Follow

turning into a crypto-ponzi currency scheme?

stephendiehl.com/blog/signal.h

Surprise!

That Signal:
- isn't really free/libre software (as Moxie denied freedom to redistribute modified version)
- would *never* federate (political choice of centralization)
- updated server software wasn't published
- invaded people's phonebooks
- runs on Amazon+NSA's infrastructure
- is virtually impossible to use out of Google's infrastructure -
- etc.

...didn't seem to be enough to alarm Signal users.

AH also forgot what is probably the most important from a privacy/information-security perspective:

- impossible to use without a *phone-number*!

Now the true objective of all these political choices (strong identifier + centralization + control of the distribution, etc) becomes clear: there is a financial interest to keep the users captive, to get rich with ponzi-crypto....

... well done, Moxie, many of us didn't see it coming! :)

@jz
To your credit, you've been calling them out since a long time now. Good on ya.

@jz Sadly for regular people, it's the only option beyond whatsapp

It's basically the only one with a clean UI and E2EE that is on google play afaik

@josias @jz Cool idea, but feels quite janky, and isn't all that suitable as an IM app for non-tech people imo

@SigmaOne @jz Do you have specific complaints or things you find to be limiting factors in the hands of non-tech people?

@josias @jz Nothing too specific, mostly just being generally a bit confusing to use

Especially the encryption system, which in Signal and such doesn't require any configuration and just happens in the background

@SigmaOne @jz Yeah, encryption has been a pain. But it now works much better. No configuration is necessary anymore unless you want to do extra verification.

I use Element with many friends, both those proficient and non-proficient with technology. It was a bit of a pain at first, but now it works smoothly.

@josias @SigmaOne I think Matrix/Element has catastrophic elements and design choices too...

The fact that is pretends to "just work" is horrendous with a "multiple devices" model activated by default.

Think about it: Matrix/Element will accept new keys/devices without even asking, thus encrypting for 2, 3,.. 15 keys, that the user doesnt have to verify! The attack surface is immense!

"multiple device" model is a rich kid's dreams.. not really a feature for strong privacy. sad default :/

@jz @SigmaOne The alternative was the verification difficulty before. They are trying to find a balance between security and convenience. I agree that they could do better with security.

Maybe P2P will help with this.

@josias @SigmaOne

(paraphrasing Franklin) “Those who would give up essential privacy to purchase a little temporary comfort, deserve neither privacy nor comfort.”

back to: mamot.fr/@jz/10602470370001383

making tech choices based on comfort, "user-friendliness", "ease", etc. because "the users"/"normal people"/etc. are allegedly "stupid", can't learn and we know what they really *want*, right?... is always wrong imho.

@jz @SigmaOne @josias I'm not getting why nobody ever thinks about presenting the concept of keys with a few simple words on first use as a critical part of the UX.

@ged @SigmaOne @josias

have seen some UI (but only valid for short term keys) that tell the user:

"say 'XBZ', they say 'ZWP'" as short hashes-of-hashes of keys pronounceable at beginning of a session. It can be done with emojis also.

What it requires is not as much UI work as collective knowledge-building (hate to speak of "education" that is usually top-down) about the value (mostly political) of doing key verification.

btw kept pushing key verification further away in its UI...

@jz @ged @SigmaOne Element/Matrix has session verification still for when you need it. It still encourages you to do so, but it's no longer in your face when you make an encrypted room.

@josias @ged @SigmaOne

I kind of dream of a client (maybe also terminal-based) that would make radically different UI choices as Element. one that would force key verification, that would have "only send to verified" as a default, that would warn you when a key changes, etc...

@jz @SigmaOne @josias I'll take care of someone I love, which means I'll reply tomorrow. Sorry. And sorry for lacking context, I'd started to write my last reply 30 minutes ago, I wanted to send it anyway.
@SigmaOne @josias @jz Like: "Your private key is a code that is used to read your private messages. Nobody can read your private messages without this code, not even you. If you share by mistake this code, others will be able to read your private messages."

"We store your code encoded so we can't read it. You send it to you 'as is', and you need another secret code (a password) to decode it. In order to protect your privacy from permanent record, it must actually be secret and difficult to guess by computers, which means it will be difficult to remember. However, passwords managers take care of this : you only need to remember a single password. Alternatively, you may chat without using the internet (by writing a letter, or by scheduling a meeting)."

@jz @SigmaOne Not stupid. They just generally don't want to deal with the mess of understanding every detail.

@josias @SigmaOne

YES. now apply this to language:

"Oh learning how to read is just *boring* and takes too long. + i am not a _language expert_....

