Conversation

Notices

1. Embed this notice
   🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Friday, 10-Jan-2025 23:54:01 JST 🌱@ambiguous_yelp:ahimsa.chat

   • Joe Lanman

   @joelanman Signal is centralised and was nearly backdoored by the uks online safety bill and saved by signal threatening to walk. Matrix *is decentralised but with no quantum secure e2ee like signal nor its metadata privacy or secret group chats. SimpleX has the best of both worlds and more. more decentralised than matrix. quantum-secure e2ee, metadata privacy, ip protection, tor support, no persistent id basically "a burner phone for every contact" dms need invites so less spam than matrix

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Friday, 10-Jan-2025 23:54:00 JST Rich Felker

     in reply to

     • Joe Lanman

     @ambiguous_yelp @joelanman This is false and outright FUD. Signal was not "nearly backdoored". Their position has always been that if UK or anyone tried to mandate backdoors they'd be treated like any other rogue state needing circumvention. Centralization is only minimally relevant because the central servers have no access to any information beyond minimal metadata. Any attempt to subvert would have to be via shipping malicious clients, and the clients are all open source and under heavy scrutiny, and there's no mandate to update client until long after there's been time to review/inspect new version.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 11-Jan-2025 00:20:53 JST Rich Felker

     in reply to

     • Joe Lanman

     @ambiguous_yelp @joelanman No, "withdraw" means have no legal presence there and be an outside party assisting people under a draconian regime with private communication. Just like they already do in lots of other places that try to block Signal.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Saturday, 11-Jan-2025 00:20:54 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • Joe Lanman

     @dalias @joelanman So Signal is safe because if the UK tries to backdoor it they will withdraw from the UK leaving the vast majority of UK activists that rely on it high and dry? Also you're trusting Signal LLC that theyll stick to their principles and leave entire markets, its a bit naive, SimpleX users don't have to worry about it at all. Yes signals open source and you could check if they added a backdoor, but that wouldnt negate the network effect, how long would it take to remigrate?

     Rich Felker repeated this.
   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 11-Jan-2025 00:23:02 JST Rich Felker

     in reply to

     • Joe Lanman

     @ambiguous_yelp @joelanman AFAICT SimpleX comes from coinbro asshats and has not been reviewed by any real cryptographers. It's probably not secure.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Saturday, 11-Jan-2025 00:23:04 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • Joe Lanman

     @dalias @joelanman If simplex gets backdoored you can just swap the client for a fork and the network ie contacts and usergroups can remain pretty much unchanged because its a trustless decentralised model. You cannot make a decentralised signal bc it has a single point of failure, signals servers. As for signal only collecting "minimal data" I explained in the thread how correlation of contacts is performed and SimpleX protects against this.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 11-Jan-2025 00:24:20 JST Rich Felker

     in reply to

     • Joe Lanman

     @ambiguous_yelp @joelanman Yes, one of the many flaws in using phone numbers, that's now fixed with usernames if you block access to your phone number.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Saturday, 11-Jan-2025 00:24:22 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • Joe Lanman

     @dalias @joelanman I literally know someone whos friends got arrested bc their signal group chat was leaked by the initial arresstee exposing everyone elses phone numbers

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 11-Jan-2025 00:25:46 JST Rich Felker

     in reply to

     • Joe Lanman

     @ambiguous_yelp @joelanman Thanks, I'll take a look.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Saturday, 11-Jan-2025 00:25:47 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • Joe Lanman

     @dalias @joelanman yes it has https://simplex.chat/blog/20241014-simplex-network-v6-1-security-review-better-calls-user-experience.html

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 11-Jan-2025 00:27:17 JST Rich Felker

     in reply to

     • Joe Lanman

     @ambiguous_yelp @joelanman Well trusting that they didn't store it. Things will be better when you can finally create account without phone number.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Saturday, 11-Jan-2025 00:27:19 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • Joe Lanman

     @dalias @joelanman Now you're just trusting that a centralised organisation wont leak your phone number when pressured by authorities

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 11-Jan-2025 00:32:08 JST Rich Felker

     in reply to

     • Joe Lanman

     @ambiguous_yelp @joelanman They control who wants to be part of the dev community, by being despicable. So no thanks. Projects run by awful people are non starters.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Saturday, 11-Jan-2025 00:32:10 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • Joe Lanman

     @dalias @joelanman You're right about one thing the dev team are right wing ass hats, and it does attract right wingers because they can get away with saying the n word, but thats not really an infra critique its like saying theres right wingers on the web, simplex is just a messenger. The dev team control the "official" roomlist and that is a shit roomlist but apart from that they dont really have any structural control on who uses the platform

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 11-Jan-2025 00:33:26 JST Rich Felker

     in reply to

     • Joe Lanman

     @ambiguous_yelp @joelanman If you want something stronger than Singal, it's Cwtch by @openprivacy.

