Post A30kYPI0vSJOf9lTCj by spongycake@mastodon.online
(DIR) More posts by spongycake@mastodon.online
(DIR) Post #A30FucWxHOHzWLrj3g by abloo@fedi.absturztau.be
2021-01-07T18:57:21.693897Z
17 likes, 28 repeats
Signal devs be like
(DIR) Post #A30G3sagwAL3wA1oZc by amolith@nixnet.social
2021-01-07T18:58:59.337171Z
2 likes, 2 repeats
@abloo one of the many reasons I think Moxie is a fucking asshole
(DIR) Post #A30GH0HLfGWxXtErR2 by kelbot@fosstodon.org
2021-01-07T19:01:18Z
3 likes, 2 repeats
@abloo Trust me, I made something and therefore I know the only solution is to be an unbending authoritarian. Add another reason to the list of why I won't touch signal with a 10 foot pole.
(DIR) Post #A30GLTpdjFY6MSPeqG by rune@mastodon.nzoss.nz
2021-01-07T19:00:59Z
8 likes, 5 repeats
@abloo I think Drew Devault has explained this psuedo propaganda behavior pretty well."Moxie can’t come out and say it openly, but he’s made the decisions he has made because they serve his own interests."https://drewdevault.com/2018/08/08/Signal.html
(DIR) Post #A30GPnpZJcjVXqRNwG by icedquinn@blob.cat
2021-01-07T19:03:00.753923Z
3 likes, 1 repeats
@amolith @abloo he is correct by means of modern world === dystopic capitalism hellhole.here is the game theorylets say there is early, mid and late game.a tyranical service (one host) has a rough early game because the network effect is brutal and they have to either graft from another community or sit around until a larger network has a fucksy and they can scalp disaffected users (i don't know of any other ways around the network effect.) they are also the only ones who can participate in the late game because with vendor lock-in they can spy on everything and pivot this control for big banker money and influence.a federated service has an easier early game because they can federate with other users, so the network effect isn't a hard blocker. the mid game is about the same (think 'large instance'.) but they can never become end game. people aren't trapped in the hostage situation of "obey zuck or be cut off from the world."
(DIR) Post #A30GfpTywS5DIjzBIG by icedquinn@blob.cat
2021-01-07T19:05:54.150466Z
3 likes, 0 repeats
@amolith @abloo tl;dr the benefit curve for federation is higher in the early-mid stage but drops off around the time you would get that fat selling out check.
(DIR) Post #A30GnB72v6gSPelIqu by selea@social.linux.pizza
2021-01-07T19:07:00Z
2 likes, 0 repeats
@abloo disgusting, signal should be boycotted. I do not understand why people use it,.
(DIR) Post #A30HCd0uK1OSBa1gMi by nebunez@fosstodon.org
2021-01-07T19:11:44Z
3 likes, 1 repeats
@kelbot @abloo I had my small group of friends that I chat regularly via phone with switch from Whatsapp to Signal >3 years ago. I see the issues with Signal, but I'm not sure what the best alternative that I can explain well enough to get my friends to migrate once again.
(DIR) Post #A30HXGAMSnunPHHnAe by orekix@anime.website
2021-01-07T19:15:32.461761Z
1 likes, 0 repeats
@abloo iron law of oligarchy seems to apply to software platform centralization too
(DIR) Post #A30HYtSxpfo9aDlZgm by nipos@social.avareborn.de
2021-01-07T19:15:50Z
1 likes, 2 repeats
@abloo Signal devs are assholes and Moxie is the biggest reason why I'd rather install Whatsapp than that Signal bullshit 🙄
(DIR) Post #A30HmQlPLQ52cNqeQ4 by kelbot@fosstodon.org
2021-01-07T19:18:04Z
2 likes, 0 repeats
@nebunez @ablooYeah, that's a problem that a lot of us have been trying to figure out for years now. Something, foss, secure, private, flexible and with a good enough UX for non-tech nerds to get along with. I've tried plenty of different solutions and currently the best option I've found is selfhosting an xmpp server.
(DIR) Post #A30Hxldw3UoUYml6sC by etienne@diaspodon.fr
2021-01-07T19:19:58Z
0 likes, 0 repeats
@selea @abloo I don't have any critics about Signal, I only praise it for what it claims to do and be. But I don't know much and would be happy to hear the other side.What's up with Signal / Moxie?
