Post AQd4eFIs4H9Ifx8Tc8 by megfault@ciberlandia.pt
(DIR) More posts by megfault@ciberlandia.pt
(DIR) Post #AQ3CYzIjwNrpXaWLgW by adam@hax0rbana.social
2022-11-28T04:02:13Z
3 likes, 3 repeats
I am amused that SignalApp joined mastodon.The fediverse is everything they stand against.- federation instead of centralization- open, community driven protocol- using pseudonyms- multiple implementations of client and server softwareNot sure what I mean, check out their blog post on these topics: https://signal.org/blog/the-ecosystem-is-moving/As for the multiple implementations, Signal denied a request to have a 100% open source fork of their app in F-droid. See for yourself: https://github.com/signalapp/Signal-Android/issues/9966#issuecomment-681943985
(DIR) Post #AQ4iZDhHoBLfsd7Hto by praveen@social.masto.host
2022-11-28T15:56:57Z
1 likes, 0 repeats
@adam many projects think, their project is somehow special and need this and that exception (centralization, proprietary services like github or twitter or instagram). The argument being, they only need to preach and not necessarily live the values they supposedly wants to promote. and we end up fighting in silos without a lot of solidarity and support from potential collaborators.
(DIR) Post #AQ4jSeNyHb6Ua1VtT6 by janci@mstdn.io
2022-11-28T16:40:44Z
0 likes, 0 repeats
@adam I think that this is good example that nothing is black or white
(DIR) Post #AQ4kL60dnKOxtIYvoG by soatok@furry.engineer
2022-11-28T17:16:00Z
0 likes, 0 repeats
@adam Given that their only posts so far were asking for donations, I don't anticipate they're super invested in their presence here
(DIR) Post #AQ4l4Ri5xSPME5VpJ2 by dusnm@fosstodon.org
2022-11-28T17:48:54Z
0 likes, 0 repeats
@adam You're being too hard on Signal. All that matters to me is that the protocol is secure, reliable and free software. All of which Signal is. It's miles and miles better than any proprietary alternative. They don't collect you data, they don't run ads.Is federation a hill to die on?Are pseudonyms that important that you absolutely need them on a messaging app?
(DIR) Post #AQ4lIVVqcKjq4cUMHQ by fr33tux@mamot.fr
2022-11-28T17:59:19Z
0 likes, 0 repeats
@adamI'm not sure what you mean, knowing that pseudonyms are coming early next year, the protocol is public and has been a community effort, and that there are many non-Signal pieces using the Signal protocol.Finally Federation vs. Centralization is not all black and white, both have their limits so it's ok to think that one is more appropriate in some cases vs. others. Federation has its side effects too: https://www.jwz.org/blog/2022/11/mastodon-stampede/#comment-238154 !
(DIR) Post #AQ4lIXdMjLwMeW1OHA by fr33tux@mamot.fr
2022-11-28T18:02:29Z
0 likes, 0 repeats
@adamAnd finally, regarding F-Droid I think your toot is misleading. Simply quoting the GitHub issue comment:> Of course you have our full support if you'd like to fork Signal, name it something else, and use your own servers.It's also ok to not want lagging/experimental/... clients on your infra when you already offer several installation paths without hard dependencies on Google Services.
(DIR) Post #AQ4lvZAewwtqiHCdVo by kobold@social.troll.academy
2022-11-28T18:24:35Z
0 likes, 0 repeats
@adam@signalapp Maybe you might want to comment, please :blobthinkingeyes:
(DIR) Post #AQ4m03AxKoJsvhTnZQ by StephanWindmueller@digitalcourage.social
2022-11-28T18:27:29Z
0 likes, 0 repeats
@adam It would be nice to mention @signalapp so they can respond properly.
