Post AD1faEKbBOPTEdzxEe by werwolf@fosstodon.org
(DIR) More posts by werwolf@fosstodon.org
(DIR) Post #ACzwdLuelEuiWS1Ds0 by werwolf@fosstodon.org
2021-11-02T18:02:19Z
3 likes, 12 repeats
Signal is making a part of their server source code proprietary software:"To keep Signal a free global communication service without spam, we must depart from our totally-open posture and develop one piece of the server in private".Taking into account it's centralized nature and that they don't allow third party clients, Signal seems to be just as bad as other "privacy" oriented companies.Leave Signal and join a truly private, decentralized and libre protocol like #XMPP
(DIR) Post #ACzx5FUaE3zeiZ7pPk by bbbhltz@fosstodon.org
2021-11-02T18:07:22Z
0 likes, 0 repeats
@werwolf I wonder what will happen to things like Pigeon on the Punkt phone which uses the Signal server
(DIR) Post #ACzx9iPAffFjXziuw4 by swiley@qoto.org
2021-11-02T18:08:09Z
0 likes, 0 repeats
@werwolf Surprise surprise
(DIR) Post #ACzxAU27afKtGPJBfk by markusl@fosstodon.org
2021-11-02T18:08:19Z
0 likes, 0 repeats
@werwolf It seems only fair to let Signal explain this move in their own words:https://signal.org/blog/keeping-spam-off-signal/
(DIR) Post #ACzxFBUtvwGRDw0mQq by werwolf@fosstodon.org
2021-11-02T18:09:11Z
0 likes, 1 repeats
If forgot to add the link to their announcement:https://signal.org/blog/keeping-spam-off-signal/
(DIR) Post #ACzxIfdYKdWnZJijuC by peter@mastodon.peterbabic.dev
2021-11-02T18:09:48Z
0 likes, 0 repeats
@werwolf what the, will this ever end?
(DIR) Post #ACzxjX7E7dZuxVPRom by ilyess@mastodon.online
2021-11-02T18:14:39Z
0 likes, 0 repeats
@werwolf @peter That’s just the piece of code that prevents spam though. Do you have suggestions to solve that problem while publishing the code?Server code being open source was never the reason why #signal is secure and private, since we never had any guarantees that the published code is the one serving our clients. Client code being #opensource is what matters the most, and that hasn’t changed.
(DIR) Post #ACzxmB8eHyA5fPKtns by werwolf@fosstodon.org
2021-11-02T18:15:08Z
0 likes, 0 repeats
Of course their excuse is that the only purpose is to prevent spam. Lies. They even require you to verify you with your phone number, which is uniquely identifiable. And in the past, and I'm not sure if it's still an issue, they even required you to solve a recaptcha. It's just hilarious.
(DIR) Post #ACzxw2Q9YWD1WdE0Po by werwolf@fosstodon.org
2021-11-02T18:16:54Z
0 likes, 0 repeats
@ilyess @peter they require you to verify yourself with your phone number. And also to solve a Google's Recaptcha. This spam excuse doesn't make any sense
(DIR) Post #ACzzD6gz1mM1eMnfDU by peter@mastodon.peterbabic.dev
2021-11-02T18:31:12Z
0 likes, 0 repeats
@werwolf We all could argue for long which client is the most secure and privacy oriented at the same time.The bottom line to meet these goals would probably be to not use the phone at all, which might not be a feasible option for many, which is sad.@ilyess
(DIR) Post #ACzzabJzJcgTIyFN9k by xgqt@fosstodon.org
2021-11-02T18:35:27Z
0 likes, 0 repeats
@werwolf telegram v2 :)
(DIR) Post #AD00sbRxfyCus27mCm by csddumi@norden.social
2021-11-02T18:49:36Z
0 likes, 0 repeats
@werwolf What valid security reasons are there for keeping software proprietary? I can only imagine security by obscurity as a valid reason.
(DIR) Post #AD00xy4kyuVaUUpRlg by twotwenty@qoto.org
2021-11-02T18:50:53Z
0 likes, 0 repeats
@werwolf or matrix, it has great encryption algorithms.