(DIR) Post #A30I7rvdXavmwxr5NI by Craftplacer@fedi.absturztau.be
2021-01-07T19:22:10.992319Z
0 likes, 0 repeats
@abloo why are we using email then? it's federation too
(DIR) Post #A30IGrmNSv4v5poZPc by wholesomedonut@fosstodon.org
2021-01-07T19:07:59Z
1 likes, 1 repeats
@abloo Zoinks, Scoob...Well Signal's lost -my- interest. 😂 Federation is one of the only conceivable ways that the web as we are currently using it will survive current market and political trends.I'm no tin-foil hatter.. but I'd rather have a fractured and individualistic userbase and codebase than throw all my eggs in a Big Tech-shaped basket that ultimately controls the fate of said eggs, regardless of my wishes.
(DIR) Post #A30IUD6VUZZKzkap6W by pagat@anime.website
2021-01-07T19:25:48.451405Z
1 likes, 0 repeats
@icedquinn @amolith @abloo Some actors try to have it both ways. Remember how Google Talk used to federate with other XMPP providers?
(DIR) Post #A30IUDYVoRyEObhBku by icedquinn@blob.cat
2021-01-07T19:26:12.092663Z
1 likes, 0 repeats
@pagat @abloo @amolith isn't that how we ended up with jingle
(DIR) Post #A30IyD548vazbuDw5g by abloo@fedi.absturztau.be
2021-01-07T19:31:38.495526Z
0 likes, 2 repeats
@etienne @selea I don't want to paraphrase things, so here are some links.https://github.com/LibreSignal/LibreSignal/issues/37https://kill-9.xyz/harmful/software/signalhttps://github.com/signalapp/Signal-Android/issues/127#issuecomment-13335689There is also the fact that it requires you to have an Android or IPhone to use, it exposes your phone number to anyone you talk to, And keeps some form of message history on the servers (synchs messages across clients)
(DIR) Post #A30J0ZtoH8w8xZ5WSG by zleap@qoto.org
2021-01-07T19:24:59Z
0 likes, 1 repeats
@wholesomedonut @abloo Indeed, look at what has happened with WhatsApp, change to terms to share more with Facebook. This is one issue with Big Tech,
(DIR) Post #A30Jw9eg0a3yMRSqVU by polyphonic@polyamory.social
2021-01-07T19:42:20Z
1 likes, 0 repeats
@ablooPatronizing A.F.
(DIR) Post #A30KLyw4UAGOe0uqOW by jauntywunderkind420@cybre.space
2021-01-07T19:46:04Z
1 likes, 0 repeats
@abloo close minded view of the world, can-not do attitude, undefended slander, harps on a nebulous fear-uncertainty-doubt.so frustrating to read.
(DIR) Post #A30LgayIsVS4MBLwzA by Alexmitter@mastodon.social
2021-01-07T19:57:41Z
1 likes, 0 repeats
@abloo Moxie0 is disgusting
(DIR) Post #A30LiPEpTRDeXrwjIG by federico3@mastodon.social
2021-01-07T20:00:00Z
1 likes, 0 repeats
@pagat @icedquinn @abloo @amolithIt's not a matter of "both ways". Interoperability helps a new platform feed off other successful platforms. Then, once dominant, the locking down begins AKA "cornering the market" AKA Embrace/Extend/Extinguish.Unfortunately #mastodon and #lemmy don't seem to understand the first part.
(DIR) Post #A30MDGilBspf6ff92O by icedquinn@blob.cat
2021-01-07T20:07:57.485937Z
0 likes, 0 repeats
@federico3 @pagat @abloo @amolith foss admins don't tend to be cynical enough, or read in to how psych warfare works.
(DIR) Post #A30MG8tClSx3gbv01w by icedquinn@blob.cat
2021-01-07T20:08:29.577577Z
0 likes, 0 repeats
@federico3 @abloo @amolith @pagat short version: hey gaul was pretty cool lets immitate them. what's a roman subversion?
(DIR) Post #A30MLXs3JO54c2xJFA by moth@stereophonic.space
2021-01-07T20:09:28.304088Z
0 likes, 1 repeats
@abloo Between this and spamming contacts when you join on a number, it's almost like they don't want users.