(DIR) Post #AQ4mQrd6N2MgwHQkBU by moanos@chaos.social
2022-11-28T18:44:53Z
0 likes, 0 repeats
@adam haha they don't even dare to compare themselfs to @matrix 😂
(DIR) Post #AQ4oCcmyx0gElXODr6 by adam@hax0rbana.social
2022-11-28T22:38:36Z
0 likes, 0 repeats
@dusnm Perhaps I am being too hard on them. Perhaps you are being too soft.I never advocated for any proprietary solution. But since you brought it up, the default version of Signal has proprietary code mixed in.Matrix is open source, has at least an equally secure secure protocol, doesn't collect data on you nor run ads, and it's 100% open source.So by your own criteria, Signal is inferior to Matrix. I think you're being soft on Signal, likely because of their roots.
(DIR) Post #AQ4opY46Rp8bPOxT3A by swarming@mas.to
2022-11-28T21:03:55Z
0 likes, 0 repeats
@adam did you miss the bit where Signal is completely open source?
(DIR) Post #AQ4p0QBW5TXy9ZbuBE by adam@hax0rbana.social
2022-11-28T22:47:40Z
0 likes, 0 repeats
I absolutely still use the open source fork of Signal by Twin Helix. And I've been an adamant supporter of Signal since it was called Red Phone/TextSecure. I defended them when they integrated 3rd party, corporate services like Gify, and when they chose Google Maps over OpenStreetMaps.I want to say that Signal is still my preferred option. But they're not.And if anyone wants to tell me I can run my own Signal server, try it yourself and see if you still have an urge to tell people that.
(DIR) Post #AQ4pWh3YtV8vkMHJ5c by bjoerns@social.tchncs.de
2022-11-28T18:52:21Z
0 likes, 0 repeats
@adam @dusnm totally agree. Signal is perfect for 90% of the ordinary users. Which you cant give a Matrix Client at hand. The other 10% should stop crying about it an use Matrix or XMPP (for the case they also have complaints about Matrix).
(DIR) Post #AQ4pWhd0lhV1WIrcLQ by gd2@chaos.social
2022-11-28T19:20:53Z
0 likes, 0 repeats
@bjoerns @adam @dusnm So the other 10% should just not communicate with the 90% and vice versa?
(DIR) Post #AQ4pWi6myzJp0enOl6 by bjoerns@social.tchncs.de
2022-11-28T19:24:17Z
0 likes, 0 repeats
@adam @dusnm @gd2 everybody is free to install as many messaging app as the want to. So i dont see your problem
(DIR) Post #AQ4pWjkAu2Py56EMmu by gd2@chaos.social
2022-11-28T19:32:00Z
0 likes, 0 repeats
@bjoerns @adam @dusnm If the 10% also all have to use Signal (in addition to e.g. Matrix) to talk to the other 90%, 100% of People are using Signal. In which case Signal is again making the rules for everyone, so their stance on the above points is again relevant for everyone.
(DIR) Post #AQ4pWk6rXgZ9DSqU9Q by bjoerns@social.tchncs.de
2022-11-28T19:37:48Z
0 likes, 0 repeats
@adam @gd2 @dusnm or if some of the 90% use a seperate Matrix Account to talk to the other 10% which not use Signal everybody is happy, correct?
(DIR) Post #AQ4pWkSqDy9AJd82PQ by gd2@chaos.social
2022-11-28T19:56:22Z
0 likes, 0 repeats
@bjoerns @adam @dusnm I guess so, but I don't think it will be "some" of the 90%, it will be most of it (or the 10% are still unhappy because they can't reach all of their contacts)...And that kind of requires Matrix to be (securely) usable by the ordinary users, at which point the advantages of Signal kind of disappear?
(DIR) Post #AQ4pWkwcRFxxnz3op6 by cherti@chaos.social
2022-11-28T20:16:37Z
0 likes, 0 repeats
@gd2 @bjoerns @adam @dusnm What always strikes me as odd about this argument is that people just complain Signal is actually used by so many people and somehow the alternatives not only have weaker privacy guarantees, but also a way smaller userbase. I remember that Moxie Marlinspike himself stated he would like to be proven wrong when it comes to federation, but so far this has not really happened, certainly not in the space of privacy.
