Post Auwt3lV3QeDB5zvca8 by mjg59@nondeterministic.computer
(DIR) More posts by mjg59@nondeterministic.computer
(DIR) Post #AuovK5OTsPj04a5IRM by mjg59@nondeterministic.computer
2025-06-05T11:12:20Z
2 likes, 4 repeats
Twitter's new encrypted DM system stores your private key material on Twitter-owned services, protected with nothing more than a 4-digit PIN. If hostile, or if legally compelled to, Twitter could easily decrypt all your messages. It's also MITMable and doesn't secure metadata. Use Signal.https://mjg59.dreamwidth.org/71646.html
(DIR) Post #AuovK6gx3E5s69jYrw by stux@mstdn.social
2025-06-05T12:37:42Z
0 likes, 0 repeats
@mjg59 tl;dr - no. Use Signal. Twitter can probably obtain your private keys, and admit that they can MITM you and have full access to your metadata.yup
(DIR) Post #Aup4TsQ5rr1OJma9r6 by Zergling_man@sacred.harpy.faith
2025-06-05T14:20:46.779627Z
0 likes, 0 repeats
@mjg59 >use Signal>Signal>Signal>SignalYou're retarded
(DIR) Post #Aup557qrSJOstRrdeC by mjg59@nondeterministic.computer
2025-06-05T14:21:36Z
1 likes, 0 repeats
@Zergling_man you're having your DMs stolen by the NSA
(DIR) Post #Aup57Ef16wlQaeKWsC by Zergling_man@sacred.harpy.faith
2025-06-05T14:27:37.133256Z
0 likes, 0 repeats
@mjg59 And yet I'm not, because I actually use good chat protocols, written for a more refined age, instead of foan-centric shit lmaoObviously I don't use twitter because twitter has always been a steaming pile of shit; I tried it back in like 2013 or something and it was hot garbage then too. It hasn't changed a bit.
(DIR) Post #Aup5NQdeLSEIN9Pc8G by mjg59@nondeterministic.computer
2025-06-05T14:28:50Z
1 likes, 0 repeats
@Zergling_man all the chat protocols from a more refined age are shit
(DIR) Post #Aup5OkWNuH8oKMdyC0 by Zergling_man@sacred.harpy.faith
2025-06-05T14:29:07.741153Z
0 likes, 0 repeats
@mjg59 lol yeah you're a nigger
(DIR) Post #Aup6WGDGZmm6bAqYls by sally@freesoftwareextremist.com
2025-06-05T14:43:20.126190Z
0 likes, 1 repeats
@Zergling_man @mjg59 > Don't use shit A, use shit B instead.It's funny how you can easily tell when some clown hails from Mastodon by just seeing how they're shilling the current bullshit NPC product.
(DIR) Post #Aup6XVVhBeGiKd3rge by Zergling_man@sacred.harpy.faith
2025-06-05T14:43:44.065653Z
0 likes, 0 repeats
@sally @mjg59 I don't even think signal is the current one? This mastodong didn't update his programming.
(DIR) Post #Aup6gSCOrpbafVInAG by JackNicholsonsCreamyDementia@sacred.harpy.faith
2025-06-05T14:44:36.689082Z
1 likes, 0 repeats
@Zergling_man @mjg59 LOL USE SIGNAL. This was the advice I got from an IBM exec. I'm like, yeah, right. THen pointed out that it's not secure. And, he goes yes. But, it's still more secure than anything else we use. Point is. If the NSA can snoop on you. You can snoop on the NSA.
(DIR) Post #Aup6laMfw0m5RSYUKW by Zergling_man@sacred.harpy.faith
2025-06-05T14:46:23.346964Z
0 likes, 0 repeats
@JackNicholsonsCreamyDementia @mjg59 >But, it's still more secure than anything else we useIn which sense? "more than anything else publicly available" or "more than anything else popular"?I believe the latter because it's a pretty low bar.
(DIR) Post #Aup6wKzLRZQqwFlm4G by JackNicholsonsCreamyDementia@sacred.harpy.faith
2025-06-05T14:47:59.052563Z
1 likes, 0 repeats
@Zergling_man @mjg59 Public. But, you'd be surprised at the fact that a lot of people who SHOULDN"T be using public tech, still use it.That's why people get annoyed with things like Hilary Clinton. But, how can you prosecute someone who can turn around and say you're doing the same thing. Sure they have better security on systems when they're doing ACTUAL work. But, the issue is, when you're off the clock, people get complacent.
(DIR) Post #Aup7AshStx5BY0LEQa by Zergling_man@sacred.harpy.faith
2025-06-05T14:50:45.758826Z
0 likes, 0 repeats
@JackNicholsonsCreamyDementia @mjg59 Yeah I don't believe that. Signal requires a foan number to register, which automatically rules out any possibility of anything approaching security.>Sure they have better security on systems when they're doing ACTUAL work. But, the issue is, when you're off the clock, people get complacent.If the system wasn't designed to actively work against the users at every turn, they wouldn't find it tedious to use and wouldn't "get complacent".Certainly some amount of tedium is an inherent part of keeping things secure but it's a really marginal value compared to what we actually deal with just because computing is still rife with people that never learned how to use public keys.
