Mike Gerwitz's GNU Social Instance
  • Login
  • Public

    • Groups
    • Recent tags

Conversation

Notices

  1. Bob Mottram (bob)'s status on Tuesday, 13-Dec-2016 11:25:16 UTC Bob Mottram Bob Mottram
    The smart kids don't use Signal https://www.mailpile.is/blog/2016-12-13TooCoolforPGP.html
    Tuesday, 13-Dec-2016 11:25:16 UTC from social.freedombone.net permalink
    • Claes Wallin (韋嘉誠) likes this.
    • Chris and Claes Wallin (韋嘉誠) repeated this.
    • Chris (csaurus)'s status on Tuesday, 13-Dec-2016 20:01:21 UTC Chris Chris
      in reply to
      @bob In general I agree with you, but Signal (I'm not a user because it needs Google Software to run) has been doing what other security solutions haven't, which is giving users the ability to take action and care about their security. This is new, partly for the reasons in your linked article (people used to just assume email was secure) and I think valuable. But better PGP solutions are definitely to be preferred. The lack of federation on Signal is something that more attention needs to be paid to in the mainstream IMO.
      Tuesday, 13-Dec-2016 20:01:21 UTC permalink
      Claes Wallin (韋嘉誠) likes this.
      Claes Wallin (韋嘉誠) repeated this.
    • wakarimasen (wakarimasen)'s status on Tuesday, 13-Dec-2016 20:01:57 UTC wakarimasen wakarimasen
      in reply to
      @bob I am not surprised to see that this post is gaining absolutely no traction on Hacker News.
      Tuesday, 13-Dec-2016 20:01:57 UTC permalink
      Claes Wallin (韋嘉誠) likes this.
      Claes Wallin (韋嘉誠) repeated this.
    • Bob Mottram (bob)'s status on Tuesday, 13-Dec-2016 20:09:43 UTC Bob Mottram Bob Mottram
      in reply to
      • Chris
      @csaurus PGP is ok for email especially when used with systems such as Mailpile, but unlike the article I do think forward secrecy is useful. Lack of federation, dependence on Google systems and use of telephone numbers are the main weaknesses of Signal.
      Tuesday, 13-Dec-2016 20:09:43 UTC permalink
      Claes Wallin (韋嘉誠) and Chris like this.
      Claes Wallin (韋嘉誠) repeated this.
    • Constance Variable (lambadalambda)'s status on Tuesday, 13-Dec-2016 21:06:40 UTC Constance Variable Constance Variable
      in reply to
      • Claes Wallin (韋嘉誠)
      • Chris
      @csaurus @bob @clacke signal also forbids use of third party clients on their servers.
      Tuesday, 13-Dec-2016 21:06:40 UTC permalink
      Claes Wallin (韋嘉誠) repeated this.
    • Bob Mottram (bob)'s status on Tuesday, 13-Dec-2016 21:07:45 UTC Bob Mottram Bob Mottram
      in reply to
      • Claes Wallin (韋嘉誠)
      • Constance Variable
      • Chris
      @lambadalambda @csaurus @clacke Yes, and that's how LibreSignal died.
      Tuesday, 13-Dec-2016 21:07:45 UTC permalink
      Claes Wallin (韋嘉誠) repeated this.
    • Chris (csaurus)'s status on Tuesday, 13-Dec-2016 21:07:58 UTC Chris Chris
      in reply to
      @bob I'd agree that forward secrecy is important as well. Having an option for deniability is useful in some contexts, but not generally for messages from one person to another. One thing I've actually wondered lately, can PGP send messages to a group of people, each with a different key? Or does the message then need to be encrypted separately for each person. I'd imagine this is how Signal works.
      Tuesday, 13-Dec-2016 21:07:58 UTC permalink
    • Chris (csaurus)'s status on Tuesday, 13-Dec-2016 21:09:50 UTC Chris Chris
      • Claes Wallin (韋嘉誠)
      • Constance Variable
      @lambadalambda @clacke @bob Yeah, if you haven't seen it the github issue about f-droid is also interesting. https://github.com/WhisperSystems/Signal-Android/issues/281 I can see the benefits of centralization for pushing updates and insuring compatibility, but IMO federation is really really important. We can see how a general lack of it is playing out for bittorrent info-hash index sites.