   • Embed this notice
     jenkinse (jenkinse@mastodon.social)'s status on Saturday, 11-Jan-2025 12:34:26 JST jenkinse

     in reply to

     • Rich Felker
     • Joe Lanman

     @dalias @ambiguous_yelp @joelanman

     That seems like wishful thinking. Signal foundation has signaled clearly and consistently for a long time that they never intend to let you create an account without a phone number

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 11-Jan-2025 12:34:26 JST Rich Felker

     in reply to

     • Joe Lanman
     • jenkinse

     @jenkinse @ambiguous_yelp @joelanman No, they've said it's a hard problem because it's the only throttle they have against DoS levels of account creation.

   • Embed this notice
     SamuelJohnson (samueljohnson@mstdn.social)'s status on Saturday, 11-Jan-2025 12:39:12 JST SamuelJohnson

     in reply to

     • Rich Felker
     • Joe Lanman

     @ambiguous_yelp @dalias @joelanman On the contrary, your comment about markets is misinformed. Signal is not a commercial product. User data is not monetised. Signal communications are not susceptible traffic analysis if users adopt usernames. Signal users are not invited to "backup" unencrypted data to the cloud for the convenience of transferring accounts to new devices. Signal is funded in large part by a $50m donation to a foundation by one of WhatsApp's creators who opposed sale to FB.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 11-Jan-2025 12:48:39 JST Rich Felker

     in reply to

     • Joe Lanman
     • Mu

     @mu @ambiguous_yelp @joelanman Yes why not? Cwtch is what you want but made with a positive mission of consent & personal autonomy rather than a mission of enabling crypto scam planning, hiring hits, CSAM, evading child support, fascist insurrection, etc. like SimpleX.

   • Embed this notice
     Mu (mu@mastodon.nz)'s status on Saturday, 11-Jan-2025 12:48:41 JST Mu

     in reply to

     • Rich Felker
     • Joe Lanman

     @ambiguous_yelp @dalias @joelanman why not cwtch?

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Saturday, 11-Jan-2025 12:48:42 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • Joe Lanman

     @dalias @joelanman Any form of centralised/unique persistant id can be used to trivially correlate your contacts provided the surveillance apparatus is in place on the backend even if those conversations themselves are encrypted, such surveillance is impossible on simplex bc there are no user ids

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 11-Jan-2025 13:23:54 JST Rich Felker

     in reply to

     • SamuelJohnson
     • Joe Lanman
     • tapeloop

     @samueljohnson @tapeloop @ambiguous_yelp @joelanman The fact that Signal has infrastructure expenses is relevant here, but no, that's not running out, and Signal has solid ongoing funding from user donors and orgs.

   • Embed this notice
     tapeloop (tapeloop@mastodon.social)'s status on Saturday, 11-Jan-2025 13:23:56 JST tapeloop

     in reply to

     • Rich Felker
     • SamuelJohnson
     • Joe Lanman

     @samueljohnson @ambiguous_yelp @dalias @joelanman Wait, so when that donation runs out, Signal will be dead?

   • Embed this notice
     SamuelJohnson (samueljohnson@mstdn.social)'s status on Saturday, 11-Jan-2025 13:23:56 JST SamuelJohnson

     in reply to

     • Rich Felker
     • Joe Lanman
     • tapeloop

     @tapeloop @ambiguous_yelp @dalias @joelanman Do you know what open source software is?

