You have to laugh … I remember Glastonbury, up to my knees in mud - it’s all part of the fun. Having said that, it’s unlikely turn into a survival situation in a field in Somerset, so not really that comparable …
It’s Saturday, only losers leave before the man burns (Saturday night). If this keeps up through late Sunday then it might start to be a problem. If anything this will keep out straggling weekenders.
Signal is too darn secure. Much better to have one dude who probably knows how to use a crypto library build the whole thing over again with a coat of ActivityPub on top
This isn’t really specific to federated software. The client can go offline but the server can’t. Same applies to all centralized services. The only place this really applies is for decentralized (as in, no central points) systems, and those tend to have a lot of special sauce to make other people being offline less painful
Hackers are using a fake Android app named ‘SafeChat’ to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones....
Please don’t blame the people who were forced to implement this. There are engineers to blame behind all shitty tech in the world. They’re just trying to work a job. There aren’t exactly a lot of jobs in the tech industry where you don’t work for some of the evilest motherfuckers alive building unimaginably evil stuff. I’m all for directing as much hate, vitriol, credible threats of violence, etc at the people on top, but let’s leave the poor sap who they forced to do their dirty work alone.
And now you can’t even buy a chromecast workout an always on microphone. It’s like Google is doing a mass advertising campaign that says “please get off our platform and pirate everything”
Encourages users to just add a rotating number or other not too secure thing to their password. I know that’s what I did when I worked somewhere with that dumbfuck policy.
Only if the signal crew collectively fell down, hit their heads and forgot about their whole mission of protecting metadata privacy. Matrix is a privacy nightmare (compared to signal). It offers optional encryption for the actual text of the messages sent, but everything else from room membership lists to reactions are unencrypted and stored forever by the server. The end to end encrypted message feature was bolted on after the rest of the thing was built, and it shows.
We’ve seen signal.org/bigbrother/ where signal proudly shows that they don’t have any metadata about their users to turn over. There’s a reason we don’t see anything like this for matrix.
Matrix is good at federating, but fucking horrible at keeping your information safe.
All of the people recommending matrix don’t understand why signal is secure. Matrix offers the same level of end to end encryption as Facebook Messenger, but it’s federated so people who care more about federation than privacy like to misrepresent its safety
Facebook Messenger offers optional end to end encryption just like Matrix. Just like Matrix, the server knows who you’re talking to, what groups your in, who else is in those groups, how many messages you sent to which group, who’s messages you react to, etc. But the actual text of the message is technically encrypted so Facebook can’t respond to subpoenas for your messages. I use Facebook Messenger as an example because Facebook is (correctly) generally considered not private or safe.
“theoretically” being the operative word here. Most people don’t. And if they did, they wouldn’t be able to talk to anyone else without the metadata getting copied to that person’s server. Probably okay if it’s between two information security experts who operate their secure own servers, but in reality most people don’t do that. This could be summarized as: Matrix offers a lot of easy ways to be less secure, Signal does not.
As for WhatsApp, I know they have paid or maybe still do pay Signal for their encryption. I believe Facebook Messenger did or does as well. I’m not sure what the actual implementation looks like and neither is anyone else, because it’s closed source.
Not sure why you think I don’t understand why matrix operates the way it does and I’m especially not sure why you think you know what I want. To help clear it up: I want a secure, decentralized encrypted messaging system that doesn’t let anyone but the participants access any information about their conversations, just like everyone else. What I DONT want is people misrepresenting the current landscape, as many in this thread are doing. End to end encryption of the actual text of the messages is not at all good enough, and Signal has made enormous strides in demonstrating alternative options. I’m not a fan of the usual things people don’t like about signal (phone numbers, centralized server architecture, mixed feelings on removing SMS from Android). Matrix addresses almost all of these, and does a lot of other cool things, but does so at the cost of a lot of privacy. I want people to stop acting like matrix and signal offer the same level of privacy. I get it, decentralization is good, but can we please not misrepresent the offerings of current decentralized solutions compared to current centralized ones just because we like the architecture of one more?
