• 62 Posts
  • 337 Comments
Joined 2Y ago
cake
Cake day: Aug 02, 2020

help-circle
rss

As said in another comment it’s testing for improving thr Wikipedia website. I personally find it to be significant improvement. Having shorter lines that are easier to read is really great.


Schnorr Signatures for example, the patent expired in 2008.

Regarding patents still valid today, there are multiple patents regarding Password Authenticated Key Exchanges, which lead to weird designs which are generally less secure such as SRP.


One thing that I recently had to face is the existence of patents for cryptography. There have been multiple time in history (and there are still some today) where patents prevent the widespread use of a cryptographic primitive or cipher, so instead worse ciphers are used.

How did we get to the point where we have to pay to perform mathematical operations?


In theory it’s not indeed, the is indeed shared between multiple instances, but in practice it’s much better.

Since it doesn’t rely on advertisement and is fully open source, the fediverse has very little tracking, and no one uses its data for advertisement. It’s also not full of the dark patterns that are often used for tracking. In the end your data is much less abused than on other platforms. It might become an issue though if an ad corporation starts running their own instances and federating with everyone.


I don’t think that calling other people “normies” is a great idea. It is very rare to be able to convince someone while showing a lack of respect for them.


The app already had E2EE at that point, this only marks the release of the v2 of their protocol, which is now considered state of the art for asynchronous messaging.


Finally, since the client is a binary distributed by Whisper, it’s not possible to verify that the client and server use the published protocol independently.

What are you talking about? The official client is open source and has reproducible builds.


Yes, the government can force them to give them encrypted garbage, and they will comply. They will also give the metadata with it, but there are multiple mechanisms in the APP (client-side) to make sure that the server can’t even access most of the metadata, because it’s either not sent or encrypted.


So I guess for really sensitive matters you have to make sure your collaborators know how to stay safe

This is a really bad idea. The software you use should be usable safely without any knowledge of security if you want it to be really effective outside of security conscious people. And even security conscious people make mistakes.

And of course if your use-case really required a web-client you could just self-host it

That’s not an option for 99.99% of the population.


Fair point, but having a smaller team of highly competent devs (their job requirements are quite high if you look on their website) does allow them to innovate quicker and keep an overall high level of quality.

And it’s not like telegram were there code is completely unusable and the server is propretary. There are already a bunch of forks of Signal that exists (session being one of the main).


You don’t have to use matrix with a browser client

But the presence of a browser client seriously undermines the security of the whole platform. People don’t know that they should not use the browser client. If it were a third party client it wouldn’t undermine the seriousness of Matrix, but the browser client is an official one, which shows that Matrix takes security much less seriously than Signal.


only super easy and seamless with one client, i.e. the webbased Element

But the Webbased client’s security model is simply broken. E2EE in the browser is simply not possible.


What do you mean by that?

I know matrix, and it’s much lower overall quality, significantly less secure and popular, and is very unlikely to ever become popular until they really rethink their UX.


I didn’t know them before. Maybe they can become a serious FLOSS competitor to citymapper one day!


Self hosting of the synapse server is pretty well documented. There even is an ansible script to speed it up.

I know. But I don’t have a server, don’t really want to pay for one. I also know that Matrix is very resource hungry. I know some sysadmin stuff, and it is time consuming, especially when it’s down and you don’t know why and you need it running because you have some important document that you need quickly etc…

Then there is the matter of security. I’m not going to be able to quickly react to issues, I’m not going to update it on time, and as soon as it crashes all the people that I would have managed to make migrate would immediately go back to whatever we used previously.

All that for a really mediocre UX and overall security compared to Signal. No thanks.


I don’t know what runs on matrix.org either unless I self-host, which I don’t do, because it’s way too time consuming and is much less reliable.

And Signal has mechanisms to prevent mapping user networks such as Sealed sender, which matrix and XMPP don’t have.


You’re going to have a hard time getting a crowd as large as SimpleLogin’s


Federation makes it much harder to keep metadata private, though you could technically achieve the level of privacy found in Signal, it’s not easy.

In practice, Signal is a lot better at protecting your metadata than Matrix and XMPP.

Now that matrix has a lot of different clients and implementation, of would be super hard for them to implement something like Sealed Sender, which Signal was able to deploy very easily. I find it very unlikely that matrix will end up fixing its privacy issues. While Signal will be able to evolve and fix them. They are currently working on usernames for example.


I’ve found signal fans to be more fanatical in their loyalty to it than most advocates of other privacy apps

It’s because all criticism I’ve seen of Signal is at best circumstantial, and have nothing concrete despite the app being open source, with reproducible builds, under a ton of international scrutiny. I have read part of their code. I have understood the protocol itself for some of my classes.

It’s one of the rare FLOSS project that is actually good enough in terms of UX to actually reach popular adoption. We shouldn’t shoot it down.

On the side there are some concerning security issues with Matrix which I detail here. Signal is much much more attentive to the security of their implementation.


the server code being not federated means you effectively can’t (or won’t) self host.

This doesn’t matter if the app is designed to not require a trusted server

Threema has generated IDs, Matrix has usernames, Telegram has usernames. Why can’t Signal?

Because they originally worked by encrypting SMS, which required phones numbers. Internet messaging arrived later, and they are working on usernames in a similar way to how Telegram does it if I understand correctly.








Since they mostly just repackage Bing, Qwant and DDG also showed no results…

fedilink






I think it’s a clear improvement to the old interface, and makes the feature more discoverable…

fedilink





Hell site - Aral Balkan

I found this to be a nice re-flexion around the issues of Venture Capitalism founded websites…

fedilink

Hell site - Aral Balkan

I found this to be a nice re-flexion around the issues of Venture Capitalism founded websites…

fedilink

This seems like a really interesting project…

fedilink