(DIR) Post #AQ4pWlTEU03PR8Jreq by cherti@chaos.social
2022-11-28T20:18:52Z
0 likes, 0 repeats
@gd2 @bjoerns @adam @dusnm The fediverse in that sense is noticably different, because the way it is built everything is public unless explicitly configured differently, which just avoids a whole lot of problems that are actually quite challenging to solve. The discussion "your admin can read your DMs" has surfaced multiple times and while I would not necessarily consider that a problem in the fedi, it does show that the fedi is built for a different purpose with different challenges.
(DIR) Post #AQ4pWlsOyQBehC5xtA by dusnm@fosstodon.org
2022-11-28T20:22:27Z
0 likes, 0 repeats
@cherti @gd2 @bjoerns @adam I never understood that. The UI itself also tells you DMs aren't end-to-end encrypted. The nature of microblogging is public by design, if you need complete privacy, use Signal or Matrix or XMPP. Realistically use Signal, it offers much better privacy guarantees than either of the latter options.
(DIR) Post #AQ4pWmMXAOI2CeC1r6 by cherti@chaos.social
2022-11-28T20:27:28Z
0 likes, 0 repeats
@dusnm @gd2 @bjoerns @adam I absolutely agree, it's always a question of "tool for the job". And public-facing social media is quite a different thing (and requires a different architecture and has different requirements) than a solution for private communication.Thinking about it, I feel like Matrix is designed more along the requirements of the fedi instead of the requirements of a private messaging solution.Would also explain things like the online status can't be disabled in Element.
(DIR) Post #AQ4pWmotSwyVcbSg3k by bjoerns@social.tchncs.de
2022-11-28T20:31:16Z
0 likes, 0 repeats
@adam @gd2 @dusnm @cherti yeah and at the other end of the net people also say that Matrix is evil 😂 https://hackea.org/notas/matrix.html
(DIR) Post #AQ4pWnF7tPxUvxjcwq by adam@hax0rbana.social
2022-11-28T22:53:26Z
0 likes, 0 repeats
@bjoerns @gd2 @dusnm @chertiI think that criticism of Matrix was a good thing, mostly. Matrix fixed the actual problems that were pointed out. That is tangible progress. As for the claims in there that lack any proof and are impossible to verify... not the author's best work, to put it kindly.
(DIR) Post #AQ4qGox3s9IzYPEV1c by adam@hax0rbana.social
2022-11-28T23:01:48Z
0 likes, 0 repeats
@swarming 1. No2. Also, the official Signal app is not 100% open source3. Signal blocked the open source fork from being put in the open source app store's (F-Droid's) official reposhttps://www.twinhelix.com/apps/signal-foss/
(DIR) Post #AQ4qrwIZWGj33RzfVo by JoYo@hackers.town
2022-11-28T22:53:07Z
0 likes, 0 repeats
@adam oh look who decided to show up, Mr "platforms not protocols"xD
(DIR) Post #AQ4rB5CwcSWEBjUR2O by cherti@chaos.social
2022-11-28T23:09:45Z
0 likes, 0 repeats
@adam @bjoerns @gd2 @dusnm It's all about what you want to achieve. Matrix is built for interoperability and as a consequence willing to reduce the amount of privacy achievable (which is, by their own statement, a structural part of Matrix).In the end it's tools for the job, and if your primary interest ist private communication, then Matrix is still not the best option available, because it is simply not primarily designed for that.If your goal is interoperability and control (such as the…
(DIR) Post #AQ4rS5AE2Gc0yWK98C by dusnm@fosstodon.org
2022-11-28T23:12:47Z
0 likes, 0 repeats
@adam There are two parts of the code I'd consider proprietary, Google Play Services and their spam filter. The former is unfortunately required for notifications, unless you know what you're doing and the latter is a necessary evil to stop spam. All in all, there are trade offs to everything, and I'd say Matrix is in fact less secure for all the reasons people already mentioned in this thread.
