Andromxda
@Andromxda@lemmy.dbzer0.com
- Submitted 18 hours ago to [deleted] | 63 comments
- Comment on Elon Musk’s X blocks links to Signal, the encrypted messaging service 3 days ago:
Would Mexico and Panama be the 54th and 55th then?
- Comment on Elon Musk’s X blocks links to Signal, the encrypted messaging service 3 days ago:
The first step would probably be to try and revoke their tax exempt non profit status. But I’m confident the Signal Foundation would at that point just move to another jurisdiction. Maybe Canada, Switzerland or something like that.
- Comment on Elon Musk’s X blocks links to Signal, the encrypted messaging service 4 days ago:
That’s what I thought when I first saw this
- Comment on Elon Musk’s X blocks links to Signal, the encrypted messaging service 4 days ago:
I agree
- Comment on Elon Musk’s X blocks links to Signal, the encrypted messaging service 4 days ago:
Absolutely
- Submitted 4 days ago to technology@lemmy.world | 87 comments
- Comment on Bad UX is keeping the majority of people away from Lemmy 6 days ago:
Bad choice, many new users specifically came here because of !piracy@lemmy.dbzer0.com, which can’t be accessed from lemmy.world.
- Comment on Time to get serious with E2E encrypted messaging 1 week ago:
There was a period where they didn’t push changes to the repo, but all the code was released afterwards and it’s been getting regular updates ever since. But it also doesn’t matter at all, since the Signal client is designed in a way that avoids putting trust in the server. Signal servers could literally be run by the NSA and it wouldn’t matter, as everything is fully end-to-end encrypted, including metadata. The Signal protocol was also updated to use post-quantum cryptography in 2023.
- Comment on Time to get serious with E2E encrypted messaging 1 week ago:
Signal’s default, well-supported installations use Google services
Signal only uses FCM for notifications, with a fallback mechanism (WebSockets) being available in all builds of the app, as well as Google Maps for location sharing (which most people probably don’t use anyway).
so unless you’re an extremely atypical user, those services are present on most of your contacts’ devices
Google Play services being present on people’s devices has nothing to do with Signal including the library. They are present on almost every Android device, because Google pressures OEMs to include them and grant them system level privileges.
Let’s also remember that E2EE doesn’t protect the endpionts
Yeah, but that’s the case with EVERY messenger app, so I really don’t know what your point is here?
- Comment on Time to get serious with E2E encrypted messaging 1 week ago:
As far as I know moxie, signals lead dev, considers only the use of the officially build and distributed client authorized to use their servers.
Moxie has resigned a few years ago. The article you linked to is 9 years old, Signal leadership has changed a bunch of times since. Signal can’t detect that you’re running an alternative client, because that check would require them to include some new code in the official client. Even if they did this, they couldn’t just ban anyone who’s client doesn’t pass the check, since it could just be an older version of the official client. They could force everyone to use the official app, but they really have no reason to invest time and effort into enforcing this. Molly is only available for Android, and it isn’t even on the Play Store or the official F-Droid repo, so the user base naturally won’t be as big.
- Comment on Time to get serious with E2E encrypted messaging 1 week ago:
No it’s not: github.com/signalapp/signal-server
- Comment on Time to get serious with E2E encrypted messaging 1 week ago:
Have you been using this one?
I tried it out once, but I currently don’t use it, because I just run mollysocket on my own server.
On my app I don’t get rich notifications only “you may have a new message”.
That should only be the case while your Molly database is locked, because the actual messages can’t be decrypted, so no message preview can be shown in the notification.
- Comment on Time to get serious with E2E encrypted messaging 1 week ago:
Oh that’s the only one I know of. I thought that this is what you’re referring to.
- Comment on Time to get serious with E2E encrypted messaging 1 week ago:
it’s not really different from Whatsapp or Telegram
That’s not true. WhatsApp is fully proprietary and Telegram doesn’t use E2EE by default. And even if you enable it, they use a weak encryption protocol.
- Comment on Time to get serious with E2E encrypted messaging 1 week ago:
It’s also available on their website btw: signal.org/android/apk/
- Comment on Time to get serious with E2E encrypted messaging 1 week ago:
Well, you can still insert client side decryption into the app.
That’s why all clients are fully open-source. You can also use a fork like Molly.