(DIR) Post #A30OLMiayb3TvqZeq0 by openmastering@mastodon.social
2021-01-07T20:31:33Z
1 likes, 0 repeats
@kelbotWhat about threema?@nebunez @abloo
(DIR) Post #A30Ox8hVXdlDSg4rIG by Seirdy@pleroma.envs.net
2021-01-07T20:31:56.162822Z
1 likes, 4 repeats
@selea @abloo I hate the walled-garden nature of Signal, but it's the only FOSS e2ee program I could convince a subset of my IRL friends to use. And that wasn't easy.You have to understand that many people have never heard of "open source", don't know what an operating system is, and don't know the difference between a URL and a Google Search. If you use Firefox in front of them, they'll wonder why your Chrome has a different icon than theirs. What can you convince those people to use?
(DIR) Post #A30P2APCdAVGCFue4u by jens@social.finkhaeuser.de
2021-01-07T20:39:05Z
1 likes, 0 repeats
@kelbotAlso a typical tech problem: that's survivorship bias. https://en.m.wikipedia.org/wiki/Survivorship_biasIt's a huge issue in tech, where the stories of startups that succeeded get hailed as The Way Things Are Done, without looking at the circumstances that might have helped the success along.Asshole or authoritarian aside, it's dumb.@abloo
(DIR) Post #A30S8usp2Yg1wdg2K0 by Seirdy@pleroma.envs.net
2021-01-07T20:44:45.539803Z
0 likes, 1 repeats
@selea @abloo In order to persuade them to use an alternative IM platform, you first must explain to them that there exists an IM app that isn't called WhatsApp, and it can't message their contacts in WhatsApp. Then you have to spend 20 minutes explaining *why* it can't message their contacts in WhatsApp even though they're right there in WhatsApp. Then you have to convince them that it's a good idea to use an app that's "broken" because it can't message their friends.How the hell do you get them to use XMPP+OMEMO/Matrix? It's already next to impossible to get them on Signal, where they just install it and I show up on the main screen with 0 setup.
(DIR) Post #A30SBbq6IkjDkYgilU by jens@social.finkhaeuser.de
2021-01-07T20:55:55Z
0 likes, 0 repeats
@kelbot @ablooThough to be fair, it's exactly that myth making mechanism that keeps unwary nerds flocking to VCs who absolutely need the churn to continue in order to find their rare unicorns. So it's also smart, but not of the people who drink the kool-aid.
(DIR) Post #A30SBc1nbG5OKqA400 by jens@social.finkhaeuser.de
2021-01-07T20:56:33Z
1 likes, 0 repeats
@kelbot @ablooAnd of course I myself drank the kool-aid at some point. Live and learn 🤷♂️
(DIR) Post #A30SGPhYrAxpYMz6pM by abloo@fedi.absturztau.be
2021-01-07T21:15:46.494484Z
0 likes, 0 repeats
@jens @kelbot I was an avid drinker of kool-aid until about 2019
(DIR) Post #A30X0JbaFrNNmcKdMG by selea@social.linux.pizza
2021-01-07T22:08:34Z
0 likes, 0 repeats
@Seirdy @abloo Almost all of my friends and all of my family is using matrix actually, and thoose who dont - hope that I can use bridges to reach them, otherwhise they Always have My mail
(DIR) Post #A30kYPI0vSJOf9lTCj by spongycake@mastodon.online
2021-01-07T21:50:21Z
1 likes, 0 repeats
@abloo @etienne @selea In reply to exposing your number:It is possible to use a virtual number at sign-up, a throwaway. Your registered number cannot be recycled if somebody inherits the virtual number after you.
(DIR) Post #A30keES68DsUmyG7Xc by wwolf@mastodon.online
2021-01-07T23:18:06Z
0 likes, 0 repeats
@SeirdyActually it doesn't seem to be free. IIUC there's no way to prove that they distribute exactly the same code that they've published, as you cannot built it from the source and use with their network.@abloo @selea
(DIR) Post #A30keEkB30L7h2iYim by Seirdy@pleroma.envs.net
2021-01-07T23:52:56.765113Z
2 likes, 0 repeats
@wwolf @abloo @selea you can always build from source. But yeah, the binary distribution situation is problematic. It's especially awful that they keep doubling down on not distributing through F-Droid.