(DIR) Post #Aup7hSPDgSjjYNLBR2 by JackNicholsonsCreamyDementia@sacred.harpy.faith
2025-06-05T14:56:47.354547Z
1 likes, 0 repeats
@Zergling_man @mjg59 Yeah, I wouldn't trust it either.If you wanted a botnet of dumb ass computers that would be true. But, if you're doing wet work on feds. You're looking for complacency, gullibility, out going, too friendly, too trusting.
(DIR) Post #Aup84fMpewr6PgI5zs by Zergling_man@sacred.harpy.faith
2025-06-05T15:00:49.986163Z
0 likes, 0 repeats
@JackNicholsonsCreamyDementia @mjg59
(DIR) Post #Aup8S5C3nuzZAkPznM by JackNicholsonsCreamyDementia@sacred.harpy.faith
2025-06-05T15:05:10.656217Z
1 likes, 0 repeats
@Zergling_man @mjg59 Sounds like IRC shenanigans. Man, those guys are out of control. I'm amazed they aren't all in prison. Many of those guy are serial killers. 20 + years of getting away with MURDER.
(DIR) Post #Aup8XVJ68sGbbsIMPg by Zergling_man@sacred.harpy.faith
2025-06-05T15:06:13.900303Z
1 likes, 1 repeats
@JackNicholsonsCreamyDementia @mjg59 To be fair that's not that much of an achievement these days. Again, CIA is the world's largest terrorist organisation.
(DIR) Post #Aup8gmOdyPMFDaJPO4 by JackNicholsonsCreamyDementia@sacred.harpy.faith
2025-06-05T15:07:42.331029Z
1 likes, 0 repeats
@Zergling_man @mjg59 Of course, but, that's just smart business when you're at the top of the pile. When anyone else does it, it's a crime that needs punishing.
(DIR) Post #Aup9197zAVU9VfERGq by JackNicholsonsCreamyDementia@sacred.harpy.faith
2025-06-05T15:10:25.519635Z
1 likes, 0 repeats
@Zergling_man @mjg59 It's kinda like the respect given to soldiers. "Thank You for your service." What they mean is, thank you for being a useful psychotic muderer. That can be manipulated by some colours, a rifle, and a code of conduct into believing you're doing something 'for the greater good'. It's all BS. Everything has always been a lie. I doubt humanity has said anything truthful about the nature of reality in nigh 2000 years that means anything practical for the average citizen.
(DIR) Post #Aup92Q5vZVmOQ9sPWy by Zergling_man@sacred.harpy.faith
2025-06-05T15:11:47.180522Z
1 likes, 0 repeats
@JackNicholsonsCreamyDementia @mjg59 There's nothing new under the sun.
(DIR) Post #AupSfG1YqTn7bw4Cye by waltercool@pl.slash.cl
2025-06-05T18:51:52.413885Z
0 likes, 0 repeats
@mjg59 Weirdos who only care about doing things with Rust lmao
(DIR) Post #Ausz7WcsUepbDTvMpc by thanius@mastodon.chuggybumba.com
2025-06-05T15:03:48Z
0 likes, 0 repeats
@mjg59 Signal is still centralized though. I would use Signal if I could roll my own server.
(DIR) Post #Ausz7Y0fLhSBVY3sY4 by contrapunctus@fe.disroot.org
2025-06-07T10:14:26.730483Z
0 likes, 1 repeats
@thanius @mjg59 Look into #XMPP.Projects like Quicksy and Prāv use phone numbers and allow easy onboarding and contact discovery. Unlike Signal, there’s no lock-in - you can choose other servers which don’t need a phone number, or host your own server (for which see Snikket, which allows for easy hosting of a private server, and provides rebranded clients and easy invitation-based onboarding), and still talk to Quicksy/Prāv users.Servers on the XMPP network are also smaller and less convenient targets for backdoors, corporate takeovers, lawsuits, DDoS attacks, etc than the centralized servers of Signal etc. And since you can self-host it, you can actually trust that the server is running the code it has published.For more information, please read The Quick and Easy Guide to XMPP. And if anybody is thinking of sharing any OMEMO FUD from a certain Signal fanboy…read this first.http://moparisthebest.com/against-silos-signal/
(DIR) Post #Auwt3lV3QeDB5zvca8 by mjg59@nondeterministic.computer
2025-06-07T10:54:20Z
0 likes, 0 repeats
@contrapunctus @thanius you're trading off centralised server infrastructure for contact discovery that's less privacy preserving (quicksy has a list of every Jabber ID and phone number combo!), which may be worth it for some use cases but certainly isn't for all!
(DIR) Post #Auwt3mjGrHB4uNaUNc by debacle@framapiaf.org
2025-06-09T08:17:24Z
1 likes, 0 repeats
@mjg59 @contrapunctus @thaniusYes, that are different trade-offs, depending on personal preferences.E.g. for me, the most important aspect is (relative!) #digitalSovereignty from #bigTech (Signal is on AWS/Google).I also need a good client for my Linux OS (Signal only has firstclass clients for Android/iOS).Finally, I feel uncomfortable using my phone number as id.In return, I'm accepting more private data to be stored on the #Jabber server run by my local Internet club.#XMPP