That means nothing when the servers stop taking EU traffic. I get your point, but the real solution here is putting a bullet (double tap) in Chat Control, once and for all.
Comment on Head of the Signal app threatens to withdraw from Europe
SnoringEarthworm@sh.itjust.works 1 day ago
Signal CEO Whittaker said that in the worst case scenario, they would work with partners and the community to see if they could find ways to circumvent these rules. Signal also did this when the app was blocked in Russia or Iran. “But ultimately, we would leave the market before we had to comply with dangerous laws like these.”
This is why we need the ability to sideload apps.
plz1@lemmy.world 1 day ago
0x0@lemmy.zip 1 day ago
putting a bullet (double tap) in Chat Control,
Yes, please.
once and for all.
LOL, no. They’ll come back again with some other bullshit to Save the Children!™, it’s a never-ending whack-a-mole.
mcv@lemmy.zip 1 day ago
We need to get the right to privacy and control over our own devices enshrined as fundamental rights, like so many other rights the EU protects.
mangaskahn@lemmy.world 1 day ago
And they only have to win once, we have to fight and win every time they introduce a new variant. Its exhausting.
jaybone@lemmy.zip 1 day ago
That means nothing when the servers stop taking EU traffic
I don’t use any of these apps, so I’m not quite sure how they work. But couldn’t you just make an app that keeps a local private and public key pair. Then when you send a message (say via regular sms) it includes under the hood your public key. Then the receiver when they reply uses your public key to encrypt the message before sending to you?
Unless the sms infrastructure is going to attempt to detect and reject encrypted content, this seems like it can be achieved without relying on a server backend.
3abas@lemmy.world 1 day ago
That is how the signal protocol works, it’s end to end encrypted with the keys only known between the two ends.
The issue is that servers are needed to relay the connections (they only hold public keys) because your phone doesn’t have a static public IP that can reliably be communicated to. The servers are needed to communicate with people as they switch networks constantly throughout the day. And they can block traffic to the relay servers.
conorab@lemmy.conorab.com 11 hours ago
white_nrdy@programming.dev 1 day ago
I think they’re suggesting doing it on top of SMS/MMS instead of a different transport protocol, like Signal does, which is IP based
visnae@lemmy.world 1 day ago
It is potentially doable:
A short message is 140 bytes of gsm7-bit packed characters (I.e. each character is translated to “ascii” format which only take up 7-bit space, which also is packed together forming unharmonic bytes), so we can probably get away with 160 characters per SMS.
According to crypto.stackexchange, a 2048-bit private key generates a base64 encoded public key of 392 characters.
That would mean 3 SMSs per person you send your public key to. For a 4096-bit private key, this accounts to 5 SMSs.
As key exchange only has to be sent once per contact it sounds totally doable.
After you sent your public key around, you should now be able to receive encrypted short messages from your contacts.
The output length of a ciphertext depends on the key size according to crypto.stackexchange and rfc8017. This means we have 256 bytes of ciphertext for each 2048-bit key encrypted plaintext message, and 512 bytes for 4096-bit keys. Translated into short messages, it would mean 2 or 4 SMSs for each text message respectively, a 1:2, or 1:4 ratio.
- NIST recommends abandoning 2048-bit keys by 2030 and use 3072-bit keys (probably a 1:3 ratio)
- average number of text messages sent per day and subscriber seems to be around 5-6 SMS globally, this excludes WhatsApp and Signal messages which seems to be more popular than SMS in many parts of the world [quotation needed, I just quickly googled it]
Hope you have a good SMS plan 😉
plz1@lemmy.world 1 day ago
That makes the assumption you want to use your phone number at all. And I’m sure the overhead of encryption would break SMS due to the limits on character counts.
Alaknar@sopuli.xyz 1 day ago
That makes the assumption you want to use your phone number at all
Can’t use Signal without a phone number.
0x0@lemmy.zip 1 day ago
manuallybreathing@lemmy.ml 21 hours ago
It was so hard getting people to use signal im imagining thisll never catch on
Jason2357@lemmy.ca 1 day ago
That’s how signal started way back. Doesn’t work well - sms is terrible.
wewbull@feddit.uk 1 day ago
Signal has never done that. Whilst the app might not be available in some regions they’ve been proud to talk about how people can use it to avoid government barriers.
plz1@lemmy.world 23 hours ago
The CEO is saying they are willing to, that should be taken seriously.
Korhaka@sopuli.xyz 1 day ago
You can run your own server for signal by the look of it
white_nrdy@programming.dev 1 day ago
Not officially I don’t think. And even if you did, you’d need a customized app to point to said server, and then you wouldn’t be interoperable with the regular signal network
NocturnalEngineer@lemmy.world 1 day ago
Most likely the reason, among others, they’re fighting tooth & nail to remove side loading too.
Tollana1234567@lemmy.today 9 hours ago
Even the OPLus phones are planning to softlock their phones in newer models
lmmarsano@lemmynsfw.com 1 day ago
Are they?
SnoringEarthworm@sh.itjust.works 1 day ago
lmmarsano@lemmynsfw.com 1 day ago
Google will soon stop you sideloading unverified apps
unverified
ie, unsigned, so sideloading is still available and they are not
fighting tooth & nail to remove side loading too
You can sign it yourself or bypass verification with
adb
as they documented.Will Android Debug Bridge (ADB) install work without registration? As a developer, you are free to install apps without verification with ADB.
If I want to modify or hack some apk and install it on my own device, do I have to verify? Apps installed using ADB won’t require verification.
In other words, cool misinformation.
markovs_gun@lemmy.world 1 day ago
I have become convinced by Cory Doctorow’s (tech writer and inventor of the term “enshittification”) argument that the fact that we’re even discussing this in terms of “sideloading” is a massive win for tech companies. We used to just call that “installing software” but now for some reason because it’s on a phone it’s something completely weird and different that needs a different term. It’s completely absurd to me that we as a society have become so accustomed to not being able to control our own devices, to the point of even debating whether or not we should be allowed to install our own software on our own computers “for safety.” It should be blatantly obvious that this is all just corporate greed and yet the general public can’t or refuses to see it.
jabjoe@feddit.uk 11 hours ago
There are groups to support:
And in the UK:
Some political groups are better than others, but most politicians are clueless.
The key is to get muggles to understand we are living in Technofeudalism and why being digital serfs is bad. The problem is ineffective competition law and that monopolies are bad. That monopolies and standards are not the same thing. I have no idea how. Most people are just naturally compliant and unquestioning of something seemingly so abstract.
xspurnx@lemmy.dbzer0.com 1 day ago
TBH I was confused when I came across the term “sideloading” for the first few times because I thought it was something new. Part if the plan I guess. Damn.
debil@lemmy.world 10 hours ago
In the 80’s (I’m that old), many home computers came with the programming manual, and the impetus was to learn to code and run your programs on your own device. Even with Android it’s not especially hard (with LLM’s even less so than it used to be) to download Android Studio, throw some shit onto the screen, hit build, and run your own helper app or whatever
sideloadedinstalled via usb cable (or wirelessly) on your own device.In certain cases (cars, health related hw etc.) I get why it’s probably for the best if the user is not supposed to mod their device outside preinstalled sw’s preferences/settings. But when it comes to computers (i.e. smartphones, laptops, tablets, tv boxes etc.) I fully agree with Cory here. Such a shame everything must go to shit.
jali67@lemmy.zip 12 hours ago
Most of the general public buries their head in the sand. They are convinced being politically involved is either a waste of time or makes you crazy.