Conversation
Notices
-
Embed this notice
DarkSky ?? (darksky@shitposter.club)'s status on Tuesday, 23-Aug-2022 02:10:36 JST 
DarkSky ??
What are your thoughts on Signal?
#tech
#technology
#security
#privacy-
Embed this notice
itzzenxx :heart_trans: (itzzenxx@plma.plus.st)'s status on Tuesday, 23-Aug-2022 02:10:22 JST 
itzzenxx :heart_trans:
@dushman @iska @inference @DarkSky That's true, but comparing to how I tried convincing my friends who don't care about computers to use XMPP or matrix it's a living hell. Wrongthink likes this. -
Embed this notice
Dushman (dushman@shitposter.club)'s status on Tuesday, 23-Aug-2022 02:10:26 JST 
Dushman
@itzzenxx @inference @DarkSky @iska
I dunno. Most GUI xmpp clients really aren't difficult to figure out if you ask me. The UI of Conversations for example is really clean and simple, nothing hard about it. -
Embed this notice
itzzenxx :heart_trans: (itzzenxx@plma.plus.st)'s status on Tuesday, 23-Aug-2022 02:10:27 JST
itzzenxx :heart_trans:
@dushman @inference @DarkSky I've used xmpp, I've used matrix, they aren't normie friendly. It's not just "creating a username and password," but also the user interface, clients, etc. A normie just wants to chat not figure out what a "federation" is.
Signal is perfect for that usecase, one app that you can easily install and get a much better messaging experiance. -
Embed this notice
Dushman (dushman@shitposter.club)'s status on Tuesday, 23-Aug-2022 02:10:28 JST
Dushman
@inference @DarkSky
I'm pretty sure even normies are capable of creating a username and password -
Embed this notice
inference (inference@plr.inferencium.net)'s status on Tuesday, 23-Aug-2022 02:10:30 JST 
inference
@dushman @DarkSky Try getting a normie to sign up for XMPP or Matrix, then try WhatsApp or Signal.
100% it will be the "just works" number. -
Embed this notice
Dushman (dushman@shitposter.club)'s status on Tuesday, 23-Aug-2022 02:10:31 JST
Dushman
@inference @DarkSky
Easier? How so? -
Embed this notice
inference (inference@plr.inferencium.net)'s status on Tuesday, 23-Aug-2022 02:10:32 JST
inference
@dushman @DarkSky
1. It pins the number to your account. Any usage of that number on another device wipes everything. It also makes it impossible for someone to impersonate you using another username which looks or is the same.
2. It makes it easier for normies to use. Wouldn't you rather have people using Signal than WhatsApp or SMS? I would. -
Embed this notice
Dushman (dushman@shitposter.club)'s status on Tuesday, 23-Aug-2022 02:10:33 JST
Dushman
@inference @DarkSky
Why would they even need a phone number in the first place though? -
Embed this notice
inference (inference@plr.inferencium.net)'s status on Tuesday, 23-Aug-2022 02:10:34 JST
inference
@DarkSky Best messenger. Can't get any better than Signal Protocol, which is why most other messengers are based on it.
The phone number things is overblown to me, and I don't see it as much of an issue. I think people take that way over the top. -
Embed this notice
Neko McCatface v2023 :verified::makemeneko: (roboneko@bae.st)'s status on Tuesday, 23-Aug-2022 02:11:25 JST 
Neko McCatface v2023 :verified::makemeneko:
@inference @Hyolobrika @bot @iska @DarkSky
> tor shouldn't accept it either
didn't that literally start out as a government project tho? :think_nyan:
services and protocols are completely different in that regard. I don't mind that SELinux has government origins. it runs locally, it's not a centralized service with the associated perverse incentives that entailsWrongthink likes this. -
Embed this notice
inference (inference@plr.inferencium.net)'s status on Tuesday, 23-Aug-2022 02:11:26 JST
inference
@bot @Hyolobrika @iska @DarkSky Because it's money. Tor shouldn't accept it, either, in that case.
What about Linux and Red Hat? Pretty sure they are funded partially by governments. -
Embed this notice
bot :apartyblobcat: (bot@kiwifarms.cc)'s status on Tuesday, 23-Aug-2022 02:11:27 JST 
bot :apartyblobcat:
They don’t have to accept that money, those choose to do so, and they choose to hide it. Why do you think that is? -
Embed this notice
bot :apartyblobcat: (bot@kiwifarms.cc)'s status on Tuesday, 23-Aug-2022 02:11:28 JST
bot :apartyblobcat:
Seems sus, maybe they don’t change it because they’d stop receiving the government funding that allows them to have half million dollar salaries. -
Embed this notice
inference (inference@plr.inferencium.net)'s status on Tuesday, 23-Aug-2022 02:11:28 JST
inference
@bot @Hyolobrika @iska @DarkSky You're free to have these conspiracy theories, but have you ever considered that it may actually be legit and the government wants you to think it isn't?