(DIR) Post #AQ4tkLVSDIHamU5dk8 by corvusbrimstone@kolektiva.social
2022-11-28T23:38:25Z
0 likes, 0 repeats
@adam @swarming Not really. Just mostly. https://github.com/signalapp/Signal-Android/issues/9966#issuecomment-1009692931
(DIR) Post #AQ4wFghVf9UvOqnl9U by gd2@chaos.social
2022-11-28T19:17:55Z
0 likes, 0 repeats
@dusnm @adam Not ads for 3rd parties, but soliciting donations (and maybe still their cryptocurrency?). Totally acceptable so far, but to scale up they will need more money. Federated servers also need to be paid, but the money can come from different sources / raised in different ways.Pseudonyms are incredibly important. With phone numbers, it is way to easy to accidentally reveal your real identity to complete strangers, which is especially bad in exactly those use-cases signal aims for.
(DIR) Post #AQ4wFh9Vz1tonhu7ns by dusnm@fosstodon.org
2022-11-28T19:37:47Z
0 likes, 0 repeats
@gd2 @adam I’m here, talking with you, a complete stranger, using my real name and photo. There needs to be a certain level of trust between parties, at some point. People want contact discovery in a messaging app. Turns out it’s pretty damn impossible to do that without your phone number.
(DIR) Post #AQ4wFhWCcg2zw4WFAO by gd2@chaos.social
2022-11-28T19:48:26Z
0 likes, 0 repeats
@dusnm @adam Signal (also) markets itself towards journalists and whistleblowers. Those groups need both to have a secure channel, but for both groups it is very dangerous to give out their real ID to the other side, even if they trust them with the message (https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/).A more benign example: I trust many people enough to write messages with them, but not that they will not upload my number to other services.Phone nr discovery is possible without giving it away to every contact.
(DIR) Post #AQ4wFi0Koe9NRWcJ8K by dusnm@fosstodon.org
2022-11-28T20:07:10Z
0 likes, 0 repeats
@gd2 @adam This doesn't really solve the problem, but rather moves it elsewhere. The whole point of having a phone number as an identifier is to be able to find my friends who already have my phone number. In a sense my contact list is my social graph.I'm not saying private contact discovery is impossible, I'm saying that for it to work it must require a phone number, since that's the most readily available unique identifier of an already existing social graph.https://signal.org/blog/private-contact-discovery/
(DIR) Post #AQ4wFiOnLhiSfO3qG8 by cherti@chaos.social
2022-11-28T20:14:27Z
0 likes, 0 repeats
@dusnm @gd2 @adam It also has the advantage that the identity token is not controlled by the service itself, meaning that it is way easier for another service to just use the same identifier. That's currently up to date again as people try to rediscover their network outside of Twitter (and protects you from the service provider just swallowing your identifier). Depends on what you prefer, ideal would be the option to have a service-specific and service-unspecific identifier at the same time.
(DIR) Post #AQ4wFisvXfoqAq9uE4 by gd2@chaos.social
2022-11-28T20:28:48Z
0 likes, 0 repeats
@cherti @dusnm @adam That is exactly what e.g. Matrix tries to give you, you have your MXIDs (@username:server.tld stuff) and you can also link your phone number with it. Someone searching knowing your phone number can add you this way. However, if you join a room / chat with some strangers, the phone number is not automatically given to them, they will only see the MXID.
(DIR) Post #AQ4wFjGK8gXBLP6ah6 by dusnm@fosstodon.org
2022-11-28T20:31:52Z
0 likes, 0 repeats
@gd2 @cherti @adam But doesn't that render the point mute? Your MXID is controlled by the service itself, that being the Matrix server you decide to enroll with. You can't realistically use your MXID to register with another service.