Just hand me this piece of paper you call contract already and i'll sign it!"

would be shocking right? everybody understands the value of spending 100s hours learning how to read and write.

it's s question of social+cultural+political perspective, not that ppl would be inherently more "stupid" than tech-elite (that had privilege to learn..)

@SigmaOne

I dont believe in the myth of "regular people":

- it's elitist and classist, and used by tech-elite to justify not doing efforts to teach; denying others' agency and ability to learn;

- it's wrong: i have witnessed 100s of journos and activists just LEARN "complicated" technology (tails+OTR+GPG, etc.);

- it justifies to take decision FOR the users, assuming that all face the same risk;

- it negates the political nature of tech choices, reading them only from comfort/easy angle.

@jz I guess it's a poor wording, I didn't intend to sound elitist, what I mean are people such as my parents who would be willing to use something more private, but don't want to have to learn any more technical knowledge

@SigmaOne there can only be poor wordings: "normal users", "noobs", "non-tech ppl", "my parents", "my wife", etc. it's *always* the same pitfalls i described, i think...

Your parents learned complicated things in their lives: to read, to write, maybe to drive and/or a technical job, etc.

Assuming tech things could "just work" without needing to learn anything is wrong, only favours domination.

Imagine someone saying "you dont need to learn how to read, just sign here". would you trust them?

@jz @SigmaOne

Still, UI/UX is really important. People will, most of the time, go the easy way.

@Fritange @jz @SigmaOne Delta.Chat is 100% free / libre software.
It comes with a user-friendly interface.
It ciphers every communications between two Delta Chat clients.
It relies on emails, a somewhat famous software federation.

grimoire-command.es/2019/delta

@Siltaer @Fritange @SigmaOne

hmm. t is based on protocols (SMTP/IMAP) that were never thought for privacy/confidentiality, that inevitably leave traces of metadata on multiple points of the network, and can (as a default!) send unencrypted messages.

+ the question of account creation is left to the user, and in most cases it's rather hard to get free email address without leaving identifying traces, thus pushing the problem of identification under somebody else's carpet.

not my 1st choice :)

@jz @Fritange @SigmaOne Seeking free email addresses looks like a trap for me. The good relation with a service provider is to be the client, paying for the service. If it's free, you're the product, sold to real clients.

So I recommand to get a domain for less than 10€/year and to use the email address packaged with it.

At some point, freedom comes with a cost when other are involved.

***

Then, Delta.Chat don't produce "perfect" forward secrecy. Ok. So What else ? (I'm using it meantime).

@Siltaer @Fritange @SigmaOne

Exactly! So you pay for a reliable email service... and therefore are leaving 100% identifiable meta-data all over the Internet, while Delta-chat makes you wonderful promises of security/privacy/etc... I find it misleading at best.... :/

@jz

As a policeman candidly told me once:

— Oh, don't worry about it! If we want to find you, we *will* find you.

While data minimisation is undoubtedly a good practice for a host of reasons, we are *not* anonymous or untraceable.

@Siltaer @Fritange @SigmaOne

@jz
+1 on Delta Chat here.
My point is : meta data are crtitcal if you have to keep identity secret as a matter of life or death.
On everyday use it is like physical paper mail : my mailman knows who send me mail. That's OK. He should not not know what the content is.
@Siltaer @Fritange @SigmaOne

@jz @matiu_bidule @Fritange @SigmaOne
So, what about Briar ? f-droid.org/en/packages/org.br

I managed to lost my password at each try (and there is no work around this). Regular backups are very importants…

I don't know if desktop clients exists…

But it's not leaking meta-data.

@Siltaer @matiu_bidule @Fritange @SigmaOne I really appreciate its promises and spirit.. but haven't use it myself.

Yep, losing one's key, and that's it. That's what happens when you have high expectations of privacy!

Was the case with Pond (unfortunately discontinued), obscure (yet genius!) protocol and software that provided splendid secure+anonymous messenging with very forward-thinking counter-measures, etc.

@jz @matiu_bidule @Fritange @SigmaOne And it's fully decentralized.

Designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate.

If the Internet's down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis. If the Internet's up, Briar can sync via the Tor network, protecting users and their relationships from surveillance.

@jz
As i said, Delta is OK if you don't have to trust on your life. I'm not international spy, it's enough for me (and no, this is not another version of "i've got nothing to hide", it's trying to choose a tool on the level of the threat, and level of the friend i'm using it with. If my life was in question i for sure would use something else).
@Siltaer @Fritange @SigmaOne

@SigmaOne

I think people can ONLY benefit from life-preserving or life-threatening technologies IF they take enough time to learn about them.