(DIR) Post #AD017P5huNrisqlxy4 by danie10@mastodon.social
2021-11-02T18:52:35Z
0 likes, 0 repeats
@werwolf I can't see why this has to be proprietary actually - just be transparent about how it works... it suggests something will be obscured
(DIR) Post #AD020Rkni45T4MExiy by SrEstegosaurio@mstdn.social
2021-11-02T19:02:32Z
0 likes, 0 repeats
@werwolf I wouldn't trust any kind of centralised entity. Never. And this kind of things are the problems that happend when you have a central server.
(DIR) Post #AD03biGpMeIwxmYR28 by shitpisscum@shitpisscum.mooo.com
2021-11-02T19:20:29.095157Z
0 likes, 0 repeats
@xgqt @werwolf Yea lol
(DIR) Post #AD04yoLX2YyUQDKgrI by wire@anarchism.space
2021-11-02T19:35:50Z
0 likes, 0 repeats
@werwolf So, do you think it is impossible to get a bunch of phone numbers for spam?They are going to keep one of their services private to keep the algorithms (probably something simple similar to rate-limiting) hidden so spammers cannot determine easily the thresholds they should not pass to avoid getting banned.
(DIR) Post #AD05U4HdptO8pMPwrA by ilyess@mastodon.online
2021-11-02T19:41:29Z
0 likes, 0 repeats
@werwolf True. It just seemed that you were advocating to leave #signal because part of the server code is now closed. However, this doesn’t change anything about the current level of security and privacy. Now, whether one is comfortable with phone number based registration and Google recaptcha is a different story.@peter
(DIR) Post #AD05yVlKEdM4jronbc by ilyess@mastodon.online
2021-11-02T19:46:59Z
0 likes, 0 repeats
@peterYeah, I can’t argue with that. Total security and/or privacy is almost unachievable in the digital world. That being said, I believe #privacy is a spectrum and there are things that are still within users’ control. Things that you and I can do in order push ourselves closer to the good side of that spectrum.@werwolf
(DIR) Post #AD09CwEitwBMlP8jaa by velartrill@social.ignis.link
2021-11-02T20:23:16.042788Z
0 likes, 0 repeats
@werwolf L M A O
(DIR) Post #AD0E01mxRkoXzPoeeG by huntra@mastodon.technology
2021-11-02T21:16:54Z
0 likes, 0 repeats
@werwolf im happy with matrix, also a good place to join :)
(DIR) Post #AD0FYjk6dJFe6ub2em by 5am@fosstodon.org
2021-11-02T21:34:23Z
0 likes, 0 repeats
@werwolf I love the idea of XMPP, but just can't imagine people I actually message regularly using it. Similar to @session In many ways it seems the ideal messaging solution in terms of true anonymity (if needed/desired) but it's hard enough convincing some people to even pay attention to Signal.
(DIR) Post #AD0uiZAksqxqLOrpAG by joschu@social.joschu.ch
2021-11-03T05:15:35Z
0 likes, 0 repeats
@werwolf the ReCaptcha is still there, I tested it a few months ago. And unfortunately there are some important contacts of mine on Signal now, so I have to use this shit... the convincing starts again, not with WhatsApp, but with the next bad messenger...
(DIR) Post #AD0zzgfqkJS6IsOWq8 by UPPERKEES@mastodon.social
2021-11-03T06:14:42Z
0 likes, 0 repeats
@werwolf I suppose Matrix is a better alternative. But at one point you also need to fight spam there once it becomes a popular platform.
(DIR) Post #AD12Y8zMBAIxsF4p9s by sheetposter@kiwifarms.cc
2021-11-03T06:43:22.541138Z
0 likes, 0 repeats
@werwolf I have never even seen spam in Signal and I was an early adopter, why the fuck are they betraying me. Is there no fucking way for me to stay in touch with my normie friends without getting anally probed?
(DIR) Post #AD1EAn0Gx76yTf8Riy by mcread@noagendasocial.com
2021-11-03T08:53:34Z
0 likes, 0 repeats
@werwolf how does XMPP deal with spam ?