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 11-Jan-2025 15:54:18 JST Rich Felker

     in reply to

     • SamuelJohnson
     • Joe Lanman
     • tapeloop

     @samueljohnson @tapeloop @ambiguous_yelp @joelanman If funding is ever a problem, infrastructure expenses can always be reduced by at least an order of magnitude by moving off AWS... 🤪

   • Embed this notice
     SamuelJohnson (samueljohnson@mstdn.social)'s status on Saturday, 11-Jan-2025 15:54:19 JST SamuelJohnson

     in reply to

     • Rich Felker
     • Joe Lanman
     • tapeloop

     @dalias @tapeloop @ambiguous_yelp @joelanman I donate*. Fine with me if if it eventually is 100% user supported. The project will likely continue one way or another.

     *as I do to Mastodon and others

   • Embed this notice
     jenkinse (jenkinse@mastodon.social)'s status on Saturday, 11-Jan-2025 23:39:43 JST jenkinse

     in reply to

     • Rich Felker
     • Joe Lanman

     @ambiguous_yelp @dalias @joelanman

     Who are the dev team and why are they right wing ass hats? I'd like to learn more about this, since SimpleX seems better then Signal in all other aspects. If you can provide further details and examples or links illustrating their right wing ideology or bad behavior I would appreciate this!

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 11-Jan-2025 23:39:43 JST Rich Felker

     in reply to

     • Joe Lanman
     • jenkinse

     @jenkinse @ambiguous_yelp @joelanman Just looking at their website..?

   • Embed this notice
     jenkinse (jenkinse@mastodon.social)'s status on Saturday, 11-Jan-2025 23:48:41 JST jenkinse

     in reply to

     • Rich Felker
     • Joe Lanman

     @dalias @ambiguous_yelp @joelanman

     True their website doesn't exactly pass a "vibes test" but do we have anything more concrete to go by?

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 11-Jan-2025 23:48:41 JST Rich Felker

     in reply to

     • Joe Lanman
     • jenkinse

     @jenkinse @ambiguous_yelp @joelanman See above "The dev team control the 'official' roomlist and that is a shit roomlist" - looking at that roomlist probably makes it clear.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 12-Jan-2025 20:17:59 JST Rich Felker

     in reply to

     • sammi
     • Joe Lanman

     @sammi @joelanman @ambiguous_yelp Some people's definition of "nearly backdoored" is "clowncar government from small irrelevant island full of TERFs had a tantrum and asked them to backdoor it"... 🤦

   • Embed this notice
     sammi (sammi@libranet.de)'s status on Sunday, 12-Jan-2025 20:18:02 JST sammi

     in reply to

     • Rich Felker
     • Joe Lanman

     @ambiguous_yelp @dalias @joelanman

     WhatsApp is centralised, WA uses phone numbers, WA is a data collector. Signal is a natural progression, centralised, phone numbers, but no data collection. So Signal should be very familiar, Signal is also ZTA zero trust architecture, that is Signal clients don't trust its servers architecture. Hence, Signal top notch gold standard encryption used by billions (WA, fbM, gMeetup, Simplex, RCS, plus a few more). Plus, Signal code has a bomb to bomb cellbrite agent if its used to extract data from Signal clients.

     Signal was never nearly backdoored (disinformation / FUD).

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 12-Jan-2025 20:39:26 JST Rich Felker

     in reply to

     • sammi
     • Joe Lanman
     • jenkinse

     @sammi @joelanman @jenkinse @ambiguous_yelp Signal is just excellent for most people's personal needs and threat models. It has mature functionality on par with insecure/non-private alternatives, and doesn't give anything to surveillance capitalists.

     If you're doing subversive or illegal things, obviously use disappearing messages regardless of if you have/need anonymity. If you do need to be anonymous to your contacts, sign up with a burner number.

   • Embed this notice
     sammi (sammi@libranet.de)'s status on Sunday, 12-Jan-2025 20:39:27 JST sammi

     in reply to

     • Rich Felker
     • Joe Lanman
     • jenkinse

     @jenkinse @dalias @ambiguous_yelp @joelanman

     Not better in all aspects. Sxc is lacking in group video conferencing calls. Signal has that feature right now. sxc is working on it sometime next year maybe. Sxc 1-to-1 video calls are inconsistent as well. So sxc audio video feature requires major work. Signal audio video is well established as reliable feature set.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 13-Jan-2025 00:04:09 JST Rich Felker

     in reply to

     • Joe Lanman
     • jenkinse

     @jenkinse @joelanman @ambiguous_yelp No, it's based on (1) cryptographic properties and (2) client not being malicious. Both are independently verifiable. Any violation of (2) would be signing their own death certificate.