- Comment on Time to get serious with E2E encrypted messaging 1 week ago:
your conversations are still tied to Google
That’s simply false. Signal Notifications never include the content of the message or any metadata, no matter if they’re sent over FCM, APN, WebSockets or UnifiedPush (via mollysocket). That wouldn’t even be possible, since the Signal server sending out the notification doesn’t even have the key to decrypt the message. Only the users involved in the conversation have the keys, that’s how end-to-end encryption works. Signal simply sends an empty message via FCM (or any other push system), and the Signal app on your device then receives and decrypts the encrypted message and shows you a preview of the message content as a notification on your operating system.
And every build of the Signal client for WhatsApp also supports WebSockets as a fallback push notification system, in case Play services aren’t installed or can’t be reached. The only reason why FCM is used by default is that it saves some battery, because it only maintains one background network connection for all apps, instead of each app handling notifications themselves.
- Comment on Time to get serious with E2E encrypted messaging 1 week ago:
I personally have them hosted on fly.io for free via the legacy hobby plan
Here’s the link for anyone who’s interested: github.com/pcrockett/mollysocket-fly
- Comment on Time to get serious with E2E encrypted messaging 1 week ago:
so the company can be bought
The company (Signal Messenger LLC) is fully owned by Signal Foundation, a 501©3 non profit organization.
Try to use federated services
I generally like this idea, and I also use federated services for things like social media, that’s why we’re having a discussion here on Lemmy. But it introduces some issues with private messaging, like lack of reliability, which sucks if you want to use Matrix as your primary messenger, as well as metadata leaks. Federation is not always the answer, and in my opinion definitely not when it comes private and secure messaging.
they are more robust against hostile take overs
Probably around 80-90% of Matrix users are on the matrix.org homeserver, so it’s absolutely not as decentralized and resilient as you think it is.
- Comment on Time to get serious with E2E encrypted messaging 1 week ago:
I currently use Telegram for my friends and family
Telegram is probably the worst thing you could use, it doesn’t encrypt messages by default and they are stored on Telegram’s servers, so they can read them at any time.
I’m also on Element/Matrix. Before I try to get my contacts to join me on there, should I be aware of any privacy issues
Yes, Matrix leaks a bunch of metadata and doesn’t have post-quantum encryption.
The best option is to use Signal. It uses end-to-end encryption by default for everything: Normal chats, group chats, voice and video calls and even stories. Messages are only stored on their servers (in encrypted format, so they can’t access them) until you receive them, after which they are promptly deleted and only stored on your device. And Signal has much better metadata protection than Matrix.
- Comment on For-profit Pie Adblock (from the founder of Honey) called out for copying uBlock Origin open source code without credit 1 month ago:
I recommend Ice as a FOSS alternative to Bartender. Recently discovered it through a Mastodon post mastodon.macstories.net/…/113600838579784511
Also
[stats](https://github.com/exelban/stats)as an alternative to iStats Menu btw - Comment on For-profit Pie Adblock (from the founder of Honey) called out for copying uBlock Origin open source code without credit 1 month ago:
GPLv3
- Submitted 1 month ago to [deleted] | 6 comments
- Submitted 2 months ago to [deleted] | 3 comments
- Comment on !beacondb@lemmy.dbzer0.com, for open, ethical and private network location data that doesn't rely on big tech 3 months ago:
Unfortunately not, since iOS does not allow third-party apps to access the APIs required for Wi-Fi scanning. I think Bluetooth could be done, but bluetooth beacons by themselves aren’t as useful.
From our Matrix room (somebody recently asked the same question):
- Comment on !beacondb@lemmy.dbzer0.com, for open, ethical and private network location data that doesn't rely on big tech 3 months ago:
Whoops, forgot to actually put the community link in the post. It’s fixed now.
- !beacondb@lemmy.dbzer0.com, for open, ethical and private network location data that doesn't rely on big techlemmy.dbzer0.com ↗Submitted 3 months ago to newcommunities@lemmy.world | 5 comments
- Comment on Is a filter for muting Lemmy 'power users' possible? 3 months ago:
Seems like I have 1.6K since I came here in March - that’s 7 months. It would equate to 2.7K if I kept it up at this rate for a whole year.
- Comment on Baidu CEO warns AI is just an inevitable bubble — 99% of AI companies are at risk of failing when the bubble bursts 3 months ago:
I think all the crypto scams, all the shitcoins, NFTs and other blockchain bullshit were much worse. At least AI companies usually don’t require you to give them large sums of money, they’re only after your data and absolutely fuck the environment by wasting absurd amounts of power, but they don’t try to take away your life savings
