts, so there are no new usernames or passwords to remember. However, Signal does not store any user data (other than your phone number) and therefore can not hand over your data to hackers or to the government. However, Signal does store the phone numbers of your Contacts. In addition, Signal is an open source program – making it much more secure than Telegram.
In 2014, the head of security research left Twitter and cofounded Signal as a 501c3 US non-profit organization. In 2018, a former Facebook and WhatsApp programmer provided $50 million to start the Signal Foundation.
You can create groups on Signal, but each group is limited to 150 members. You can also share files but each file is limited to 100MB. You can also use Signal on your Linux laptop, and link the account to the one on your Linux or Android phone. However, the chat history on your phone is not transferred to your laptop when you do link the two devices together. This is because all Signal messages are only stored on the individual device. So all prior messages are just stored on your phone.
This also means that if you get rid of your old phone you will also lose all Signal information and messages that are on that phone. You can however download information off of that phone before you change phones or phone numbers and manually download it to a different devices such as your Linux laptop. You can also lose access to your messages and account if you forget your PIN number.
Sadly, Signal uses Amazon Web Services and Microsoft Azure Servers to run their network and their databases. This is a huge security flaw.
For example, Amazon and Microsoft could comply with a US government order to shut them down (just as they shut down Parlor) and Signal would be off line in less than 24 hours.
Protonmail offered to host Signal for free on their Swiss server. However, Signal did not respond to this offer.
Can we download and set up our own Signal server? The answer appears to be no. I therefore do not recommend Signal because you do not really control your own data.
2023 Signal Security Flaws
Cybersecurity researcher John Jackson’s published a study on two vulnerabilities he found in the Signal messenger desktop client — the CVE-2023-24068 and the CVE-2023-24069. The expert is sure that hackers can exploit these vulnerabilities. Let’s look at how real the threat is.
If a person frequently receives and sends files through the Signal desktop app (for example, a manager sending tasks to subordinates). Then an attacker with access to his computer can replace one of the files, or, for the sake of stealth, modify existing document, for example, by inserting a malicious hidden script into a PDF file. So, with further transfers of the same file, its owner will spread the malware to their contacts.
This attack is possible only if the attacker already have access to the victim’s computer. But this is not an unreal scenario — we are not necessarily talking about physical access. It would be enough to infect the computer with malware that allows outsiders manipulating files. It is common for Windows computers to already be infected with malware even if the person is using an ant-virus program.
Drawbacks of Discord
Discord is a collection of chat rooms which can be accessed via invite links. Discord was publicly released in May 2015. In March 2020, Discord changed its motto from "Chat for Gamers" to "Chat for Communities and Friends". Discord doubled its monthly user base to about 140 million in 2020. As of 2021, the service has over 350 million registered users and over 150 million monthly active users.
Ahead of a new funding round in August 2021, Discord had reported $130 million in 2020 revenues, triple from the prior year, and had an estimated valuation of $15 billion.
Sadly, Discord uses Google servers – which are known both for data mining and also for being closely connected to the Deep State. Like with the rest of the top down monopoly controlled networks, there is no way you can control your own data because there is no way you can install Discord on your own local Virtual Private Server.
Drawbacks of Gab
Gab was founded in 2016 and launched publicly in May 2017. Gab claims to promote free speech, individual liberty, the "free flow of information online". Despite these claims, Gab initially was located on the Microsoft cloud. On August 9, 2018, Gab announced that Microsoft Azure had threatened to suspend the site. In a December 2018 filing, the company reported that 5,000 users were paying for its subscription services.
As of January 2019, Gab has been paid Sibyl Systems Ltd. Over $1000 per a month for web hosting. In July 2019, Gab switched its software to a Mastodon fork, a free and open-source social network platform. Mastodon released a statement in protest, denouncing Gab as trying to "monetize and platform racist content while hiding behind the banner of free speech”.