      Tuesday, 13-Dec-2016 21:09:50 UTC permalink
      Claes Wallin (韋嘉誠) repeated this.
    • Chris (csaurus)'s status on Tuesday, 13-Dec-2016 21:19:01 UTC Chris Chris
      in reply to
      • wakarimasen
      @wakarimasen @bob Email isn't monetizable enough. Also, needs more block-chain.
      Tuesday, 13-Dec-2016 21:19:01 UTC permalink
    • Bob Mottram (bob)'s status on Tuesday, 13-Dec-2016 21:29:30 UTC Bob Mottram Bob Mottram
      in reply to
      • Claes Wallin (韋嘉誠)
      • Constance Variable
      • Chris
      @csaurus @lambadalambda @clacke ranting about Signal seems to be something I do with increasing frequency. That's why it's in the Freedombone FAQ, so that when folks try to get me to use Signal I can just point them to why I think it's a bad idea. The thing is that even if I made a patch to federate Signal given his previous statements I doubt that Moxie would take it, and a federation patch wouldn't address the various other problems.
      Tuesday, 13-Dec-2016 21:29:30 UTC permalink
      Chris likes this.
      Claes Wallin (韋嘉誠) repeated this.
    • wakarimasen (wakarimasen)'s status on Tuesday, 13-Dec-2016 21:34:35 UTC wakarimasen wakarimasen
      in reply to
      • Chris
      @csaurus The last comment on this issue (moxie not caring about unofficial builds) is not entirely true. Just look at what happened to LibreSignal: https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165
      There has also been at least on attempt to merge LibreSignal's websocket code into Signal, which was denied by moxie, so there's no way to use Signal without Google at all, even if you compile it yourself (correct me if I'm wrong, this info might be outdated).
      Tuesday, 13-Dec-2016 21:34:35 UTC permalink
      Claes Wallin (韋嘉誠) repeated this.
    • H. Faust (hfaust)'s status on Tuesday, 13-Dec-2016 21:37:21 UTC H. Faust H. Faust
      in reply to
      • Chris
      • wakarimasen
      @wakarimasen @csaurus LibreSignal may live, may https://twitter.com/CopperheadOS/status/806560110097137664
      Tuesday, 13-Dec-2016 21:37:21 UTC permalink
      Claes Wallin (韋嘉誠) repeated this.
    • wakarimasen (wakarimasen)'s status on Tuesday, 13-Dec-2016 21:41:58 UTC wakarimasen wakarimasen
      in reply to
      • H. Faust
      • Chris
      @hfaust @csaurus Good news, until their severs start blocking unofficial builds. I wouldn't put it past them.
      Tuesday, 13-Dec-2016 21:41:58 UTC permalink
      Claes Wallin (韋嘉誠) repeated this.
    • Chris (csaurus)'s status on Tuesday, 13-Dec-2016 21:42:00 UTC Chris Chris
      • wakarimasen
      @wakarimasen Yeah, I think the conflict is spread out over a few issues, but the main thing is that there's not a good alternative to Google Cloud Messaging Service which is also free software. In terms of being problematic, my understanding is the GCMS is used mainly for waking the phone up and pushing messages, which would have been encrypted before-hand. The best I can really do for free software my phone was to install CM-Mod with no google apps, play store, etc. so I can't use Signal. I'm pretty sure that you're right though, there's really no way to use Signal without it, which is unfortunate. Its programmers probably don't expect anyone to actually care about software freedom.
      Tuesday, 13-Dec-2016 21:42:00 UTC permalink
    • Chris (csaurus)'s status on Tuesday, 13-Dec-2016 21:44:52 UTC Chris Chris
      • H. Faust
      • wakarimasen
      @wakarimasen @hfaust I wouldn't either, but then their claims of being "open source" are even more tenuous.
