Zak
@Zak@lemmy.world
- Comment on Mastodon is bringing quote posts to the fediverse 2 days ago:
You can write software to filter on arbitrary criteria with ActivityPub, or email, or IRC, or virtually any other protocol. My point is that ATProto is designed to actively encourage it, and the flagship implementation does so. Subtle hints in interfaces have a big impact on how people, including developers use software.
- Comment on Mastodon is bringing quote posts to the fediverse 2 days ago:
When a substantial fraction of users are actually using an appview with that trait, that will be great.
- Comment on Mastodon is bringing quote posts to the fediverse 2 days ago:
It’s a difference in vision, but I don’t like BlueSky’s vision here.
Combining the Reddit-like and Twitter-like experiences in one place is a little awkward, but following a blog or a Youtube-like from a Twitter-like isn’t. Having the option to switch to a more optimal appview is great, but realistically a lot more people would follow a blog from BlueSky than would use their BlueSky identity to sign into WhiteWind.
- Comment on Mastodon is bringing quote posts to the fediverse 3 days ago:
It is likely most other software will be able to consume them.
This highlights what I believe to be a poor choice in the design of BlueSky’s AT Protocol; ActivityPub software is usually liberal in what it accepts and displays, while ATProto enforces schemas (“lexicon”).
- Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users 1 week ago:
Which nullifies the point of certificates having an expiration date (limited window for exploiting a compromised certificate, possibility of domains changing hands), not the point of validating the signature (tie responsibility for apps to who owned a domain on a specific date, allow third parties to create blacklists of bad developers).
- Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users 1 week ago:
How? Expiration doesn’t grant an unauthorized party access to the private key.
- Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users 1 week ago:
Another option is to allow otherwise-valid signatures after expiration. It’s generally still possible to check them.
- Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users 1 week ago:
It provides a way to open an investigation into a malicious developer without giving Google the ability to ban anyone it doesn’t like.
- Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users 1 week ago:
Sure, the developer needs to keep the certificate up to date and re-sign the APK on occasion.
- Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users 1 week ago:
It need only check at install time.
- Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users 1 week ago:
It might be a reasonable trade for users to make if Google assumed liability. In fact, that would be an interesting way to implement laws to discourage practices like these.
- Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users 1 week ago:
I’m inclined to think that’s not the job of an OS vendor to prevent. Sure, put a warning label on it, but it’s the user’s device; once they say they know what they’re doing, that should be that.
- Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users 1 week ago:
If Google wanted to add developer verification without being evil, it could use SSL certificates connected to domain names. I think the whole concept is ill-conceived, though I’ll admit to a modest bias against protecting people from themselves.
- Comment on Nepal bans social media(Facebook, X, Reddit, Mastodon, Discord, Signal, YouTube and more) for failing to register with the government; Only 7 to be open(Viber, TikTok, Telegram and more) 1 week ago:
Is there even a desktop client for Signal?
Yes. There’s also an experimental third-party client for desktop Linux called Flare. I’ve used Flare on some devices that the official client doesn’t support and found it adequate. With some more maturity, I’ll probably prefer it to the official client. Signal officially discourages third-party clients because it cannot guarantee their security but does not attempt to block them except in cases where specific clients are known to be compromised.
Account creation on the mobile app is recommended before using these as it relies on SMS verification. I don’t like that, but it probably cuts down on spam; I’ve received exactly one spam on Signal in over 10 years of use.
The mobile app isn’t on F-droid so I can’t easily install it… Does Signal require Google Play Services to get Firebase messages?
Signal encourages installing from Google Play and uses Firebase messages by default, but does work without them. Given your set of preferences, however, you would probably prefer the third-party client Molly, which is on F-Droid and supports UnifiedPush.
I want a zillion separate self-hosted non-federated servers… something like email addresses in it, that tell the client what server to connect to for a given person.
That sounds like it ends up with properties similar to federation, but the client has to do all the work. The client would also need some means of identifying itself to all those random servers where there’s a cost to creating new identities, or people would need to do key exchange when they exchange contact information. Without that, this proposed system would be overrun by spam as soon as it got popular.
Server-side federation solves a lot of problems. Why wouldn’t you want that?
every computer in the world has Wikipedia on its hard drive for completely private access
You can do that. The download with images is over 100gb compressed, and it expands to several terabytes. It’s not hard to imagine why most people don’t want to use it that way.