   • Embed this notice
     jenkinse (jenkinse@mastodon.social)'s status on Monday, 13-Jan-2025 00:04:10 JST jenkinse

     in reply to

     • Rich Felker
     • Joe Lanman

     @dalias @sammi@libranet.de @joelanman @ambiguous_yelp

     Being merely sufficient for most people's threat models is one thing, but resisting the same forces of enshittification we see with other centralized platforms is another thing.

     Signal doesn't currently give anything to surveillance capitalists as far as we know, but this assessment is based more on vibes and marketing claims then Signal's technical merit, which is problematic.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 13-Jan-2025 00:06:31 JST Rich Felker

     in reply to

     • Joe Lanman
     • jenkinse

     @jenkinse @joelanman @ambiguous_yelp Those other platforms are jokes for UX, cryptographic safety, and/or trustworthiness of developers & community.

     If you want stronger privacy than Signal, use Cwtch. Don't promote pedo-coinbro-ware.

   • Embed this notice
     jenkinse (jenkinse@mastodon.social)'s status on Monday, 13-Jan-2025 00:06:32 JST jenkinse

     in reply to

     • Rich Felker
     • Joe Lanman

     @dalias @sammi@libranet.de @joelanman @ambiguous_yelp

     The need to sign up with a burner phone and burner number just for basic anonymity is an example of a barrier to privacy which shouldn't exist. Many people can't afford even one phone plan, having to pay for a second phone and second phone plan puts basic privacy out of reach. Privacy shouldn't be a privelege for the rich. By contrast platforms like Matrix, Delta Chat, and SimpleX do much better in this aspect (tho SimpleX leadership is questionable)

   • Embed this notice
     jenkinse (jenkinse@mastodon.social)'s status on Monday, 13-Jan-2025 00:34:37 JST jenkinse

     in reply to

     • Rich Felker
     • Joe Lanman

     @dalias @joelanman @ambiguous_yelp

     I have yet to see how cryptographic properties prevent Signal from mapping your contacts and analyzing your metadata, if Signal and Intel were compromised

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 13-Jan-2025 00:34:37 JST Rich Felker

     in reply to

     • Joe Lanman
     • jenkinse

     @jenkinse @joelanman @ambiguous_yelp https://signal.org/blog/sealed-sender/

   • Embed this notice
     jenkinse (jenkinse@mastodon.social)'s status on Monday, 13-Jan-2025 00:36:22 JST jenkinse

     in reply to

     • Rich Felker
     • Joe Lanman

     @dalias @joelanman @ambiguous_yelp

     Thanks for the suggestion of Cwtch which I will look into. But absent any evidence, I consider the suggestion that Matrix, Delta Chat and SimpleX are insecure, have bad UX, and are all pedo-coinbro-ware to be FUD and also disrespectful to the developers

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 13-Jan-2025 00:36:22 JST Rich Felker

     in reply to

     • Joe Lanman
     • jenkinse

     @jenkinse @joelanman @ambiguous_yelp Matrix has bad security-UX and outright broken security properties (like reactions being unencrypted). SimpleX is run by neonazi coinbros.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 14-Jan-2025 12:19:26 JST Rich Felker

     in reply to

     • Luna Lactea
     • Joe Lanman
     • jenkinse

     @jackemled @jenkinse @joelanman @ambiguous_yelp Folks in less repressive countries can just buy burners, but in lots of places you can't get a SIM without ID.

   • Embed this notice
     Luna Lactea (jackemled@furry.engineer)'s status on Tuesday, 14-Jan-2025 12:19:27 JST Luna Lactea

     in reply to

     • Rich Felker
     • Joe Lanman
     • jenkinse

     @jenkinse @dalias @joelanman @ambiguous_yelp The phone number thing is my only issue with Signal (besides centralization, but that's not a very big deal), & it's a very big issue. I have no way of having a dummy account to give to people I don't trust.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 14-Jan-2025 12:31:28 JST Rich Felker

     in reply to

     • Joe Lanman
     • jenkinse

     @ambiguous_yelp @jenkinse @joelanman If the bot can see "top N rooms" this does not sound very private...

