Post AsPkuiIlYNBsD4ADMe by matthew_d_green@ioc.exchange
(DIR) More posts by matthew_d_green@ioc.exchange
(DIR) Post #AsPkuiIlYNBsD4ADMe by matthew_d_green@ioc.exchange
2025-03-25T09:31:38Z
0 likes, 1 repeats
You should use Signal. Seriously. There are other encrypted messaging apps out there, but I don’t have as much faith in their longevity. In particular I have major concerns about the sustainability of for-profit apps in our new “AI” world.
(DIR) Post #AsPkuj0iuwLuPOjJse by matthew_d_green@ioc.exchange
2025-03-25T09:33:17Z
0 likes, 0 repeats
I have too many reasons to worry about this but that’s not really the point. The thing I’m worried about is that, as the only encrypted messenger people seem to *really* trust, Signal is going to end up being a target for too many people.Signal was designed to be a consumer-grade messaging app. It’s really, really good for that purpose. And obviously “excellent consumer grade” has a lot of intersection with military-grade cryptography just because that’s how the world works. But it is being asked to do a lot!Right now a single technical organization is being asked to defend (at least) one side in a major regional war, the political communications of the entire US administration, the comms of anyone opposed to them globally, big piles of NGOs, and millions of “ordinary” folks to boot.(There is no such thing as “ordinary user” cryptography BTW. Those ordinary users include CEOs, military folks, people doing many-million-dollar crypto trades through the app, etc. It’s a lot to put on one app and one non-profit.)On top of this, it’s only a matter of time until governments (maybe in the US or Europe) start putting pressure on the infrastructure that Signal uses — which is mostly operated by US companies. I’m not sure how this will go down but it’s inevitable.
(DIR) Post #AsPkujcIfEPUHwJKS0 by binaykia@mastodon.social
2025-03-25T09:49:41Z
0 likes, 0 repeats
@matthew_d_green Let me introduce you to @simplex
(DIR) Post #AsPkukO9nIgugMhY2q by Adam@social.lein.us
2025-03-25T13:29:37Z
0 likes, 0 repeats
@binaykia @matthew_d_green @simplex Yeah, SimpleX checks all the trustworthy boxes. Signal doesn't deserve much trust since it's centralized, depends on phone numbers, can't be self-hosted, and the server isn't even open source anymore.
(DIR) Post #AsPkunGT6LK7bO7wye by matthew_d_green@ioc.exchange
2025-03-25T09:34:06Z
0 likes, 1 repeats
I guess my takeaway (1) is: no matter what people say, actual privacy is one of the most valuable services in the entire world, (2) network effects ensure a winner, yet (3) it is a totally unstable balancing act for for-profit companies to provide this, long term.
(DIR) Post #AsPkurvNmAQa3RIgIy by matthew_d_green@ioc.exchange
2025-03-25T09:34:32Z
0 likes, 0 repeats
So there is one Signal Foundation doing the work that a dozen companies should be doing. No idea what to do about any of that.
(DIR) Post #AsPpevlWE9fn6WuFAO by triskelion@fosstodon.org
2025-03-25T14:22:48Z
0 likes, 0 repeats
@Adam @binaykia @matthew_d_green > server isn't even open source anymoreCitation needed
(DIR) Post #AsPvwNpdjI6GnaXTtY by link2xt@fosstodon.org
2025-03-25T15:21:38Z
0 likes, 0 repeats
@triskelion Just search for aws in the source code: https://github.com/search?q=repo%3Asignalapp%2FSignal-Server%20aws&type=codeIt depends on DynamoDB and Amazon SQS, both are proprietary SaaS only available in AWS "cloud".@Adam @binaykia @matthew_d_green
(DIR) Post #AsPvwOUPHii4q1c2RE by Adam@social.lein.us
2025-03-25T15:33:11Z
0 likes, 0 repeats
@link2xt @triskelion @binaykia @matthew_d_green Also, just try to open the "spam-filter @ e73138e" folder in https://github.com/signalapp/Signal-Server - That module is closed-source and you can't access it.