#Signal turning into a crypto-ponzi currency scheme?
- isn't really free/libre software (as Moxie denied freedom to redistribute modified version)
- would *never* federate (political choice of centralization)
- updated server software wasn't published
- invaded people's phonebooks
- runs on Amazon+NSA's infrastructure
- is virtually impossible to use out of Google's infrastructure -
...didn't seem to be enough to alarm Signal users.
AH also forgot what is probably the most important from a privacy/information-security perspective:
- impossible to use without a *phone-number*!
Now the true objective of all these political choices (strong identifier + centralization + control of the distribution, etc) becomes clear: there is a financial interest to keep the users captive, to get rich with ponzi-crypto....
... well done, Moxie, many of us didn't see it coming! :)
@jz Sadly for regular people, it's the only option beyond whatsapp
It's basically the only one with a clean UI and E2EE that is on google play afaik
I dont believe in the myth of "regular people":
- it's elitist and classist, and used by tech-elite to justify not doing efforts to teach; denying others' agency and ability to learn;
- it's wrong: i have witnessed 100s of journos and activists just LEARN "complicated" technology (tails+OTR+GPG, etc.);
- it justifies to take decision FOR the users, assuming that all face the same risk;
- it negates the political nature of tech choices, reading them only from comfort/easy angle.
@jz I guess it's a poor wording, I didn't intend to sound elitist, what I mean are people such as my parents who would be willing to use something more private, but don't want to have to learn any more technical knowledge
@SigmaOne there can only be poor wordings: "normal users", "noobs", "non-tech ppl", "my parents", "my wife", etc. it's *always* the same pitfalls i described, i think...
Your parents learned complicated things in their lives: to read, to write, maybe to drive and/or a technical job, etc.
Assuming tech things could "just work" without needing to learn anything is wrong, only favours domination.
Imagine someone saying "you dont need to learn how to read, just sign here". would you trust them?
@Fritange @jz @SigmaOne Delta.Chat is 100% free / libre software.
It comes with a user-friendly interface.
It ciphers every communications between two Delta Chat clients.
It relies on emails, a somewhat famous software federation.
hmm. t is based on protocols (SMTP/IMAP) that were never thought for privacy/confidentiality, that inevitably leave traces of metadata on multiple points of the network, and can (as a default!) send unencrypted messages.
+ the question of account creation is left to the user, and in most cases it's rather hard to get free email address without leaving identifying traces, thus pushing the problem of identification under somebody else's carpet.
not my 1st choice :)
@jz @Fritange @SigmaOne Seeking free email addresses looks like a trap for me. The good relation with a service provider is to be the client, paying for the service. If it's free, you're the product, sold to real clients.
So I recommand to get a domain for less than 10€/year and to use the email address packaged with it.
At some point, freedom comes with a cost when other are involved.
Then, Delta.Chat don't produce "perfect" forward secrecy. Ok. So What else ? (I'm using it meantime).
I think people can ONLY benefit from life-preserving or life-threatening technologies IF they take enough time to learn about them.
It doesnt mean becoming cryptographers. But at least learn what is a key, what it's useful for, how to verify and renew one. Otherwise you assume other people who offer to do it for you are good actors and.... History. :/
It's sad at first but once admitted empowering: solution is through collective teaching/learning read/write, w/o hierarchies! <3
@jz: I don’t believe in it either.
However, I believe in: everyone has 24 hours in a day and most people (i.e. who are not born in an ultra-privileged environment) need to spend time in things to get on with their lives and do what actually interests them. That allocation of their time will depend on many variables. The level of geekiness/nerdiness will impact the choice they make. Turns out, you and I have rather high levels of such. Most don’t. Why?
@hugo fully agreed!
i had quite some privilege, including:
* early access to a computer when it wasn't so common
* access to teachers who would really stimulate the curiosity of kids
I have no universal recipe, but i think that
1/ sharing the privilege and using it to enable others to get same levels of access
2/ stimulating curiosity in collective ways
3/ political framing showing everyone's own interests in learning
=> better than waiting for some saviour/company to do the job for us
@jz True. Problem is: nobody was waiting. There has been countless projects for this.
The truth is, Signal did it first and better than anyone else at the right time... And still now is probably the best solution considering the above.
I have tried alternatives. Even for the nerd that I am they were too much
@jz I feel that, if we had more (not less) consideration for users who are not huge nerds, maybe the community would have brought something like signal.
Do you remember when signal introduced groups and multiple devices? Xmpp and OTR with popular clients like pidgin were barely working at all.
@jz Thanks to /e/ OS really everybody can use it without using Google's ifrastructure. I use it everyday - degoogled :)
Are you sure you also got rid of:
* firebase-messaging for push notifications
* play-services-maps for maps and sharing location
* play-services-auth for performing reCaptcha checks during signup
* firebase-ml-vision for face detection for the ‘Scribbles’ feature (?)"
As all these proprietary Google libraries seem to be included in #Signal...
@jz No, you are absolutely right! Thanks for the interesting link with the discussion.
In fact I really dislike the fact, that Signal is just available in the PlayStore or on the website as apk and not e.g. on F-Droid.
Nevertheless I used Riot / Elements a lot with a group chat and with encryption there it's unfortunately a mess - people who are not into IT are just lost.
Nice, thanks for the information! Since /e/ is Goole Play service free I guess that these services won't load then :)
At least location sharing in Signal is working on /e/ (never used it, just tested it for this post) - but I believe it's because of installed MicroG
@jz I didn't notice any issues with Signal. Push notifications are working and everything works just as it should (or as it worked on my old, "normal" Android device) - but withoug Google Play Services or Google Apps.
It might just be because of MicroG, I'm not really into the details and didn't want to take care of - that's why I just use /e/.
@jz As I said, Signal is of couse not perfect - but IMHO the best messenger at the moment. Name me any other alternative that my mother can install and use, that is free (as in freedom), end to end encrypted and can make encrypted video calls and I will switch.
But at least I didn't find such a messenger yet. Closest is riot, but as I said, with E2E it's a nightmare to use for an average user.
Like giving up on making crypto-over-SMS because... er... reasons? (like if everyone in the world had a plentiful data access...?)
Way before the outrageous bullshit blog post (and CCC talk) there was the f-droid/LibreSignal debacle:
Basically saying "i deny YOU the freedom to distribute modified version of my 'free software'" should have been enough to alarm everyone..
I installed Signal recently because of two people who wouldn't use anything else, but I just convinced one of them to set up XMPP over Matrix (iOS user and all XMPP clients we tried are 💩).
Gaaaawd I wish there was something like Conversations on iOS!
@linos Moxie explicitly asked f-droid to NOT re-distribute his software....
@jz I know about that case, but indeed, the F-Droid build in this pipeline is a fork, the binary misses all the google stuff for sure. I'm also not happy with this situation, believe me.
Mamot.fr est une serveur Mastodon francophone, géré par La Quadrature du Net.