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Tuesday, 14-Jan-2025 12:31:29 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • Joe Lanman
     • jenkinse

     @jenkinse @dalias @joelanman the roomlist is organised through a user-bot on-platform, you message that bot asking for the top N rooms or keyword search for a room

   • Embed this notice
     jenkinse (jenkinse@mastodon.social)'s status on Tuesday, 14-Jan-2025 12:31:30 JST jenkinse

     in reply to

     • Rich Felker
     • Joe Lanman

     @dalias @ambiguous_yelp @joelanman

     Where can I find the roomlist? I'm not sure I would recognize the people on the roomlist, but its worth taking a look at.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 14-Jan-2025 12:34:31 JST Rich Felker

     in reply to

     • sammi
     • Joe Lanman

     @ambiguous_yelp @sammi @joelanman That DOES NOT MATTER because Signal won't and can't (their only way of complying would be shipping malware that would immediately be detected and be suicide) and has no reason to (TERF isle's laws are irrelevant to them, as they're not located on TERF isle). Saying they were "nearly backdoored" because of this is as stupid as saying they were "nearly backdoored" because Mr. Bone Saw said they should add a backdoor.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Tuesday, 14-Jan-2025 12:34:33 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @sammi @dalias @joelanman It was nearly backdoored. There is a damocles sword in the ammended bill that basically says if a judge considers it "technologically feasible" to backdoor signal then they can demand it

     Rich Felker repeated this.
   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 14-Jan-2025 12:35:44 JST Rich Felker

     in reply to

     • sammi
     • Joe Lanman

     @ambiguous_yelp @sammi @joelanman It won't get backdoored. Absolute worst case is it gets removed from centralized app stores availability in UK and you have to use existing version or sideload it.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Tuesday, 14-Jan-2025 12:35:46 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @dalias @sammi @joelanman Way to alienate millions of people. I live in uk. If it gets backdoored here then signal is irrelevant and useless to me and all my activist friends

   • Embed this notice
     sammi (sammi@libranet.de)'s status on Tuesday, 14-Jan-2025 12:36:15 JST sammi

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman
     • jenkinse

     @ambiguous_yelp @dalias @jenkinse @joelanman

     seems you're missing the point. folks using WA don't care. Hence, Signal is similar except, no data collection.

     WA and Signal are not anonymous by design, for most people use cases, don't need it.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Tuesday, 14-Jan-2025 12:36:16 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman
     • jenkinse

     @sammi @dalias @joelanman @jenkinse Simplex is not 1-1 feature compatible with either signal or matrix, but it is the best choice for privacy and security for the reasons I outlined in the thread. If you need group calls then yeah use signal for that use case, for everything else though? Stick to simplex messaging for enchanced security

     Rich Felker repeated this.
   • Embed this notice
     sammi (sammi@libranet.de)'s status on Tuesday, 14-Jan-2025 12:36:22 JST sammi

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @ambiguous_yelp @dalias @joelanman

     they can demand it, doesn't mean Signal will execute their request. Signal position was, and still is, they will exit UK. folks in UK will still be able to use Signal via proxy.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 14-Jan-2025 12:38:15 JST Rich Felker

     in reply to

     • sammi
     • Joe Lanman

     @ambiguous_yelp @sammi @joelanman If you want something not feature equivalent but maximally private & anonymous, you use Cwtch by very reputable ethical folks at Openprivacy. Not junk from nazi coinbros.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Tuesday, 14-Jan-2025 12:38:17 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @sammi @dalias @joelanman simplex is not feature compatible with signal, but using it makes you more private secure and anonymous, that is all I am saying. If you care about those things then simplex is the best

   • Embed this notice
     sammi (sammi@libranet.de)'s status on Tuesday, 14-Jan-2025 12:38:18 JST sammi

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @ambiguous_yelp @dalias @joelanman

     Normies want a simple alternative with least amount of hoops to jump over. they may want something familiar just not facebook et al. Signal is that product. Also, sxc lacking in well used feature, audio video group calls.

     Until sxc implements that, I cannot recommend sxc at this time. of course you can try arm twist to onboard sxc. np. cheers. 👌

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Tuesday, 14-Jan-2025 12:38:19 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @sammi @dalias @joelanman Wouldn't it be more robust and pro privacy to support an infrastructure that is resistant to such corruption by being decentralised? Allowing anyone to run a simplex relay means if you distrust one provider you can switch relays without having to migrate all your contacts

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 14-Jan-2025 12:50:24 JST Rich Felker

     in reply to

     • sammi
     • Joe Lanman

     @ambiguous_yelp @sammi @joelanman To be clear, I pestered Meredith over and over about this when the official word was that they would withdraw from UK.