That mindset isn't healthy to me, but you do you. -
Embed this notice
bot :apartyblobcat: (bot@kiwifarms.cc)'s status on Tuesday, 23-Aug-2022 02:11:29 JST
bot :apartyblobcat:
How is that a non issue? They could just not require a number, problem solved. Then there’d be no way to specifically identify people. -
Embed this notice
inference (inference@plr.inferencium.net)'s status on Tuesday, 23-Aug-2022 02:11:29 JST
inference
@bot @Hyolobrika @iska @DarkSky Because it's not that easy without their current system. Some of Signal's security comes from pinning the phone number. -
Embed this notice
inference (inference@plr.inferencium.net)'s status on Tuesday, 23-Aug-2022 02:11:30 JST
inference
@Hyolobrika @bot @iska @DarkSky Again, a non-issue. They know I use Signal, so what? They can't see any metadata, they can't see any messages.
They know I use a phone and the internet, too, without even providing a phone number. -
Embed this notice
bot :apartyblobcat: (bot@kiwifarms.cc)'s status on Tuesday, 23-Aug-2022 02:11:31 JST
bot :apartyblobcat:
They can figure out who you are. -
Embed this notice
Hyolobrikator (hyolobrika@gleasonator.com)'s status on Tuesday, 23-Aug-2022 02:11:31 JST 
Hyolobrikator
Exactly.
>inb4 "they hash it"
They have admitted twice on their blog that they can reverse the hash. And even if that weren't true, I imagine it could still be used to confirm a guess. -
Embed this notice
inference (inference@plr.inferencium.net)'s status on Tuesday, 23-Aug-2022 02:11:32 JST
inference
@iska @DarkSky
> signal needs a phone number
Irrelevant when it can't do anything with it.
> GCM
Do you even know what this is? Every website, including the fedi instance you're on, uses AES-GCM. You don't even know what this means. Please educate yourself: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Galois/counter_(GCM)
XMPP, Matrix, and pretty much everything else, uses AES-GCM by default. The only sane alternative is ChaCha20-Poly1305, not that it matters. Both are safe and well tested.
> while discouraging anything but google-play and app-store builds and being hostile to forks
Without the official app or approved app which has code correctness, any contactt on the other side could be compromised due to the app on your side not sending back necessary data. This is not about freedom, but real security and privacy.
> Can silence even use signal's servers?
Silence is dead. It has been unmaintained for a very long time, other than translations:
https://git.silence.dev/Silence/Silence-Android/-/commits/master
> You still have to trust signal doesn't leak metadata
You don't; proven in court twice, and you can clearly see how all of it works in-app.
> GP/AS builds being safe and private
You can get it directly from Signal's site, and they allow reproducible builds.
Sorry, you lose. Try again, cultist. -
Embed this notice
Iska :emacs_thinking: (iska@mstdn.starnix.network)'s status on Tuesday, 23-Aug-2022 02:11:33 JST 
Iska :emacs_thinking:
Yes, this is a conspiracy theory.
signal needs a phone number, GCM, and an age of 13; while discouraging anything but google-play and app-store builds and being hostile to forks. (Can silence even use signal's servers?)
You still have to trust signal doesn't leak metadata, and GP/AS builds being safe and private.
signal also just looks spooky, so I'm just gonna stick with XMPP/IRC.
-
Embed this notice
inference (inference@plr.inferencium.net)'s status on Tuesday, 23-Aug-2022 02:11:34 JST
inference
@DarkSky @iska
Signal subpoena 2016:
https://signal.org/bigbrother/eastern-virginia-grand-jury/
Signal subpoena 2021:
https://signal.org/bigbrother/central-california-grand-jury/
Both times have proven they know nothing about you. "Honeypot" is baseless conspiracy theory.
Signal also does all encryption on-device, and the app is open sourced under GPLv3. If you want to go all the way, there's Molly-FOSS which even removes the proprietary Google components inside the official Signal app, which Signal has contributed to.
There's no getting away from these facts. -
Embed this notice
DarkSky ?? (darksky@shitposter.club)'s status on Tuesday, 23-Aug-2022 02:11:35 JST
DarkSky ??
can't argue with this one since it's based in the US and centralized -
Embed this notice
Iska :emacs_thinking: (iska@mstdn.starnix.network)'s status on Tuesday, 23-Aug-2022 02:11:36 JST
Iska :emacs_thinking:
@DarkSky honeypot
-
Embed this notice
All GNU social JP content and data are available under the