Conversation
Notices
-
Embed this notice
feld (feld@friedcheese.us)'s status on Monday, 10-Mar-2025 08:29:20 JST 
feld
How does this have anything to do with Signal's mission though?
RT: https://mamot.fr/users/Khrys/statuses/114134082001213449- Hoss Delgado and Johnny Peligro like this.
-
Embed this notice
Hoss Delgado (hoss@shitpost.cloud)'s status on Monday, 10-Mar-2025 08:48:01 JST 
Hoss Delgado
Signal's CEO does not support a free Internet. I would not trust an app whose leadership screams "compromised". Johnny Peligro and pwm like this. -
Embed this notice
iced depresso (icedquinn@blob.cat)'s status on Monday, 10-Mar-2025 08:51:08 JST 
iced depresso
@feld security focused company complaining machine spyware is bad for security?
:blobcatreadingsicp: seems in specificationDoughnut Lollipop 【記録係】:blobfoxgooglymlem: likes this. -
Embed this notice
feld (feld@friedcheese.us)'s status on Monday, 10-Mar-2025 09:06:03 JST
feld
@icedquinn They're not a security company they're an encrypted messenger non-profit and random AI products dreamed up by the deranged has nothing to do with the scope of their mission.
Actual security concerns she should be focused on which affect the messenger:
- OS ability to screenshot / scrape the text on your screen
- software keyboards becoming keyloggers
- text autocomplete / spellcheck reading your messages
- translate functionality reading your messagesDoughnut Lollipop 【記録係】:blobfoxgooglymlem: repeated this. -
Embed this notice
iced depresso (icedquinn@blob.cat)'s status on Monday, 10-Mar-2025 09:11:38 JST
iced depresso
@feld i remember an article where "random AI products" reading the screen have become an open concern.
somewhere around Recall and inevitable clones scanning the screen to narc on users and get around E2E encryption that way. CCP has already normalized keyword based surveilance, and the EU is chomping to get some kind of backdoor on E2E to control unlicensed secret poop emojis.Doughnut Lollipop 【記録係】:blobfoxgooglymlem: likes this. -
Embed this notice
feld (feld@friedcheese.us)'s status on Monday, 10-Mar-2025 09:14:04 JST
feld
@icedquinn She's discussing agentic AI which is ridiculous, why would that run on the same device that you have Signal installed Doughnut Lollipop 【記録係】:blobfoxgooglymlem: repeated this. -
Embed this notice
iced depresso (icedquinn@blob.cat)'s status on Monday, 10-Mar-2025 09:14:41 JST
iced depresso
@feld if you have iOS you've no choice... apple intelligence is on device always Doughnut Lollipop 【記録係】:blobfoxgooglymlem: repeated this. -
Embed this notice
iced depresso (icedquinn@blob.cat)'s status on Monday, 10-Mar-2025 09:17:28 JST
iced depresso
@feld tl;dr idk i've seen crypto folk are worried about the state just coming by and mandating 24/7 screen readers. the ground work has already been put in place with the muh children excuse (built-in scanners now checking photographs in secret to narc you to the police if you are doing telemedicine with your doctor.) AI slop is a concern for security folk right now
maybe not for whatever reason she's talking about but it is a concernDoughnut Lollipop 【記録係】:blobfoxgooglymlem: likes this. -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Monday, 10-Mar-2025 09:24:26 JST 
Fish of Rage
@icedquinn @feld Clearly there is a concern wrt UK mandating removal of encryption. If you install the local AI indexer on every iphone and then the state mandates intercept, you helped make their job infinitely easier Doughnut Lollipop 【記録係】:blobfoxgooglymlem: likes this. -
Embed this notice
iced depresso (icedquinn@blob.cat)'s status on Monday, 10-Mar-2025 09:26:29 JST
iced depresso
@sun @feld we also don't really have ways of knowing if they aren't just doing that already. the UK publicly banned meaningful encryption but places like the US have been long laundering data theft through secret laws -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Monday, 10-Mar-2025 09:27:50 JST
Fish of Rage
@icedquinn @feld I suspect if they were apple would not have introduced the feature but maybe they would anyway, I Really don't know -
Embed this notice
iced depresso (icedquinn@blob.cat)'s status on Monday, 10-Mar-2025 09:29:22 JST
iced depresso
@sun @feld the shareholder cult demands AI slop -
Embed this notice
Nicholas Conrad (nicholas@aklp.club)'s status on Monday, 10-Mar-2025 09:35:12 JST 
Nicholas Conrad
I agree, with Whittaker at the helm signal is limited hangout at best, compromised at worst. What messaging system do you recommend for crime these days?
-
Embed this notice
⚡Lord of Misrule⚡ (toiletpaper@shitposter.world)'s status on Monday, 10-Mar-2025 09:35:12 JST 
⚡Lord of Misrule⚡
@nicholas @feld
None that I have much direct experience with, because not enough geek/privacy-conscious friends willing to use them. However at face value, Threema, SimpleX, DeltaChat ... none of those have any requirement to provide personally identifying information.
https://simplex.chat/
https://threema.ch/en
https://delta.chat/en/
I would ideally include XMPP+OMEMO too, but the client-side cross-platform support is absolute garbage, and the crypto is quite outdated. Also it only protects the message content, not the metadata. But at least it's been around forever, is based on open standards, and has formed the backbone of many other chat platforms over it's history. So still worth an honourable mention, even if not a recommendation.feld likes this. -
Embed this notice
⚡Lord of Misrule⚡ (toiletpaper@shitposter.world)'s status on Monday, 10-Mar-2025 09:35:13 JST
⚡Lord of Misrule⚡
@feld
Wake me up when they remove the cellphone number requirement. And preferably also make the server side self-hostable.feld likes this. -
Embed this notice
feld (feld@friedcheese.us)'s status on Tuesday, 11-Mar-2025 02:08:01 JST
feld
@toiletpaper @nicholas @wowaname why is the XEP-0384 still listed as Experimental though? I wish they'd stop being so cowardly about finalizing XEPs and stand behind ones that would actually push the ecosystem forward
XMPP really seems to suffer from poor leadership/stewardship and no visionDoughnut Lollipop 【記録係】:blobfoxgooglymlem: likes this. -
Embed this notice
⚡Lord of Misrule⚡ (toiletpaper@shitposter.world)'s status on Tuesday, 11-Mar-2025 02:08:02 JST
⚡Lord of Misrule⚡
@wowaname @nicholas @feld
> at least do your research.
Speak for yourself.
OMEMO (Version 0.3.0 of XEP-0384) used AES-128-GCM, but later versions (0.4.0) moved to AES-256-CBC + HMAC-SHA-256, aligning more closely with Signal's approach. However, a recent change in the OMEMO specification (Version 0.7.0) introduced the truncation of the HMAC-SHA-256 authentication tag to 128 bits, which weakens the security. Also contact lists are stored in plain text, as is the information concerning whom the messages are address to and from. But at least unlike Signal it can be self-hosted and if you're using a server which you own/trust for both sender and receiver, that mitigates the issue somewhat. However again, as I said, the cross-platform client-side support is a dumpster fire which makes it nearly impossible to get regular people to use it.
> metadata leakage is no better or worse than delta chat
Fair enough. But again, it doesn't require a cellphone number, and it can be self-hosted. -
Embed this notice
opal (wowaname@freesoftwareextremist.com)'s status on Tuesday, 11-Mar-2025 02:08:04 JST 
opal
@toiletpaper @nicholas @feld
>the crypto is outdated
>omemo is the same shit signal uses
>metadata leakage is no better or worse than delta chat
at least do your research.
All GNU social JP content and data are available under the