     Understandably Signal didn't want to give away their hand early, but ultimately she clarified that this would mean treating UK like other hostile states requiring circumvention of law & possible circumvention of network blocks via proxy infrastructure, and that they were committed to protecting UK users.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 14-Jan-2025 15:25:11 JST Rich Felker

     in reply to

     • Joe Lanman
     • jenkinse

     @ambiguous_yelp @jenkinse @joelanman WTF is the point of having a strongly encrypted private platform then inviting bots to index that, subverting the whole thing?? 🤦

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Tuesday, 14-Jan-2025 15:25:13 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • Joe Lanman
     • jenkinse

     @dalias @jenkinse @joelanman no you're missing the point, theres groups and group links, you can then optionally choose to invite a bot (also open source and published implementation) to your room so it can be indexed on whatever directory, that is of course opt in and very intentional process, all simplex relays can see is room links as they point to a queue on the relay.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 14-Jan-2025 15:25:55 JST Rich Felker

     in reply to

     • sammi
     • Joe Lanman

     @ambiguous_yelp @sammi @joelanman Then use Cwtch and stop promoting right wing cryptobro shit.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Tuesday, 14-Jan-2025 15:25:56 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @dalias @sammi @joelanman ok but I think telegram's ceo being arrested cross-border and then radically altering the tos seems to suggest that open source apps arent safe just because theyre based outside the "problem country" what if several countries start blocking signal? I just want an infrastructure that is more resilient to censorship from the start that has built in tor support

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 14-Jan-2025 15:28:22 JST Rich Felker

     in reply to

     • sammi
     • Joe Lanman

     @ambiguous_yelp @sammi @joelanman PQ is bs because QC is bs. It's not a legitimate threat.

     Cwtch IDs are free for the making of as many as you want, e.g. per contact.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Tuesday, 14-Jan-2025 15:28:24 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @dalias @sammi @joelanman simplex has PQ encryption cwtch doesnt, making it susceptible to HNDL attacks and cwtch has unique persistent ids whereas simplex doesn't making cwtch vulnerable to contact correlation attacks by comparing your unique id across compromising devices, attacking the developers here is just fud bc the protocol is solid and is not susceptible to censorship or control by evgeny and his friends its literally explicitly designed with that ideological goal

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 14-Jan-2025 15:29:08 JST Rich Felker

     in reply to

     • sammi
     • Joe Lanman

     @ambiguous_yelp @sammi @joelanman 🙄 keep simping for that shit.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Tuesday, 14-Jan-2025 15:29:10 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @dalias @sammi @joelanman ive already crafted a reply as to why simplex is better than cwtch, no permanent user ids, and PQ encryption protecting against HNDL attacks

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 14-Jan-2025 15:33:01 JST Rich Felker

     in reply to

     • sammi
     • Joe Lanman

     @ambiguous_yelp @sammi @joelanman They're not "picking up steam". That's marketing bs, same as AI marketing bs about approaching AGI. No QC has ever performed even a single meaningful factoring operation.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Tuesday, 14-Jan-2025 15:33:02 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @dalias @sammi @joelanman im going with what security researchers are saying on this https://www.youtube.com/watch?v=-UrdExQW0cs I am not qualified to say whether or not quantum computers will break classical encryption or not but theyre certainly picking up steam https://www.tomshardware.com/tech-industry/quantum-computing/google-claims-its-new-willow-quantum-chip-can-swiftly-solve-a-problem-that-would-take-a-standard-supercomputer-10-septillion-years

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 14-Jan-2025 15:46:12 JST Rich Felker

     in reply to

     • sammi
     • Joe Lanman

     @ambiguous_yelp @sammi @joelanman No one who actually knows what they're talking about believes that. Only the peddlers high on their own supply do. Exact same phenomenon as AGI. Scamming investors and deluding themselves.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Tuesday, 14-Jan-2025 15:46:13 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @dalias @sammi @joelanman This is really short sighted, the fact is qubits on chip are growing exponentially, its kinda like vram once you have enough once you cross a threshold you can just do calculations you couldnt before, projections show well have enough qubits to break classical encryption anywhere from a couple years away to a couple decades away, unless you can say with confidence there will be some limiting factor this threshold will be reached eventually breaking historical encryption

   • Embed this notice
     sammi (sammi@libranet.de)'s status on Tuesday, 14-Jan-2025 17:11:47 JST sammi

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @ambiguous_yelp @dalias @joelanman

     If one requires reliable and consistent audio video or group audio video, sxc is not the practical one to use at this moment. Signal, is the way to go. Signal is also solid in security with no data collection or super minimum at best. Again, Signal was not designed to be anonymous, but private and secure.

