fsebugoutzone.org:9999

       Post A3KEYpC9ddTXJ0QSvo by cathal@octodon.social
 (DIR) More posts by cathal@octodon.social
 (DIR) Post #A3KEYpC9ddTXJ0QSvo by cathal@octodon.social
       2021-01-16T13:23:17Z
       
       0 likes, 0 repeats
       
       Moxie, right now: &quot;Somehow this problem could have been solved by depending even *more* on centralised infrastructure, I&#39;m certain of it&quot;#Signal
       
 (DIR) Post #A3KEYpSSf0WG7a3ULg by douginamug@mastodon.xyz
       2021-01-16T19:43:45Z
       
       0 likes, 0 repeats
       
       @cathal where/what is he saying?
       
 (DIR) Post #A3KEYpmfRsgN8FVcqO by cathal@octodon.social
       2021-01-16T19:48:38Z
       
       0 likes, 0 repeats
       
       @douginamug TBH I have so little respect for Moxie&#39;s actual opinions on the matter that I dare not look. His long-term view has always been that centralisation is the only answer to anything.I have sympathy for the reasons, because decentralised identities are hard, &amp; Signal can count state-level adversaries in its threat model. But the &quot;solution&quot; has been to require everyone to.. trust Moxie, I guess. It would be hard for him, technically, to betray that trust, but it&#39;s just, ugh.
       
 (DIR) Post #A3KEYq4kMf902Jy41Y by douginamug@mastodon.xyz
       2021-01-16T20:17:40Z
       
       0 likes, 0 repeats
       
       @cathal fair enough. I watched that talk he did for ccc... last year? where he basically say is central or not-at-all, and then I read the blog post matrix made in response. Both pieces were intesting, somehow complementary.
       
 (DIR) Post #A3KEYqTYsOzfHHZshc by cathal@octodon.social
       2021-01-16T20:23:55Z
       
       0 likes, 0 repeats
       
       @douginamug Moxie is amazing at technical solutions to crypto problems, and at wedding those to a user experience that minimises room for error.But being blunt, that&#39;s usually done by removing options (&quot;freedoms&quot;) from users.So key management is simplified: good. There&#39;s a way to verify: good. But there&#39;s no way to do web-of-trust, because people fuck that up. So moxie removes it entirely.Same goes for federation: getting distributed trust right is hard. So it&#39;s just axed.
       
 (DIR) Post #A3KEYqnPgasCGqrje4 by cathal@octodon.social
       2021-01-16T20:26:40Z
       
       0 likes, 1 repeats
       
       @douginamug And secure app distribution and update distribution and bug monitoring is hard.. Signal &quot;solved&quot; this by relying entirely and exclusively on Play (including the spyware!), going as far as to find and demand takedowns of third part builds like F-droid.Lately they also have a bare APK download but that took ages and a lot of haranguing.So Moxie decided that Google was trustworthy enough to solve a hsrd problem, and embedded their spyware in signal. Hard problem-gone! (?)