(DIR) Post #A30oppudax4fyKOg4W by toast@toast.cafe
2021-01-08T01:28:41.294781Z
1 likes, 0 repeats
@abloo "it took me actually making something to realize I'm a lib"
(DIR) Post #A30ybuP16UNPNvbWHQ by nebunez@fosstodon.org
2021-01-08T03:16:17Z
1 likes, 0 repeats
@openmastering @kelbot @abloo I remember looking at threema a while ago, forgot about it entirely. Maybe it's worth a look again?
(DIR) Post #A315lgwKiBMcCqnd6u by Azure@tailswish.industries
2021-01-08T04:38:25.216502Z
1 likes, 2 repeats
@abloo It doesn't help his case that he has to make a bunch of false claims to support it (DNS hadn't changed, HTTP hasn't changed, etc. I guess DNSSEC, internationalized domains, and QUIC are just figments of my imagination.)And historically closed protocols with only a single implementation just /die out/. ICQ, AIM, MSN…all dead. And email will still be around when Signal and Telegram shut down.
(DIR) Post #A31Qj24DnpQDtr3wIa by wolf480pl@mstdn.io
2021-01-08T08:33:13Z
3 likes, 0 repeats
@federico3 @pagat @icedquinn @abloo @amolith Fun fact: AFAIK Google Talk didn't stop federating, it just never upgraded to TLS on s2s links, while the rest of the XMPP federation agreed to require TLS
(DIR) Post #A31dVvyeQqygeUXdjc by etienne@diaspodon.fr
2021-01-08T10:47:49Z
1 likes, 1 repeats
@spongycake Thanks for these links, very informative 👍 Ouch, I didn't know about all this drama. That's pretty sad.Since I've been ramping up on self-hosting, these links you provided encourage me to look at providing XMPP or Matrix. I'll have to do my own research on this topic.@abloo @selea
(DIR) Post #A31lmlz684dRZdHnIO by 9uqjgkkMcxGoO2B5m4.jeroen@social.franssen.xyz
2021-01-08T12:11:43.832188Z
1 likes, 1 repeats
@abloo @etienne @selea Why not simply use @matrix ? It has E2EE, doesn’t require cell phone and has all the other features.
(DIR) Post #A31lmmBVNwYmC75hdQ by etienne@diaspodon.fr
2021-01-08T12:21:06Z
0 likes, 1 repeats
@jeroenThanks for the tip! Do I need a phone number to use a XMPP client then? What do you mean by all the other features?I just don't know enough about Matrix vs an XMPP server to have an opinion. What about memory usage? I just need to spend some time researching 🙂 @abloo @matrix @selea
(DIR) Post #A31ohw7HKb2LPbUvRI by valhalla@social.gl-como.it
2021-01-08T13:01:39Z
0 likes, 0 repeats
afaik it's no longer federating even if you accept non-encrypted connection from them (for a while I had them in a whitelist on my server, but some time ago talking with people on google talk just stopped working).
(DIR) Post #A31qiUIcRKNxKwC1CK by fuesstest@social.tchncs.de
2021-01-08T12:46:56Z
0 likes, 0 repeats
@etienne Why choose betweent Matrix and XMPP when you easy use both parallel and in the best case have a redundant way for communication @jeroen @abloo @matrix @selea
(DIR) Post #A31qiUhmvkWCazy7Qe by 9uqjgkkMcxGoO2B5m4.jeroen@social.franssen.xyz
2021-01-08T12:48:42.653605Z
1 likes, 0 repeats
@fuesstest @etienne @abloo @matrix @selea I’ll do even better: Matrix has tons of bridges. I only run Matrix Element on my phone and can interact with Whatsapp, Facebook Messenger, Twitter chat and Telegram. Bridges for XMPP and signal and gitter also exist
(DIR) Post #A31qjl5ZVBtBhLhDKS by fuesstest@social.tchncs.de
2021-01-08T12:51:38Z
1 likes, 0 repeats
@jeroen Thats not what i meant with redundant. If the Matrix Homeserver is down everything is unreachable. @etienne @abloo @matrix @selea
(DIR) Post #A31xRFLtSX5PjdRz9c by GenericContent@social.linux.pizza
2021-01-08T13:52:13Z
1 likes, 0 repeats
@abloo It is not very cool of him. But I can understand him and Signal has the potetial to hurt facebook at least a little. Never the less I put effort into XMPP.
