Posts by alex@phx.social
(DIR) Post #9leVfocudyrVvS63U0 by alex@phx.social
2019-08-07T16:29:55Z
0 likes, 0 repeats
@cassidyjames They are completely serving the implementation, not the goal. Hugely partial whether they boost AMP sites, or deprioritize non-AMP sites. Unless I missed something, the goal behind AMP was to provide cutting edge performance to all devices and networks. That's end is something I'm okay with encouraging via search prioritization.
(DIR) Post #9lfI44Vs1egHwjR104 by alex@phx.social
2019-08-08T04:26:48Z
0 likes, 0 repeats
@emacsen I’m struggling to get my friends to migrate over. The moment I jumped in here, there was no more being okay with using Twitter.
(DIR) Post #9lfJ7BJjHggTs7np3I by alex@phx.social
2019-08-08T04:38:34Z
0 likes, 0 repeats
@emacsen That’s what I’m doing now! Hoping that after a while it hits a critical mass for network effect. In other words, it *feels* like a happening place for people they know.
(DIR) Post #9ltKCeXaWgu5pXFAQK by alex@phx.social
2019-08-14T22:56:43Z
0 likes, 0 repeats
@amolith Yikes! Are burner laptops a thing?
(DIR) Post #9ltO7NSd09mxE5fCW8 by alex@phx.social
2019-08-14T23:40:32Z
0 likes, 0 repeats
@amolith The more I become aware of the infringements on my privacy and try to be more anonymous, the more I realize how inconvenient it is. The path of least resistance is to give up and be an open book.
(DIR) Post #9ltOlWLFOxnyLyLx4a by alex@phx.social
2019-08-14T23:47:46Z
0 likes, 0 repeats
@amolith As I convert my friends over to more private alternatives, things do get easier. I've got a decent number of friends on signal now, so that makes me happy. Trying to get more on my mastodon instance!
(DIR) Post #9ltPvrbzH76VAfg9L6 by alex@phx.social
2019-08-14T23:59:01Z
0 likes, 0 repeats
@amolith If I'm reading this right, the issues are:- signal can know when are who you're talking to- signal can be shut down because it's centralized- google play store code injection? (not on android myself)Given these, I still see this as much better than iMessage and SMS. My messages are still encrypted using the signal protocol, and that's substantial.
(DIR) Post #9ltRAhZD0HZCJd1CPw by alex@phx.social
2019-08-15T00:14:00Z
0 likes, 0 repeats
@amolith That sounds like a good summary. What are your preferred alternatives for secure chat on mobile/desktop clients?
(DIR) Post #9ltRurp7CaqBRkTJYW by alex@phx.social
2019-08-15T00:23:05Z
0 likes, 0 repeats
@amolith Thanks for all the info!
(DIR) Post #9lugxtdsDny7et0Tku by alex@phx.social
2019-08-15T14:46:29Z
0 likes, 0 repeats
@amolith Wire looks pretty legit. To a security layman, looks like all guts of the signal protocol are there.https://wire-docs.wire.com/download/Wire+Security+Whitepaper.pdf
(DIR) Post #9luvxFWirt2oYUoNGq by alex@phx.social
2019-08-15T17:34:26Z
0 likes, 0 repeats
@amolith @Mikoto @triF5 It’s my understanding that a single shared secret leaves backdoor vulnerabilities. Some protocols require the triple diffie hellman key exchange with each user in the group. I believe this has a factorial growth effect on the computational work to connect.
(DIR) Post #9luwf42WwCHrfea7vM by alex@phx.social
2019-08-15T17:38:29Z
0 likes, 0 repeats
@Mikoto @amolith That electron argument is becoming less and less true or significant. But it does still highly depend on who’s building the app. Some apps stay up to date with electron releases and use good architecture, some most definitely do not.
(DIR) Post #9luwrw3rudW0gtLSng by alex@phx.social
2019-08-15T17:37:05Z
0 likes, 0 repeats
@Mikoto @triF5 @amolith I believe a shared secret has to pass through the central server, which is a complete fail for e2e.
(DIR) Post #9luxZaIICiuXvEuByC by alex@phx.social
2019-08-15T17:49:50Z
0 likes, 0 repeats
@Mikoto @amolith They might be a poorly implemented electron app then haha. Your constraints sound like you do need more native solutions. Good crypto will be slow since it has to be computationally intense enough to be strong against today’s powerful systems. And wire uses double ratchet (like signal), which means it has to decrypt messages in order to derive the key that unlocks the next message in the sequence.
(DIR) Post #9luxeGQpTm3Jlh86XQ by alex@phx.social
2019-08-15T17:50:58Z
0 likes, 0 repeats
@Mikoto @triF5 @amolith The server becomes the vulnerability and has a privileged view into the secret.
(DIR) Post #9luyHsvaHlxwSIPLSC by alex@phx.social
2019-08-15T17:57:25Z
0 likes, 0 repeats
@Mikoto @triF5 @amolith Ah, I misunderstood. Are you thinking of peer to peer exchange? Otherwise it's back to diffie hellman and maybe there's a way to do that without doing it for each group member.
(DIR) Post #9luyN72BGXl1eZzBia by alex@phx.social
2019-08-15T17:59:07Z
1 likes, 0 repeats
@Mikoto @amolith You know, I got that from signal. I didn't read the wire white paper close enough to know for sure they do the same.
(DIR) Post #9luyR8I4XLQ8hyKtYe by alex@phx.social
2019-08-15T18:01:34Z
1 likes, 0 repeats
@Mikoto @triF5 @amolith I think one point here might be that there isn't group consensus to add a member, but that's getting into the weeds.
(DIR) Post #9luzZwc3QJrj3DRqBk by alex@phx.social
2019-08-15T18:08:10Z
1 likes, 0 repeats
@Mikoto @amolith I'm stretching a bit here (not a crypto dev), but it looks like double ratchet is what dictates the new key for each R/W.
(DIR) Post #9lyTbTJs8KykAx6PBo by alex@phx.social
2019-08-14T16:48:15Z
0 likes, 0 repeats
I know OOP is quite out of vogue in the #javascript twitter bubble, but using classes just as structural factories is quite nice. With class property syntax, the tooling is amazing with or without using a type system on top.