(DIR) Post #AQ4wFjkoJKv8rxMwDI by cherti@chaos.social
2022-11-28T20:49:12Z
0 likes, 0 repeats
@dusnm @gd2 @adam Yes, that's the issue that can arise, as the server also controls the ID, if you get booted you loose your social graph and have to reconnect it (and other people would just see a different ID which could be you or somebody else, who could know?). So having identifier and service separate has some distinct advantages.
(DIR) Post #AQ4wFkH4NOj0U0ShUm by gd2@chaos.social
2022-11-28T21:04:54Z
0 likes, 0 repeats
@cherti @dusnm @adam Well, there might be the issue then. Having to rebuild my social graph is not as high on my threat model as having that graph be leaked to advertisers and such. I can re-add people in my messenger, I can't remove that information from foreign databases.And you can make the bridge between identifier and service with systems like Matrix, but you can't opt out in systems like Signal.
(DIR) Post #AQ4wFkkqagXnyMOTuS by cherti@chaos.social
2022-11-28T21:07:19Z
0 likes, 0 repeats
@gd2 @dusnm @adam But when you bridge, all end2end encryption goes out of the window, which is not particularly attractive (especially if you have the bridge hosted by a 3rd party).Also, pinning the leakage to advertisers on Signal is reframing the issue. The reality is WhatsApp is a facebook company and is installed on every phone. What Signal offers is to have messaging not monitored by Meta. The alternative to that would be installing WhatsApp, all other alternatives haven't taken…
(DIR) Post #AQ4wFlFKlKvlUuepQe by adam@hax0rbana.social
2022-11-29T00:08:47Z
0 likes, 0 repeats
@cherti @gd2 @dusnm I don't bridge Signal to Matrix server, even though I do control the bridge (and the matrix server for that matter). Then again I don't use Signal Desktop either.Imperfections in other systems don't change the privacy or centralization issues I initially mentioned about Signal.I understand not everyone shares these concerns, and that's fine too.
(DIR) Post #AQ4wFmNsX3MN1hfAO0 by cherti@chaos.social
2022-11-28T21:08:05Z
0 likes, 0 repeats
@gd2 @dusnm @adam … traction despite some of them being older than Signal.And a messenger is hardly of any use if no one else uses it.
(DIR) Post #AQ4wbRVmoefkf8gwfQ by gd2@chaos.social
2022-11-28T20:32:22Z
0 likes, 0 repeats
@cherti @bjoerns @adam @dusnm The alternatives do not have strictly weaker guarantees, but different ones. Signal has sealed senders going for it which is difficult to do with federation, and since there is only one "server", only one server needs to know the metadata (instead of two).On the other hand, Signal requires you to share your phone number, and it presents a SPOF that can be attacked to compromise availability.
(DIR) Post #AQ4wbRyr4ZvO7II9ya by dusnm@fosstodon.org
2022-11-28T20:34:27Z
0 likes, 0 repeats
@gd2 @cherti @bjoerns @adam On the other hand the federated approach leaves it all up for the people who decide to run a federated node. Just look what happened with mastodon.technology. Neither case is ideal, but at least a large entity like Signal could realistically leverage their capital to resist such availability attacks.
(DIR) Post #AQ4wbSO1Z03dNM4GCu by cherti@chaos.social
2022-11-28T20:53:32Z
0 likes, 0 repeats
@dusnm @gd2 @bjoerns @adam and a single entity has the advantage, in addition to that, to hide the communication patterns within the system, which otherwise are exposed to ISPs and everyone that can monitor networks. This is particularly problematic for single-user instances, which effectively get a metadata tracking ID in form of their static IP address.