- Comment on Nepal bans social media(Facebook, X, Reddit, Mastodon, Discord, Signal, YouTube and more) for failing to register with the government; Only 7 to be open(Viber, TikTok, Telegram and more) 1 week ago:
So why didn’t [Signal make it easy to connect to alternate servers]?
Encouraging the use of alternate servers on which only a handful of people can communicate instead of everyone who uses Signal is probably a net loss. Having to connect to multiple servers or switch servers to communicate with everyone a user wants to talk to sounds like a pretty bad experience. That would be different if it was federated. Co-founder Moxie Marlinspike has argued that federation would make it harder to achieve Signal’s goals of bringing private communication to as many people as possible. I want him to be wrong about that, but my experiences with Matrix suggest he might not be.
they are in the eyeball monetization business or are gearing up to enter it
I don’t think so, in large part because they’re structured as a nonprofit and have enough funding to last a while. I would think that about a venture-backed startup under similar circumstances.
I don’t use Signal so I don’t understand what is supposed to be great about it
It’s just another messaging app in terms of UX. The value comes from:
- Many of my friends and family use it
- It’s familiar enough and reliable enough that if I ask someone who doesn’t already use it to move a conversation to Signal, I’m confident they won’t be mad at me for complicating their life
- It’s secure by default and difficult for users to accidentally make private information not-private (e.g. by saving media to device storage where other apps can access it without user confirmation)
- Its security and privacy have been inspected by a wider range of experts than most other options
- The organizational structure and funding model means it’s unlikely to be enshittified in the next decade
Nextcloud Talk doesn’t have end to end encryption. It’s experimental on Jitsi. It’s hard to justify not having that for a private messaging service in 2025.
- Comment on Nepal bans social media(Facebook, X, Reddit, Mastodon, Discord, Signal, YouTube and more) for failing to register with the government; Only 7 to be open(Viber, TikTok, Telegram and more) 1 week ago:
The analogy between a private messaging service and a bar is not just strained; it’s nonsensical.
It might work for a chat system that’s mainly public and discoverable like Matrix, IRC, or Discord. A community having too many people, or any people who don’t follow certain norms can make it unpleasant. As long as it keeps out spammers, Signal having people I don’t want to talk to on it won’t affect me at all; I just won’t give those people my phone number or username.
- Comment on Nepal bans social media(Facebook, X, Reddit, Mastodon, Discord, Signal, YouTube and more) for failing to register with the government; Only 7 to be open(Viber, TikTok, Telegram and more) 1 week ago:
I’m bothered mostly by the default Signal app’s inability to use a self-hosted server instead of signal.com’s own server.
I don’t like the centralized nature of it either, but until someone makes a decentralized option that’s polished and reliable enough that nobody will be mad at me after I talk them into using it, Signal will be my go-to for messaging.
Ideologically, I’d like it to be Matrix. I use Matrix on occasion, at least when Element web isn’t taking up 10% of my laptop’s RAM, ElementX isn’t crashing on load, and whatever native desktop client I tried last is actually performing key exchange so I can read my private messages. I would not try to talk someone into trying Matrix right now unless they were ideologically motivated or interested in the technology.
- Comment on Nepal bans social media(Facebook, X, Reddit, Mastodon, Discord, Signal, YouTube and more) for failing to register with the government; Only 7 to be open(Viber, TikTok, Telegram and more) 1 week ago:
I’m not sure adding a questionable social feature to a messaging app is reasonably comparable to the very long list of insane and/or evil shit Musk has done.
Like any messaging system, Signal’s utility is proportional to its userbase. If stories get more people to use it without making it worse for people who don’t care, then they’re a good idea even if I think everything else about the concept is bad.
- Comment on Nepal bans social media(Facebook, X, Reddit, Mastodon, Discord, Signal, YouTube and more) for failing to register with the government; Only 7 to be open(Viber, TikTok, Telegram and more) 1 week ago:
I think it’s a silly feature for a messaging app, but it has no impact on me if I ignore the feature.