I’ve operated matrix servers and I’ve looked at the database to see what it knows. It knows a lot, and if a service provider was compelled to turn that over, it could be bad. We should be honest about what the server knows so people can make rational decisions.
That’s fair! If you’re on these type of forums, there are a lot of Signal haters and a lot of Matrix lovers, and sometimes they like to make confusing or just straight up inaccurate statements. The crux of the issue is not about the encryption of the text of messages themselves, which both platforms are capable of doing. Personally, I wish there was something like Signal but without the centralization, but the reality is such a thing doesn’t exist.
Signal (as in the Signal server and by extension the legal entity behind Signal) does not know what groups you’re in, does not know who’s in your contact list, does not know which groups you are sending messages to, doesn’t know which groups exist, and can’t tell the difference between a message, a reaction, a read receipt, a remote delete (“delete for everyone”), an edit… etc. Signal doesn’t have a way to send anything between two parties that the server can see. Signal has received a number of subpoenas which they typically fight, and if/when they lose they over all of the information they have about the subject of the subpoena, which tends to be whether or not they have a Signal account, when they registered the account and when they last used it. You can see these at signal.org/bigbrother/
Matrix (as in the Matrix server you’re registered on as well as the servers of whoever you’re talking to, for groups that means everyone in the group, notably this is not necessarily the same as the legal entity behind Matrix, but in practice a LOT of people use matrix.org for their home server so it frequently is) can see basically all of the things I listed above. The text of normal messages is encrypted. The group membership list isn’t encrypted. reactions aren’t encrypted. read receipts aren’t encrypted. Group membership lists are stored in plain text.
But that’s not what’s being said here. In this post people op is asking for federated Signal. People are saying matrix is just as secure. This is wrong and I am pointing that out so people don’t go thinking this is correct. Making misleading statements about the security of this sort of thing is dangerous.
It sounds like you’re slightly mis-remembering this oft-cited Hacker News comment from Moxie from 2015. I’m going to quote the main bit here because honestly a lot of people in this thread could stand to think about it:
If we were going to rank our priorities, they would be in this order:
Make mass surveillance impossible.
Stop targeted attacks against crypto nerds.
It’s not that we don’t find #2 laudable, but optimizing for #1 takes precedence when we’re making decisions.
Joining the fediverse can be a daunting proposition, and it is understandable that many end up on larger more centralised servers that are easier to find. I have also had some bad experience with smaller servers also. The first one I arrived on was very quiet, almost inactive, and I should have taken that as a warning sign....
The triangular top of the building in the center looks like a play button and I tried to click it several times. I don’t know if that’s the joke or im just stupid
Burning Man festival-goers trapped in desert as rain turns site to mud (www.theguardian.com)
You have to laugh … I remember Glastonbury, up to my knees in mud - it’s all part of the fun. Having said that, it’s unlikely turn into a survival situation in a field in Somerset, so not really that comparable …
Sup is a New Messaging App by the Creator of Pixelfed (wedistribute.org)
A new messaging app is in development, and the project is described as “an open source WhatsApp for the Fediverse.”
Safe for who? (exploding-heads.com)
Don't be a bigot let me in the chicken coop. (exploding-heads.com)
What are some downsides of software being federated?
Hackers manage to unlock Tesla software-locked features worth up to $15,000 (electrek.co)
Hackers steal Signal, WhatsApp user data with fake Android chat app (www.bleepingcomputer.com)
Hackers are using a fake Android app named ‘SafeChat’ to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones....
Suffering from success. (feddit.ch)
Google engineers want to make ad-blocking (near) impossible (stackdiary.com)
I want a rulemote (i.imgur.com)
"why would i change my passwords?" (pawb.social)
What If: Signal Was Part of the Fediverse? (signal.org)
Anyone else wondering?
nathan for rule (lemmy.ml)
The Queer Guide to Finding a Fediverse Server.
Joining the fediverse can be a daunting proposition, and it is understandable that many end up on larger more centralised servers that are easier to find. I have also had some bad experience with smaller servers also. The first one I arrived on was very quiet, almost inactive, and I should have taken that as a warning sign....
Rule (feddit.de)