(DIR) Post #AQ4wbSoby9KChoVUeG by gd2@chaos.social
2022-11-28T21:08:07Z
0 likes, 0 repeats
@cherti @dusnm @bjoerns @adam I agree, this is a big advantage of a centralized system (there are ways of having that decentralized as well, but they involve way more pain). It is just... kind of moot since with Signal you can track via address book uploads anyway?
(DIR) Post #AQ4wbTI2CkrQB4GzVg by cherti@chaos.social
2022-11-28T21:11:23Z
0 likes, 0 repeats
@gd2 @dusnm @bjoerns @adam Signal doesn't track you via address book uploads, they go to great lengths to make sure that is not a problem.But yes, WhatsApp still does that if people give it access to their contacts. But WhatsApp would realistically and effectively be the platform of choice for most people anyways if not for Signal.So starting with the same identifier and now offering usernames as well seems to me like a very smart and effective move to advance private messaging.
(DIR) Post #AQ4wbTnwI8Nhm1CTEu by gd2@chaos.social
2022-11-28T21:28:18Z
0 likes, 0 repeats
@cherti @dusnm @bjoerns @adam I concede that point, Signal might move more people off Whatsapp with the way they operate, and that would be a net improvement. I don't know if they can actually survive enough growth to really challenge Whatsapp, but I also don't want to claim that they won't.Still don't want to put my phone number in too many address books though, so I hope the username support comes around sooner than later^^
(DIR) Post #AQ4wbUKuJYkjQGcncu by cherti@chaos.social
2022-11-28T21:29:37Z
0 likes, 0 repeats
@gd2 @dusnm @bjoerns @adam First half of 2023 is the official plan, if no breaking bugs surface.
(DIR) Post #AQ4wbUxXztf3M6her2 by adam@hax0rbana.social
2022-11-29T00:12:40Z
0 likes, 0 repeats
@cherti @gd2 @dusnm @bjoerns Oh, if I had a nickel for every time I heard username are coming to signal soon, or "the protocol doesn't prohibit usernames" or how it is such a small and easy change to switch from to usernames... 💰I've been hearing that one for so many years...
(DIR) Post #AQ50mUSwZYZ0pJsxYu by cherti@chaos.social
2022-11-29T00:59:33Z
0 likes, 0 repeats
@adam @gd2 @dusnm At the same time you have privacy issues that inherently come with decentralization, it in the end boils down to which tradeoff you want to take. Given that the majority of people with neither be able to self-host nor will personally know their server admin, having a trustless-system design seems to be advantageous over something where the server keeps substantial state. But that certainly depends on what you want to achieve.
(DIR) Post #AQd4eFIs4H9Ifx8Tc8 by megfault@ciberlandia.pt
2022-12-15T11:23:07Z
0 likes, 0 repeats
@adam Shadiest security project ever IMO.
(DIR) Post #AQso2dc8k7YqKgYKVU by Sh4d0w_H34rt@mstdn.social
2022-12-23T01:32:23Z
0 likes, 0 repeats
@adam its why I switch to @session instead.
(DIR) Post #AQsp2psnEE38Ky04oK by drwho@hackers.town
2022-12-23T01:41:41Z
0 likes, 0 repeats
@moanos @adam @matrix Which some researchers found a pretty major flaw in the protocol earlier this month, and were utterly ignored.
(DIR) Post #AQsp2qPlFeQ9zDQPCK by feld@bikeshed.party
2022-12-23T01:43:22.003609Z
0 likes, 0 repeats
@drwho @moanos @adam @matrix in Matrix's protocol?
(DIR) Post #AQsqNOjDU10e9dtD4y by climatepenguin@masto.ai
2022-12-23T01:58:33Z
0 likes, 0 repeats
@adam @dusnm Matrix is actually less secure than Signal. While they use the same encryption, Signal is designed to leak as little information as possible and limit the need to trust the Signal server. On Matrix, only the message content is encrypted and everything else (reactions, profile pics, timestamps, contacts, etc) is not. Matrix homeserver admins can see this and have a lot of power over your account. Matrix is great for public rooms but not for private DMs.