      Tuesday, 13-Dec-2016 21:44:52 UTC permalink
    • H. Faust (hfaust)'s status on Tuesday, 13-Dec-2016 21:48:33 UTC H. Faust H. Faust
      in reply to
      • Chris
      • wakarimasen
      @wakarimasen @csaurus I personally prefer independent implementations of Axolotl, like OMEMO and Proteus (The one used by Wire).
      Tuesday, 13-Dec-2016 21:48:33 UTC permalink
      Claes Wallin (韋嘉誠) repeated this.
    • Chris (csaurus)'s status on Tuesday, 13-Dec-2016 21:49:54 UTC Chris Chris
      • H. Faust
      • wakarimasen
      @hfaust @wakarimasen I'll have a look at those, I'd also love to see Matrix take off.
      Tuesday, 13-Dec-2016 21:49:54 UTC permalink
      Claes Wallin (韋嘉誠) likes this.
      Claes Wallin (韋嘉誠) repeated this.
    • Claes Wallin (韋嘉誠) (clackemovedtoheldscalla)'s status on Tuesday, 13-Dec-2016 23:24:13 UTC Claes Wallin (韋嘉誠) Claes Wallin (韋嘉誠)
      in reply to
      • H. Faust
      • Chris
      • wakarimasen
      @wakarimasen @hfaust @csaurus Aren't they already? I had the impression that was at the core of the conflict, the name thing in addition.
      Tuesday, 13-Dec-2016 23:24:13 UTC permalink
    • wakarimasen (wakarimasen)'s status on Tuesday, 13-Dec-2016 23:33:05 UTC wakarimasen wakarimasen
      in reply to
      • Claes Wallin (韋嘉誠)
      @clacke As far as I know, moxie just told them to stop using their servers.
      Tuesday, 13-Dec-2016 23:33:05 UTC permalink
      Claes Wallin (韋嘉誠) repeated this.
    • Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca (bobjonkmanformer)'s status on Tuesday, 13-Dec-2016 23:42:02 UTC Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca
      in reply to
      • GnuPG - GNU Privacy Guard
      • Chris
      @csaurus A message sent to multiple !GnuPG (or #PGP) recipients uses a symmetric key generated for that session to encrypt the message, and then encrypts that symmetric key with the public key for each recipient, creating multiple encrypted key packets. When you receive such a message your GnuPG finds the packet with the symmetric key encrypted to your public key, decrypts it with your private key, then uses the decrypted symmetric key to decrypt the body of the message. The packets encrypted to other public keys are ignored.
      Tuesday, 13-Dec-2016 23:42:02 UTC permalink
      Chris likes this.
    • Claes Wallin (韋嘉誠) (clackemovedtoheldscalla)'s status on Tuesday, 13-Dec-2016 23:44:24 UTC Claes Wallin (韋嘉誠) Claes Wallin (韋嘉誠)
      in reply to
      • wakarimasen
      @wakarimasen ok, thanks for the correction.
      Tuesday, 13-Dec-2016 23:44:24 UTC permalink
    • Chris (csaurus)'s status on Wednesday, 14-Dec-2016 03:28:06 UTC Chris Chris
      in reply to
      • Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca
      @bobjonkman Yeah, thank you! I'd heard a few people (non-technical folks) talking about services that allowed group chat/data sharing (MegaCloud or something?) and was skeptical simply because I knew you'd have to do something like that. In general I get antsy when people talk about encryption/security though. Particularly since I'm somewhat involved with radical politics, so depending on context it can be quite dangerous to get it wrong.
      Wednesday, 14-Dec-2016 03:28:06 UTC permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Mike Gerwitz's GNU Social Instance is a social network, courtesy of Mike Gerwitz. It runs on GNU social, version 1.2.0-beta4, available under the GNU Affero General Public License.

Creative Commons Attribution-ShareAlike 3.0 Unported All Mike Gerwitz's GNU Social Instance content and data are available under the Creative Commons Attribution-ShareAlike 3.0 Unported license.

Switch to mobile site layout.