Post AyvdHTSmcCTSWmn5nM by lrvick@mastodon.social
(DIR) More posts by lrvick@mastodon.social
(DIR) Post #AyRvJRQaJdvLoTQPPE by lrvick@mastodon.social
2025-09-19T17:34:03Z
0 likes, 0 repeats
A communications tool must have censorship resistance (decentralization), anonymous signup without requiring a phone, and have an official way to obtain binaries signed by the community instead of by corpos that can be forced to insert backdoors.Signal fails on every single one of these criteria and that is why we must stop recommending it to our friends and family who have a very limited tolerance for technology changes.Choose decentralization.Use matrix, or make something better.
(DIR) Post #AyRvJSwAhgmiUjD9HM by vitSkalicky@fosstodon.org
2025-09-20T10:47:19Z
0 likes, 0 repeats
@lrvick I would love to use matrix everywhere, but last time I tried, I got the dreaded "unable to decrypt message" and could not read messages from my friend anymore. That's intolerable UX :(. I've been waiting too long for matrix to get good.Signal is centralized, but has better security and apps you actually want to use.
(DIR) Post #AyRvJU5mPS444oiKtU by lrvick@mastodon.social
2025-09-20T19:30:58Z
0 likes, 0 repeats
@vitSkalicky You would rather have a central party have control of the network and binaries to thus have total access to your messages and metadata in plain text, so long as it never has bugs?I maybe get "unable to decrypt message" about once a month these days, as a power user, and then I just refresh and when their client is online to re-sync keys again later, it works again.Decentralized protocols take the most time to mature and update but they are worth it, always.
(DIR) Post #AyRvJV8eWFxNK1490i by vitSkalicky@fosstodon.org
2025-09-21T12:24:03Z
0 likes, 0 repeats
@lrvick Signal is using reproducible builds, so you can verify that the binaries match the source code. And I rather have my messages properly encrypted on a centralized server than using a decentralized network that leaks my messages to hackers because of a bug.As I said, I'm big fan of decentralized protocols (email, XMPP, Matrix) but they need to work. Matrix does not :(.
(DIR) Post #AyRvJVu9fdxDhLI53I by lrvick@mastodon.social
2025-09-21T17:42:30Z
1 likes, 0 repeats
@vitSkalicky Signal disabled those reproducible builds for a year so they could work on mobilecoin secretly, and no one noticed. They also mandate you get signed binaries from google play or the app store. They can easily ship you a binary different from the reproducible one.Also I send end to end encrypted messages to my firends and family directly and via group chats every day. It has been my exclusive personal messaging system in my circles for years.What does not work exactly for you?
(DIR) Post #AyRvJWt80wj8kRom5g by lrvick@mastodon.social
2025-09-21T17:45:23Z
1 likes, 0 repeats
@vitSkalicky By the way the right way to do reproducible builds on mobile is to do a build and submit signed hashes to f-droid, then let the f-droid team build from source and get he same binary and sign it. Then you can verify both signatures match for the same hash confirming independent third parties built the binary.Moxie refused to do this, claiming he won't get as good of usage tracking from open platforms as Googles surveillance capitalism driven system does.
(DIR) Post #AyVscv8fMOhle66jaa by vitSkalicky@fosstodon.org
2025-09-22T08:42:38Z
0 likes, 0 repeats
@lrvick Let me check those reproducible builds... I don't get why they would need to disable them for mobile coin...Element X is getting better now, but it is still a bit clumsy. I was chatting with my friend when suddenly none of us could decrypt each other's messages. If it was a chat between my mom and and granpa, they would have no idea what to do and they would go back to WhatsApp :( unacceptable.Also Element Desktop is warning about some problem with libsecret every time I start it :(
(DIR) Post #AyVscwNakOEpUg6AUa by lrvick@mastodon.social
2025-09-23T08:00:21Z
0 likes, 0 repeats
@vitSkalicky Never used element X or element desktop so cannot speak to that, but weechat-matrix and web clients have always been reliable for me.
(DIR) Post #AyVscxkJfO0fjRjpYG by lrvick@mastodon.social
2025-09-23T08:03:04Z
0 likes, 0 repeats
@vitSkalicky I am the one that went viral for publicly calling out moxie for this blatant corruption, and the only response we got from the signal foundation was Moxie stepping down, and being replaced by the founder of WhatsApp.Centralized power has been abused as long as humans have been a thing. We are all greedy bastards, and it is why no one should have control over something as fundamental as the ability for humans to privately communicate with other humans.