   • Embed this notice
     🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)'s status on Tuesday, 14-Jan-2025 17:11:48 JST 🌱@ambiguous_yelp:ahimsa.chat

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @dalias @sammi @joelanman no true scotsman fallacy. no true security researcher believes in quantum breaking classical encryption, if you havent seen the veritasium video on Harvest Now Decrypt Later you can also read the wikipedia page https://en.wikipedia.org/wiki/Harvest_now%2C_decrypt_later, at the very least it seems powerful orgs are taking the threat srsly, harvesting encrypted data for decryption and transitioning to PQ as defense https://cloud.google.com/blog/products/identity-security/why-google-now-uses-post-quantum-cryptography-for-internal-comms

     Rich Felker repeated this.
   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 15-Jan-2025 11:08:45 JST Rich Felker

     in reply to

     • sammi
     • Luna Lactea
     • Joe Lanman

     @jackemled @ambiguous_yelp @sammi @joelanman Likely the whole reason US spook orgs are promoting PQ is that they suspect or know the ciphers they're promoting are broken.

     Never touch PQ that's not hybrid with trusted classical (RSA and/or EC).

   • Embed this notice
     Luna Lactea (jackemled@furry.engineer)'s status on Wednesday, 15-Jan-2025 11:08:57 JST Luna Lactea

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @ambiguous_yelp @dalias @sammi @joelanman Quantum computing will not be a threat to cryptography any time soon. It might be in the far future, but not now. Post quantum cryptography isn't useless though, it's good to prepare for a threat before it happens, but the threat is also far away right now & not urgent.

     Cryptographers could also be completely wrong about quantum computing as a threat & how to defeat it. Just watch there be a zero day exploit in common post quantum cryptography algorithms four hours after consumer quantum computing is made available.

   • Embed this notice
     Luna Lactea (jackemled@furry.engineer)'s status on Wednesday, 15-Jan-2025 11:08:59 JST Luna Lactea

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @ambiguous_yelp @dalias @sammi @joelanman I'm going to be real with you
     I think Veritasium is kind of an idiot. He never seems to know much about what he's talking about. He's probably not a good source.

     Also, persistent IDs being an issue are only an issue depending on your threat model, & you can always have dummy IDs (persistent IDs are actually helpful to me this way, I can create two separate "identities") or throw away your current ID. Except with Signal!!! Signal doesn't let you do this!! I hate that Signal doesn't let you do this!! This is my only issue with Signal! Signal fits my needs almost perfectly, just this one issue. Even Discord lets you have multiple accounts & it's completely plaintext.

   • Embed this notice
     Luna Lactea (jackemled@furry.engineer)'s status on Wednesday, 15-Jan-2025 11:08:59 JST Luna Lactea

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @ambiguous_yelp @dalias @sammi @joelanman Different systems work for different threat models. My threat model is that someone could out me as LGBT in real life by looking at my online social profiles. I can protect against this by having a secondary cohesive identity that works as a dummy profile & do the usual not sharing any personal information. I have two accounts for everything & anyone that I don't trust receives information for the dummy account.

   • Embed this notice
     Luna Lactea (jackemled@furry.engineer)'s status on Wednesday, 15-Jan-2025 11:12:50 JST Luna Lactea

     in reply to

     • Rich Felker
     • sammi
     • Joe Lanman

     @dalias @ambiguous_yelp @sammi @joelanman Yeah exactly. They're probably hoping that people think it's "better" than digital cryptography & "even more unbreakable" & decide to use only post quantum cryptography instead of both. I'm pretty sure alot of post quantum cryptography is vulnerable to digital attacks, but I'm not sure where I read that. I wouldn't be surprised though.