(DIR) Post #A3248JrDBUpXsu1MkC by Zalzen@neckbeard.xyz
2021-01-08T15:54:49.000992Z
0 likes, 0 repeats
@abloo sounds like the systemd dev lmao
(DIR) Post #A324O2T9bHukadGQ6q by akeno@liberdon.com
2021-01-08T15:57:38Z
0 likes, 0 repeats
@abloo "we have control over" -- we know how such control turns out. Moxie is another zuckthecuck of centralization.
(DIR) Post #A324aEfM4wsNtOmq5Q by akeno@liberdon.com
2021-01-08T15:59:51Z
0 likes, 0 repeats
@abloo "we have control over" -- we know how such control turns out. Moxie is another zuckthecuck of centralization.I love how we all agree on what a degenerate he is..
(DIR) Post #A325DKscuPn4SVdfJA by akeno@liberdon.com
2021-01-08T16:06:54Z
0 likes, 0 repeats
@etienne @selea @abloo he is a fucking degenerateHe is so high up in globalist technocrat circle that he already gets censored searches. Basically he is for centralization and collecting your data. remember how you can't use it without fucking sim number?
(DIR) Post #A32AdDBn1SwWCCQvi4 by cryptoduke@social.bobcall.me
2021-01-08T16:23:00Z
1 likes, 0 repeats
@amolith @abloo that and we have NO clue what the Signal proprietary server is doing with any of our data...
(DIR) Post #A32J4GpQOoOKw1NzGK by jcast@mastodon.social
2021-01-08T16:15:53Z
0 likes, 0 repeats
@valhalla @federico3 @wolf480pl @icedquinn @abloo @amolith @pagat Isn't there an issue with a malicious instance or client developer introducing vulnerabilities or resisting to critical updates, putting the whole network at risk?
(DIR) Post #A32J4H51SortiOgRZg by icedquinn@blob.cat
2021-01-08T18:42:07.640882Z
1 likes, 0 repeats
@jcast @valhalla @federico3 @wolf480pl @abloo @amolith @pagat > instance/client developersit puts whoever uses that instance or client at risk. this is not different to how things are already done (you can just consider facebook a single instance server where the instance and client were already compromised for you.)
(DIR) Post #A32c1XiT3K7fZVXpOS by alethiometre@mastodon.online
2021-01-08T21:52:49Z
0 likes, 1 repeats
@rune @abloo Telegram, the other pretty popular messaging application that sells itself as a private messenger, has a number of criticisms against it as well:"the communications were not encrypted with keys the provider didn't have access to, users could not verify contacts' identities, and past messages were not secure if the encryption keys were stolen. "https://en.wikipedia.org/wiki/Telegram_(software)#SecuritySo far, there seems to be no application which is both popular, and truly guarantees security and privacy.
(DIR) Post #A33lwLfjb9JPTAO7SS by Agris@tailswish.industries
2021-01-09T11:39:24.086166Z
0 likes, 0 repeats
@wolf480pl @federico3 @pagat @icedquinn @abloo @amolith That's true, and there are event remnants of that in many XMPP configuration files:-- Force servers to use encrypted connections? This option will-- prevent servers from authenticating unless they are using encryption.-- Note that this is different from authentications2s_require_encryption = true-- Force certificate authentication for server-to-server connections?-- This provides ideal security, but requires servers you communicate-- with to support encryption AND present valid, trusted certificates.-- NOTE: Your version of LuaSec must support certificate verification!-- For more information see https://prosody.im/doc/s2s#securitys2s_secure_auth = true-- Some servers have invalid or self-signed certificates. You can list-- remote domains here that will not be required to authenticate using-- certificates. They will be authenticated using DNS instead, even-- when s2s_secure_auth is enabled.--s2s_insecure_domains = { "insecure.example" }But google did later shut down federation completely when they launched "Google Hangouts", which was the same thing but with c2s (client to server protocol) turned off and they forced all Google Talk users to migrate to Google Hangouts.