It doesnt mean becoming cryptographers. But at least learn what is a key, what it's useful for, how to verify and renew one. Otherwise you assume other people who offer to do it for you are good actors and.... History. :/

It's sad at first but once admitted empowering: solution is through collective teaching/learning read/write, w/o hierarchies! <3

@jz: I don’t believe in it either.

However, I believe in: everyone has 24 hours in a day and most people (i.e. who are not born in an ultra-privileged environment) need to spend time in things to get on with their lives and do what actually interests them. That allocation of their time will depend on many variables. The level of geekiness/nerdiness will impact the choice they make. Turns out, you and I have rather high levels of such. Most don’t. Why?

@hugo fully agreed!

i had quite some privilege, including:
* early access to a computer when it wasn't so common
* access to teachers who would really stimulate the curiosity of kids

I have no universal recipe, but i think that
1/ sharing the privilege and using it to enable others to get same levels of access
2/ stimulating curiosity in collective ways
3/ political framing showing everyone's own interests in learning

=> better than waiting for some saviour/company to do the job for us

@jz True. Problem is: nobody was waiting. There has been countless projects for this.

The truth is, Signal did it first and better than anyone else at the right time... And still now is probably the best solution considering the above.

I have tried alternatives. Even for the nerd that I am they were too much

@jz I feel that, if we had more (not less) consideration for users who are not huge nerds, maybe the community would have brought something like signal.

Do you remember when signal introduced groups and multiple devices? Xmpp and OTR with popular clients like pidgin were barely working at all.

@jz meanwhile WhatsApp was already going to a billion registered users...

@SigmaOne @jz Threema exists but Americans are ignorant of it, and Telegram's E2EE is actually good. There's nothing broken about the Telegram Secret Chats.

@ping357 @SigmaOne recommended by whom?

i heard its crypto is absolute rubbish...

@SigmaOne
That is not correct. (for your friends) and (for you or anyone who wants to put food on the developer's table) are on Google's bazaar, AFAIK.

I'm more of a fan myself. Spoiled for choice, we are.

@jz

@SigmaOne @jz

Forgot to mention, my account predates all of those applications. In fact, it predates smartphones.

And I am confident that it will outlast all of them (and smartphones) too.

Such is the beauty of building solutions based on , not products.

@autodigestivo @jz Can we really trust Snowden? A former secret service agent ... You know what we said, it's like mafia, you can't quit secret services ... Unless you're dead 😉

@jz Thanks to /e/ OS really everybody can use it without using Google's ifrastructure. I use it everyday - degoogled :)

@matse @masstransitkrow

Are you sure you also got rid of:
"
* firebase-messaging for push notifications
* play-services-maps for maps and sharing location
* play-services-auth for performing reCaptcha checks during signup
* firebase-ml-vision for face detection for the ‘Scribbles’ feature (?)"

As all these proprietary Google libraries seem to be included in ...

forum.f-droid.org/t/signal-wic

@jz No, you are absolutely right! Thanks for the interesting link with the discussion.
In fact I really dislike the fact, that Signal is just available in the PlayStore or on the website as apk and not e.g. on F-Droid.
Nevertheless I used Riot / Elements a lot with a group chat and with encryption there it's unfortunately a mess - people who are not into IT are just lost.

@jz @matse these items won't load without Play Services, and are rendered inert due to my DNS-level blocking of g----- domains.

@masstransitkrow
Nice, thanks for the information! Since /e/ is Goole Play service free I guess that these services won't load then :)

At least location sharing in Signal is working on /e/ (never used it, just tested it for this post) - but I believe it's because of installed MicroG

@jz @matse any app that depends on their APIs will fail to install because they will look for the permission "G----- Play License Check".

If anyone tries to use their apps without GMS, the app won't run.
Signal does not have access to Location under any circumstance as it isn't needed.

I am aware of some Firebase APIs in use by 17 apps, but because I also prevent googleapis.com from resolving, I'm not too worried.

@jz I didn't notice any issues with Signal. Push notifications are working and everything works just as it should (or as it worked on my old, "normal" Android device) - but withoug Google Play Services or Google Apps.
It might just be because of MicroG, I'm not really into the details and didn't want to take care of - that's why I just use /e/.

Sign in to participate in the conversation
La Quadrature du Net - Mastodon - Media Fédéré

Mamot.fr est une serveur Mastodon francophone, géré par La Quadrature du Net.