- Comment on Let Google know what you think about their proposed restrictions on sideloading Android apps. - Android developer verification requirements [Feedback Form] 2 weeks ago:
No doubt many “legitimate” apps, including some of Google’s own are spyware. This claims to be about the sort of malware that steals your bank account login.
I’d even speculate that most of the people involved are working in good faith; they think they’re the good guys and they can be trusted with that kind of power. Nobody should have that kind of power though because it always leads to corruption.
- Comment on Let Google know what you think about their proposed restrictions on sideloading Android apps. - Android developer verification requirements [Feedback Form] 2 weeks ago:
Public pushback on stuff like this does work on occasion. It even worked on Apple when they proposed upload filters for CSAM.
Google’s intent in the short term probably is just about malware, but in the long term it gives them, and governments which can pressure them the ability to ban any app from nearly all Android devices. Once deployed, there’s a near 100% chance of such a mechanism being used for evil.
- Comment on Study: Social media probably can’t be fixed 4 weeks ago:
I don’t mean replying, but selecting from a menu of possible reasons to downrank a post. Slashdot’s moderation system that I mentioned earlier has (or had - haven’t looked there in a while) “troll” as one of the categories.
- Comment on Study: Social media probably can’t be fixed 4 weeks ago:
After 20 years of living with it, I’ve decided I don’t like the downvote. The upvote is fine.
Reddit’s founders, early on tried to encourage people to treat the downvote as moderation. It was meant to mean that a thing doesn’t belong on reddit and people shouldn’t see it. Of course that quickly became mere dislike or disagreement.
I’d prefer an approach that requires some input about what’s wrong with a post in order to reduce its prominence; a restricted list of options as in Slashdot’s moderation would be sufficient, I think. I’m not sure whether this should necessarily require also making a report to a more powerful admin/moderator, but I lean toward making that optional in most communities.
- Comment on Study: Social media probably can’t be fixed 4 weeks ago:
The study is based on having LLMs decide to amplify one of the top ten posts on their timeline or share a news headline. LLMs aren’t people, and the authors have not convinced me that they will behave like people in this context.
The behavioral options are restricted to posting news headlines, reposting news headlines, or being passive. There’s no option to create original content, and no interventions centered on discouraging reposting. Facebook has experimented with limits to reposting and found such limits discouraged the spread of divisive content and misinformation.
I mostly use social media to share pictures of birds. This contributes to some of the problems the source article discusses. It causes fragmentation; people who don’t like bird photos won’t follow me. It leads to disparity of influence; I think I have more followers than the average Mastodon account. I sometimes even amplify conflict.
- Comment on Schools are using AI to spy on students and some are getting arrested for misinterpreted jokes and private conversations 5 weeks ago:
This is an ass-covering response to school shootings, because some of the shooters have expressed their intent before.
A strip search obviously isn’t necessary even if it’s a credible threat; a metal detector wand and basic pat down is more than enough to ensure someone doesn’t have a gun. This wasn’t a credible threat though, and a chat with the school counselor would have been the right way to handle this.
- Comment on Schools are using AI to spy on students and some are getting arrested for misinterpreted jokes and private conversations 5 weeks ago:
Snapchat’s automated detection software picked up the comment, the company alerted the FBI, and the girl was arrested on school grounds within hours.
Someone should tell the kids about Signal.
As for monitoring on school computers, that seems OK to me if it’s disclosed to the students and parents in advance. What’s problematic is the responses, which seem much more focused on ass-covering than student welfare. I imagine most 13 year olds have made jokes about killing people once or twice and any adult with common sense would be able to tell they’re jokes.
- Comment on Best option for enabling comments on my Ghost blog? 5 weeks ago:
Not Lemmy, unless the post tags a community.
- Comment on Grok’s ‘spicy’ video setting instantly made me Taylor Swift nude deepfakes 5 weeks ago:
Yes, but Musk makes inappropriate offers to impregnate women regularly, so this isn’t surprising.
- Comment on 5 weeks ago:
A flashlight is literally one of the simplest electronic devices there is
You might be surprised at everything going on inside a modern flashlight. I’ll grant that it’s probably easier to find room for extra seals around the port than in a smartwatch though.
- Comment on 5 weeks ago:
If you mean a USB-C port in general, they can be made waterproof. If you mean something specific to putting one in the most compact form factor possible, that might be true.