(DIR) Post #AQt4ZbXn3jBujdGAOu by andi@circus.town
2022-12-23T04:37:38Z
0 likes, 0 repeats
@adam I think they are about to remove the required phone number verification. So, at least sth goes into the right direction
(DIR) Post #AQtI9izM9l6VeYhuZU by michael@edegem.social
2022-12-23T07:09:51Z
0 likes, 0 repeats
@adam insightful. Would you recommend other secure messaging software instead?
(DIR) Post #AQtJtyGPnPJAIrInNg by violet_cerue@toot.garden
2022-12-23T07:29:25Z
0 likes, 0 repeats
@adam @rechelon had an old birdsite thread covering moxie's critiques that seems relevant here. https://nt.catgirl.cloud/rechelon/status/1482194932286775297
(DIR) Post #AQtTrI2co21CJbDDeK by satan@hell.social
2022-12-23T09:21:03.210Z
0 likes, 0 repeats
@drwho@hackers.town "Ignored"@moanos@chaos.social @adam@hax0rbana.social @matrix@mastodon.matrix.org
(DIR) Post #AQtTruVJnnY7bavfeK by drwho@hackers.town
2022-12-23T02:12:21Z
0 likes, 0 repeats
@feld @moanos @adam @matrix https://nebuchadnezzar-megolm.github.io/
(DIR) Post #AQtTruvCFaFWtr2KzA by matrix@mastodon.matrix.org
2022-12-23T09:19:47Z
2 likes, 2 repeats
@drwho @feld @moanos @adam they weren’t ignored; the implementation vulnerabilities were very legit and we fixed them: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients.
(DIR) Post #AQtU2U5oL6vgsS2Yy0 by selea@social.linux.pizza
2022-12-23T09:22:59Z
0 likes, 0 repeats
@drwho @moanos @adam @matrixIt was ignored? Really?/s
(DIR) Post #AQtUtwi0fybcybOrbc by stevelord@bladerunner.social
2022-12-23T09:32:39Z
0 likes, 0 repeats
@adam I love it how techbros come out to defend signal and just disregard all the shady shit they've done. Then there's the everything-else-ishworse-why-bother arguments and there-are-alternatives-dont-complain guys.
(DIR) Post #AQtV2cLFlm4aPotHpQ by stevelord@bladerunner.social
2022-12-23T09:34:14Z
0 likes, 0 repeats
@adam I love it how techbros come out to defend signal and just disregard all the shady shit they've done. Then there's the everything-else-is-worse-why-bother arguments and there-are-alternatives-dont-complain guys.
(DIR) Post #AQtWaTpu02odprwBCC by giffengrabber@mastodon.se
2022-12-23T09:51:34Z
0 likes, 0 repeats
@adam Signal is an application for secure messaging.The Fediverse is a system mostly used for public communications, and it’s not E2EE.Very different types of systems IMO.If STF wants to use Fedi for announcing new blog posts, it’s not weird at all. Not in my book at least.
(DIR) Post #AQuSX7M4vDXwaJ5YKO by drwho@hackers.town
2022-12-23T20:37:35Z
0 likes, 0 repeats
@matrix @feld @moanos @adam Thank you for correcting me. I completely missed that in the end of year crush at work, and apologize.
(DIR) Post #AQukmixTC9hqj9AZcW by matrix@mastodon.matrix.org
2022-12-24T00:02:53Z
0 likes, 0 repeats
@drwho @feld @moanos @adam it's all good. the remaining controversy on this is over whether it's a feature or a bug that matrix only warns rather than prohibits if a malicious server adds malicious devices/users to a room. we think that a warning is just about adequate; actually prohibiting is non-trivial in a decentralised network, but we're working on that too: https://github.com/matrix-org/matrix-spec-proposals/blob/fayed/cryptographic-membership/proposals/3917-cryptographic-membership.md