Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

Signal Protocol and Post-Quantum Ratchets

⁨149⁩ ⁨likes⁩

Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ by ⁨Andromxda@lemmy.dbzer0.com⁩ to ⁨technology@lemmy.world⁩

https://signal.org/blog/spqr/

source

Comments

Sort:hotnewtop
  • guy@piefed.social ⁨3⁩ ⁨weeks⁩ ago

    “SPQR” lol

    source
  • trailee@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago

    Software engineering is so often dominated by a move fast and break things mentality, driven by a rush to deploy and scale and profit, with the ability to fix problems with later updates. It’s a very immature process compared to every other engineering domain, because fix-it-later is much more difficult, expensive, and dangerous when it’s a bridge, building, airplane, or anything else tangible (although Boeing did a great job of destroying engineering process and accountability after the MBAs took control away from the engineers).

    The work detailed in this Signal blog post is clearly slow and methodical, with continual checks for correctness and curiosity for optimal solutions driving careful experimentation. Building on existing proven PQ standards and keeping their refinements open for public academic feedback is wonderfully responsible. Building formal correctness proofs into CI and blocking trunk merges is spectacular.

    They’re doing everything right, even years after Moxie Marlinspike’s departure. Bravo! Working this way is very expensive and requires absolute support from upper management. I’m definitely a fanboy for Meredith Whittaker and the direction she’s running the organization. Hell yeah!

    source
  • Korkki@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago

    I’m still convinced that Signal is an NSA honeypot.

    source
    • AlmightyDoorman@kbin.earth ⁨3⁩ ⁨weeks⁩ ago

      What why? The e2e protocol is open source as is the client. How would that even work?

      source
      • Korkki@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago

        Central servers basically. Funded by ex-meta people and endorsements from western governments (general “if it’s popular then it’s compromised” suspicion). Also it requires your phone number gathers things like contact info from the phone, even if one assumes the messages are secure. basically could be seen as relinquishing a list of potential associates…

        I don’t think Signal is unsecure, in a sense. it’s just secure for nobodies or anybody who want to use it in non western countries against governments hostile to the west or being designated to regime change targets. I however don’t think it’s much more secure than whatsapp for an high profile pro-Palestine activist for example. It’s a privacy tool for some and honeypot for others depending how they relate to US security state and western governments.

        source
        • -> View More Comments
    • Dreaming_Novaling@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago

      Considering Signal has been subpoenaed several times and proven in court the only thing they can give the feds is:

      1. Do you have an account with Signal? (Registered Phone #)
      2. When did you make the account?
      3. When did you last connect to the service?

      I don’t think it’d be in their best interest to lie to the feds 6 times. You can quite literally read the subpoena for yourself, such as the most recent one in August 2024, which is only 2 pages long.

      source
    • black_flag@lemmy.dbzer0.com ⁨3⁩ ⁨weeks⁩ ago

      It’s actually way simpler than that. It was funded by the CIA for a long time because it was used to support insurgencies that the CIA was into. They pulled that a while back because Americans were getting into it, hence all the calls for donations in the past several years.

      Too bad I forgot where I heard this. May not be true, idk, who knows these days. But it makes sense.

      source
      • 4am@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago

        Are you thinking of Tor?

        source
      • Korkki@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago

        Yeah there was some Radio Free Asia money connection with the open whisper system that now is Signal.

        source
  • sadfitzy@ttrpg.network ⁨3⁩ ⁨weeks⁩ ago

    Keep in mind, pedophiles don’t use Signal.

    They use Matrix, which is a real thorn in the side of the authorities trying to catch them.

    Hopefully this gives you some insight into which platform is more private.

    source
    • black_flag@lemmy.dbzer0.com ⁨3⁩ ⁨weeks⁩ ago

      That’s uhhh…a weird selling point ya got there bud.

      source
      • sadfitzy@ttrpg.network ⁨3⁩ ⁨weeks⁩ ago

        It’s the truth.

        source
    • pulsewidth@lemmy.world ⁨3⁩ ⁨weeks⁩ ago

      How do you know? 😑

      Please link a single news source showing Signal app was part of a pedophile bust - should be easy if its got poor encryption that can be backdoored by authorities.

      source