(DIR) Post #AyVscyPnBBBdo58xCS by lrvick@mastodon.social
2025-09-23T08:10:12Z
0 likes, 0 repeats
@vitSkalicky Signal is thus a centralized chat app that requires you agree to the Google or Apple terms of service to use it via official channels, and it has a history of blatant financial corruption and going closed source without warning.These facts make Signal a complete non starter, and thus Matrix is kind of the only option that exists making it easier to look past bugs and UX shortcomings.And thus we are left with matrix, and working through any bugs along the path to it maturing.
(DIR) Post #AyVsczINuCr6XOgYIC by vitSkalicky@fosstodon.org
2025-09-23T10:58:25Z
0 likes, 0 repeats
@lrvick You can use Signal's self-updating APK from their website on a de-googled custom ROM.The UX bugs and shortcomings of Matrix are so severe in my experience that you cannot look past them. Matrix is not something I would install on my grandpa's phone and expected it to work.Also, you are ignoring XMPP. Why don't you use that?
(DIR) Post #AyVsd04wzdhgy1PKzY by lrvick@mastodon.social
2025-09-23T21:30:19Z
0 likes, 0 repeats
@vitSkalicky sideloading an apk requires disabling signature verification which no one should do.The non google/apple option that is signed and reasonably safe is f-droid where you push your signature, and they build it and push a second signature.This is the practical solution for end users that do not have the time or experience to reproduce every release by hand.Moxie made it a policy to never allow this, for fear it would hurt google/apple usage tracking stats, by his own admission.
(DIR) Post #AyVsd0svzngbT2nFtw by vitSkalicky@fosstodon.org
2025-09-23T21:35:38Z
0 likes, 0 repeats
@lrvick wtf are you talking about? All app installs on Android are TOFU (trust on first use). And how do you install F-Droid? By sideloading it! Most of your claims are half-trues of completely wrong, so I'm ending the discussion here. If you want to discuss further, support your claims by evidence first.
(DIR) Post #AyVsd1p4VeBsNLzgWG by lrvick@mastodon.social
2025-09-23T21:37:28Z
1 likes, 0 repeats
@vitSkalicky I have never supported sideloading f-droid. I only promote roms that ship with it as the standard system-wide package manager in place of Google Play so users never have to disable signing and risk getting tricked.
(DIR) Post #AyvdHOL9f8OwdgBQi8 by tuskun@mas.to
2025-10-05T16:54:16Z
0 likes, 0 repeats
@lrvick Use XMPP!
(DIR) Post #AyvdHPrS0XpTM8Ijgm by lrvick@mastodon.social
2025-10-05T21:45:02Z
0 likes, 0 repeats
@tuskun I was a big fan of XMPP, but it is worlds behind matrix in terms of UX, feature parity with proprietary alternatives, mobile battery efficiencies, and end to end encryption support.Also the open source community sets up their shops in either Matrix or Discord these days, and Discord is a closed source arm of surveillance capitalism that is a clear choice trying to ward off any interest by people that care about security or privacy at all.Matrix is the only viable popular option.
(DIR) Post #AyvdHR6jNDe7DoSS92 by tuskun@mas.to
2025-10-05T22:01:40Z
0 likes, 0 repeats
@lrvick metadata?
(DIR) Post #AyvdHS4dmTZIDcUIWe by lrvick@mastodon.social
2025-10-05T22:04:41Z
0 likes, 0 repeats
@tuskun What about metadata? XMPP has just as many metadata problems as all other chat protocols (including Signal, which uses SGX to protect metadata which is complete security theater)
(DIR) Post #AyvdHSltBgAANkipw8 by tuskun@mas.to
2025-10-06T07:52:45Z
0 likes, 0 repeats
@lrvick I dont trust Matrix. Sadly, XMPP...
(DIR) Post #AyvdHTSmcCTSWmn5nM by lrvick@mastodon.social
2025-10-06T07:54:55Z
1 likes, 0 repeats
@tuskun Matrix is a fully open platform and can be self hosted. What is the basis of your distrust?