Conversation

Notices

1. Embed this notice
   Soatok Dreamseeker (soatok@furry.engineer)'s status on Sunday, 22-Feb-2026 14:11:55 JST Soatok Dreamseeker

   Let me just put this out here:

   If you're coming to me hoping to "mediate" between Matrix or even "win Soatok over"

   You're wasting your fucking time.

   • Embed this notice
     Bearsinports (bearsinports@furry.engineer)'s status on Sunday, 22-Feb-2026 14:14:46 JST Bearsinports

     in reply to

     @soatok out here like.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Sunday, 22-Feb-2026 14:24:34 JST Soatok Dreamseeker

     in reply to

     It's like PGP.

     If I see a thing uses OpenPGP in any capacity, I immediately bail out.

     Because I do not want even a second of my life to be wasted on helping spread the misconception that anyone should be using PGP.

     Nor do I want to inadvertently make something built on PGP accidentally more secure by the nature of looking at it.

     I'd rather it burns to the ground.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Sunday, 22-Feb-2026 14:28:01 JST Soatok Dreamseeker

     in reply to

     But I like Matrix/PGP/MTProto and want it to be better!

     Then: Get good.

     I literally blog about applied cryptography for free. If you steal the info I've shared and use it to benefit projects I hate, I'll be none the wiser.

     But if you do this, please don't fucking tell me about it.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Sunday, 22-Feb-2026 14:30:15 JST Soatok Dreamseeker

     in reply to

     What about JSON Web Tokens?

     Listen: If you can make JWTs secure without reinventing Macaroons or PASETO, you deserve a Levchin fucking prize.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Sunday, 22-Feb-2026 14:40:38 JST Soatok Dreamseeker

     in reply to

     • Sominemo

     @Sominemo This is the correct response

   • Embed this notice
     Sominemo (sominemo@collar.place)'s status on Sunday, 22-Feb-2026 14:40:39 JST Sominemo

     in reply to

     @soatok whenever people suggest JWTs I get (ir?)rationally angry

   • Embed this notice
     Luna Lactea (jackemled@furry.engineer)'s status on Tuesday, 24-Feb-2026 00:26:53 JST Luna Lactea

     in reply to

     @soatok I tried out PGP (using GPG) for a little while. It is so terrible & unpleasant to use, & the cryptography used is absolutely ancient. The usage cycle is convoluted & confusing.

     I'm sure it could be decent to use with a nice UI, but it could never feel secure. You're always going to have to downgrade your security for certain people with it too. It feels like something LockPickingLawyer would open in a few seconds after learning cryptography once he exhausts all physical locks.