In April 2020, Gab claimed that it had over 1.1 million registered users and that their website was receiving 3.7 million monthly visitors globally. In January 2021, after Parler, another top down alternative social network, was pulled offline by its host Amazon Web Services, former users of that site started migrating to Gab. On January 14, 2021, Gab claimed on Twitter that the platform had gained 2.3 million new users in the past week. Gab's website experienced an 800% increase in traffic.
On February 28, 2021 Gab was hacked. A group called DDoSecrets revealed "GabLeaks", a collection of more than 70 gigabytes of data from Gab, including more than 40 million posts, passwords, private messages, and other leaked information.
Drawbacks of Truth Social
Before his account was banned, Trump had over 90 million followers on Twitter and over 30 million followers on Facebook. After January 6, 2021, after Donald Trump had been banned from Twitter, Facebook and Instagram, and after Parler was taken down, Trump began looking for other options. Sadly, the option he chose was yet another top down network. In October 2021, Trump founded Truth Social using a version of Mastodon. Hackers began trolling Truth Social by creating fake accounts even before the public launch in February 2022. More than $20 million was invested in starting Truth Social – despite the fact that the software they were using (Mastodon) was actually free! Ironically, Truth Social uses Cloudflare as its Content Delivery Network. Cloudflare is a CIA funded project located in California.
In April 2022, Business Insider repored that Truth Social was a “ghost town overrun with bots (aka fake accounts)”.
In August 2022, a research report found that Truth Social engaged in shadow banning posts just like Facebook and Twitter.
Also in August, 2022, the US Patent Office denied a trademark registration since two other groups had been previously using the exact same business name!
Also in August 2022, the company hosting Truth Social claimed they were owed over a million dollars and threatened to take legal action.
In September 2022, it was reported that investors had withdrawn $140 million in investment commitments. In January 2023, it was reported that Truth Social was losing about $2 million per month. Given this rapid loss of money, there is a question as to whether Truth Social will even exist by the time the 2024 election rolls around.
A common drawback of all of these top down networks is that therer is no way to set up your own version of the network and therefore no way to control your own data or your own destiny. We will therefore look at options for setting up your own network.
Benefits of setting up your own social network
You control the data. No phone numbers are required. You mobile phone number stays private. No ads. No tracking. No data mining. You can structure your own groups and can create a community website where users can collaborate, share messages, news, videos and images freely. Every user can create their own Profile Page and post messages along with attached media files (photos, audio, documents, embedded videos). Just like Facebook you can set up your own commenting system, email notifications, search posts based on hash tags or topic tags and search members based on either location or common interests.
Free Open Source Alternatives to Telegram, Signal, Facebook, Gab and Twitter
Because a social network can consume a great deal of traffic, it is better to set up your social network using a virtual private server with its own separate domain name and with its own dedicated database. We will first review the current free open source options. In a later article we will describe the steps to installing the best option – which is called Freedica. But to understand why Freedica is the best option, we should first look at the other social network options.
Federation Social Network Options
The Federation is a group of open source social networks which can interact with each other. You can see a list of these projects by going to this link: https://the-federation.info/#projects
Federated networks use a concept called nodes for their interaction. A node is simply a social network website created by anyone and hosted on their own server. The network can be public (open) or private (closed). The project with the most nodes and most users is called Mastodon. They have over 4000 nodes or separate social network websites which can interact with each other.
The problem with most of the options on the Federation list is that they use special programming languages and special databases. Both Hestia and Joomla are based on a database called MariaDB. MariaDB is an open source fork of the MySQL database (which was purchased by Oracle in 2010 for more than one billion dollars).
Both Hestia and Joomla use PHP to interact with the database. We therefore need to seek out social networking options that interact with PHP and MariaDB.
Which Federation options use PHP?