(DIR) Post #AD1ejka0YLGXu8BJU8 by aleks@cybre.space
2021-11-03T13:51:13Z
0 likes, 0 repeats
@werwolf XMPP is not an alternative to Signal, not until there is at least one de-facto standard client supporting all basic features, with a decent UI and available on all major platforms (Windows, Android, iOS)
(DIR) Post #AD1faEKbBOPTEdzxEe by werwolf@fosstodon.org
2021-11-03T14:00:43Z
0 likes, 0 repeats
@aleks You don't need the very same client on every platform.Conversations for Android works flawlessly. And for desktop you have Gajim which also works great and it's multiplatform. Both of them support most of the features and work out of the box.And after the recently changed Gajim's UI, we can also say that the UI isn't a problem anymore
(DIR) Post #AD2RJKt8LX8IRrA5Fg by mistermonster@firebird.zone
2021-11-03T22:55:30.537001Z
0 likes, 0 repeats
@werwolf I wonder why they just don't implement a hashcash pow for messages, this would prevent spam pretty well.
(DIR) Post #AD2eAAZUdKPlFVvzdI by aleks@cybre.space
2021-11-04T01:19:27Z
0 likes, 0 repeats
@werwolf You are right, *I* don't need the same client on every platform, but the people I may want to convince to switch to XMPP want a simple answer on what to use.Ideally, the name of the client would just be the name of the procol, which simplifies a lot of things for people understanding. If you have to explain to people that "oh yeah Conversations and Gajim work together because they all use the XMPP protocol", you already lost.Also from experience when I tried XMPP a couple years ago, I had some funky issues with messages/history not syncing properly between my mobile client and my desktop client.I want to believe in XMPP, because I'm really afraid that in 10 years from now we'll still be in this status quo with "not-really-decentralized" technologies (which also apply to Matrix because it's not clear if it'll stay heavily centralized on matrix.org or not ...) but it's time XMPP folks understand that things need to be made simple, otherwise nobody will switch.
(DIR) Post #ADAnWA4pJcuszZDoR6 by SrEstegosaurio@mstdn.social
2021-11-07T23:42:00Z
0 likes, 0 repeats
@werwolf I love seeing people trying their best to justify it, but I found incompatible being "privacy and security oriented" and not FOSS at the same time. The spam excuse... They require you to use your real phone number witch in the majority of cases is directly tied to your physical person.Anyways never trust anything that is centralised, uses reChapta and is not FOSS. Never.
(DIR) Post #ADBMFu8Rnhs1WzoWbA by ryo@fosstodon.org
2021-11-08T06:11:15Z
0 likes, 0 repeats
@werwolf I'll stay with Signal atm.It's a good balance between security and functionality.The XMPP community had it chance many years ago, but were too snubby to go with emoticons, stickers, and media focus.Others did what the user wanted. Now the train is long gone.
(DIR) Post #ADBNKDXPhhWcou70lM by ryo@fosstodon.org
2021-11-08T06:23:15Z
0 likes, 0 repeats
@werwolf that sounds like they made a conspiracy.I don't know. If you really, really need 100% security (which does not exist), than Signal is not the messenger you should use. But it's pretty secure for normal people. And that's an important thing. I need as many friends to use it. And if there is another step (other than just having a phone number) it's over. Some of them will never enter an e-mail and password.BTW, you can install more than one messenger if needed. I have currently 3. So?
(DIR) Post #ADBO5SWdnYGeuhHFho by ryo@fosstodon.org
2021-11-08T06:31:47Z
0 likes, 0 repeats
@werwolf But I'm curious.You say they are lying.What do you think is their ultimate goal?Why do think they are lying?
(DIR) Post #ADBtreEmeaZ3iUNnou by ryo@fosstodon.org
2021-11-08T12:27:51Z
0 likes, 0 repeats
@werwolf One more addition. I stumbled on a totally coincidence upon this:https://fosstodon.org/@TheFuzzStone/107241290368566373I think that shouldn't be ignored when talking about XMPP
(DIR) Post #ADDwdMwOqxm4CGaRHM by drazraeltod@chaos.social
2021-11-09T12:08:16Z
0 likes, 0 repeats
@werwolf because security through obscurity is the way of winners! :D
(DIR) Post #AFW3shNDaJ04Hha6Qi by tychosoft@fosstodon.org
2022-01-17T01:38:29Z
0 likes, 0 repeats
@werwolf just look at ~/.config/Signal/config.json ;). Yes, that's the in the clear key for the local sqlite db...