(DIR) Post #A33lwMADlnhMzieSye by icedquinn@blob.cat
2021-01-09T11:40:21.755676Z
0 likes, 0 repeats
@Agris @wolf480pl @abloo @amolith @federico3 @pagat and now they killed hangouts. :youmuclap:
(DIR) Post #A33lz7G9dl39ddk7Sy by icedquinn@blob.cat
2021-01-09T11:40:52.740926Z
0 likes, 0 repeats
@Agris @abloo @amolith @federico3 @pagat @wolf480pl (or not, just g+)
(DIR) Post #A33m8cboSBLdTNPEUy by Agris@tailswish.industries
2021-01-09T11:42:01.903448Z
1 likes, 0 repeats
@icedquinn @abloo @amolith @federico3 @pagat @wolf480pl actually, on the Prosody website "gmail.com" is still in the documentation example: https://prosody.im/doc/s2s#security
(DIR) Post #A33mXzETTcKQsVaJ0a by Agris@tailswish.industries
2021-01-09T11:46:25.394317Z
1 likes, 0 repeats
@icedquinn @abloo @amolith @federico3 @pagat @wolf480pl Another thing worth mentioning is when I get asked what that 'attachment' is on my emails. I tell them that's built in email encryption and security called PGP S/MIME, and that your mail client isn't implementing email properly as that's not supposed to show up as an attachment. And that gmail specificity is financially incentivized not to implement secure email because their business model relies on being able to snoop through your mail. Read your terms of service/privacy policy.
(DIR) Post #A33mXzjfbdHYRGBDdI by icedquinn@blob.cat
2021-01-09T11:47:10.139875Z
0 likes, 0 repeats
@Agris @abloo @amolith @federico3 @pagat @wolf480pl i don't like s/mime because it relies on the busted ssl trust model.
(DIR) Post #A33mclUfz5ANiTRQMC by icedquinn@blob.cat
2021-01-09T11:48:02.728522Z
0 likes, 0 repeats
@Agris @abloo @amolith @federico3 @pagat @wolf480pl :blobcatgoogly: pay spooks a fee or no encryption for you. no it doesn't matter if you only wanted crypto and not the identity signature.
(DIR) Post #A33n2JkNlgunBsyKki by Agris@tailswish.industries
2021-01-09T11:52:25.424253Z
1 likes, 0 repeats
@icedquinn @abloo @amolith @federico3 @pagat @wolf480pl I'm referring to OpenPGP/SMIME together, because they are both implemented via MIME, one just using x.509 and the other via web of trust.
(DIR) Post #A33u6yTkyAb6M7MaEC by wolf480pl@mstdn.io
2021-01-09T13:11:54Z
0 likes, 0 repeats
@Agris @pagat @icedquinn @abloo @federico3 @amolith do you mean PGP/MIME ?AFAIK there are 3 ways to encrypt/sign emails:- inline PGP - just puts ascii-armored encrypted/signed message into the email body-PGP/MIME - puts PGP-encrypted/signed stuff into PGP-specific MIME parts- S/MIME puts X.509 encrypted/signed stuff into X.509-specific MIME partsI don't know which PKI X.509 uses. I guess it can use PGP web of trust through gpgsm.
(DIR) Post #A34MBKR64ZwyKTz3dQ by tc@snabelen.no
2021-01-09T18:26:06Z
1 likes, 0 repeats
@seleaOne of the main reasons I recommend Signal is the ease of onboarding. No servers to decide, no username. Also the way the app seamlessly can be used as an SMS app is awesome.@abloo
(DIR) Post #A35dLaKdiheMu7OqfI by selea@social.linux.pizza
2021-01-10T09:13:18Z
0 likes, 0 repeats
@tc Element (matrix) has a pretty easy registration too actually, but a username is something you will need to figure out.There is also some other matrix clients that can be used as an sms-app too@abloo
(DIR) Post #A3ka5CMOT8k457661A by notclacke@pleroma.soykaf.com
2021-01-30T03:19:58.214388Z
2 likes, 0 repeats
@wolf480pl @federico3 @pagat @icedquinn @abloo @amolith There was that, and then they just didn't handle creating new subscriptions, don't remember if it was to or from or both, with non-GTalk nodes. And finally they shut down GTalk and replaced it with Hangout, which they have since shut down or will shut down.Either way, after joining the network, gaining users and promoting their A/V extensions, they made zero effort to stay on the network and possibly some effort to isolate it. And then they took their users and left.