Mastodon and Pleroma (which is a fork or version of Mastodon) are written in a language called Ruby and require a database called PostgreSQL. While PostgreSQL is faster than MariaDB, it also has a much larger file size and uses more RAM. The file size of MariaDB on a Linux server is 43MB versus PostgreSQL is 116MB. On a typical small VPS with 40 websites, Maria will take 1.7 GB of space while PostgreSQL will take 4.4 GB of disc space.
After researching the top 20 options, the only social networking options that use PHP and MariaDB are Friendica, Hubzilla and GnuSocial. Unfortunately Hubzilla is more complex and difficult to install and use. GnuSocial lacks many important features (like calendars of events). The most interesting of the Fediverse options was Friendica.
Concerns about Friendica
Friendica is a decentralized social network that you can install on your own VPS. However, Friendica suffers from several problems. These include:
#1 It is difficult for new administrators to set up a custom and informative Home page.
#2 It is difficult to for members to choose custom themes for their Profile and Timeline pages.
#3 The Member Profile and Timeline pages are very complex and difficult for new members to understand and use.
#4 The installation process is very complex and difficult to understand.
#5 The documentation is often complex and outdated.
#6 The file size of Friendica is extremely large which means it takes up a lot of room on your server and runs slowly.
#7 Friendica uses a lot of JavaScript – much of which has not been updated in more than 5 years. This makes Friendica security a problem.
#8 Friendica development occurs on GitHub which is an insecure repository owned by Microsoft.
#9 A broken link page that looks ugly and provides no help or advice to members who reach the broken link page.
Benefits of Freedica
Freedica is a free open source social network that was based on Friendica – but with more than 100 major changes to address all of the problems noted above. Freedica can be used for any membership organization from a small club or school to a national political campaign.
Similar to common social networks, Freedica offers the following functions: Set up your own profile page. On your page, you can create posts and decide which groups can see which posts, for example, family, friends, club members. Connect with friends. Send messages. Share posts, pictures, videos and events.
Things to know before installing Freedica
There are a few very important things you need to know before installing Freedica. Freedica is a highly evolved social network – meaning that people can post comments and share information in real time with other members of the social network
All social networks use databases to store and connect the data. The main benefit of Freedica over Facebook or Twitter is that you and your group control the database and your data rather than being at the mercy of some billionaire who is highly likely to censor your posts and sell your data to the highest bidder.
All databases are located inside the hard drive of a server – most commonly a Linux server. The social network database is controlled with a server program.
The most common and oldest server database language is called PHP – a language created in the 1990s. The most useful website building languages to learn are HTML and CSS. But the third most useful language is PHP – which is closely related to HTML PHP is used to control more than 80% of all the websites in the world – including Joomla, Wordpress, Drupal, Moodle, Nextcloud, Friendica, Facebook and Twitter. The Hestia Control Panel is also focused on supporting PHP programs.
Because PHP is so important for controlling databases worth trillions of dollars, hackers are constantly seeking out weaknesses in PHP to attack and takeover website databases. The developers of PHP have therefore been forced to improve PHP. The current supported version of PHP is called PHP 8..1. However, there will certainly be future versions of PHP. Because Freedica is a social network and because social networks use databases more than a normal website, it is extremely important to be aware of the PHP version supported by your Freedica program and to set up a system for updating PHP every time you update your version of Freedica.
Freedica Cron Processes require a consistent version of PHP
In addition, Freedica uses a function called CRON to update the database every few minutes. The Freedica CRON process assumes that the System version of PHP is the same as the Command Line version of PHP and the Domain version of PHP. Therefore, when we install Friendica, we need to make sure that the System, Command Line and Domain versions are all PHP 8.1.
If these PHP versions do not match, your Freedica social network will result in massive coding errors being emailed to you as the administrator. It may also result in your website being subjected to the White Screen of Death problem. Therefore, while installing Freedica is not much more difficult than installing Joomla, we will need to pay particular attention to insuring that all of our PHP settings are done correctly during the Freedica install process.
What’s Next?
In our next article, we will review how to set up a secure foundation before installing Freedica on your Hestia Virtual Private Server.