Matrixoids in shambles
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
>>101895577>furrypeople who do security need to have something wrong with their headimagine willingly proof reading others code, as a profession.tons and tons of fucking diarrhea flavored spaghettiday in, day outi dont get it.hopefully hes paid for that.also bump
You mean that someone with local machine access can potentially get a bit of information of what another process is encrypting? Oh no, how horrible. Matrix is truly unusable.
Based furfag doing god's work
>>101896721uhm uhm uhm sweetie just wow they cant dilate properly until they get a CVE published as `severe`
i hope my kani servers are fine
Oh no, not another TIMING LEAK ATTACK. Better call Intel to slow down their CPUs with a microcode update lest some furfag learn a single bit of your private key when conditions are juuuust right.
>>101895725imagine how funny and satisfying it is
>>101897589
>>101895577> breaking news: jewish spyware has a backdoorfascinating and unsurprising.>>101898465>>101896721>>101895725get back into the oven, kikes.
Explain to a layman, what that entails in real world use.I'm pretty happy with my matrix server and treat it as secure, but it has no information except username and password for all the users.I do use federation with main server for some stuff.
>>101895577total XMPP victory
>>101896721yes, like when you rent a matrix server and it's running on a VPS
>>101901785also, this https://www1.cs.columbia.edu/~angelos/Papers/2015/ccsfp640-oren.pdf
>>101901785Olm is client-side. The whole point of E2EE is that you don't necessarily need to trust your server.>>101901833Modern browsers have sufficient JS timer jitter to counter such attacks.
>>101901749Also, if I run my own server at home with NTP being provided by cheap Chinese GPS, I don't have to worry, right?
>>101901777He wrote a hit piece on that too, and xmpp is even worse than matrix.
>>101895725Furriness is the Aryan spirit. The Judaic hate animals.
>>101904415You need help.
>>101895577>plz use Signal and give glowies your phone numberthe fact that he doesn't recommend XMPP, Session or Tox makes it glow hard
>>101895577oh nooo, yet another intel bullshit cache timing blablabla exploit that allows a VPS on the same machine to spy on another VPS if the stars align...Dedicated server chads win. Cloud fags lose.
>>101895725>imagine willingly proof reading others code, as a profession.Maybe because they use the code?
>>101904674>ToxAbandoned
I'm retarded?
>>101904847Still used by all ransomware to communicate with their victims. Tox has real life usage by people who successfully dodge glowies.Signal is only known for being used by glowies themselves (like the current Venezuela seeth).And glowies always spy on their own employees, to avoid another Snowden.
>>101895577Matrix is made by Israelis you should be expecting backdoors.
>>101904978>all ransomwareNope, only some ransomware groups use it and then it's for communication with their affliates, not internal comms. I agree on Signal sucking ass and would also recommend XMPP and Session before Signal but I can't recommend tox in good conscience. IMO the rating would go Briar > Session > XMPP > Signal. Simplex is overengineered and serves no real use case, telegram is not e2ee by default, threema's only value proposition is being swiss. Still if you look at DNMs simply using PGP seems fine enough.
>>101904999Anon, pls(pic unrelated)
>>101904999OOYYYYY VVVEEEEEYYYYY DA GOYIM KNOW
>>101895594>Earlier this year, the Telegram CEO started fearmongering about Signal with assistance from Elon Musk, so I wrote a blog post urging the furry fandom to move away from Telegram and start using Signal more. As I had demonstrated years prior, I was familiar with Signal’s codeWhat in the world is this Signal shilling in an unrelated article? How is a Telegram CEO BTFOing Signal any related to a vulnerability in an old matrix library (that is already deprecated)?The only thing i read here is:>please use Signal, please give them your phone numberBut that misses the point. Signal isn't an alternative to matrix anyway. Even if i wanted to, i simply can't run an OpenSource community on Signal. All big communities moved to matrix with IRC bridge - or then even cut off the IRC bridge and use only matrix.
This whole blog is only Signal shilling, in marketing talk>Signal sets the barHit pieces about everything else, he can't write even one article about something without shilling Signal.
>>101905336Like this is from his article about XMPP being bad.Imagine claiming to care about security so much that you tell people to stop using matrix, because one deprecated library, that already got replaced, has a purely theoretical vulnerability... while at the same time you tell people to use a messenger that can only be used with phone number.
>>101904978>>101905267>>101905358>>101905336>>101904999>>101904674Furry blogger is clearly retarded but they're right about Telegram being dogshit, Telegram's encryption or lack thereof is a joke. Not nabled in groups or by default and it's is basic at best.Signal is considered the gold standard for a reason, because no one has even broken the signal protocol. The double ratchet algorithm + ECDH is a basically the mona lisa of mondern cryptography and there's a reason why all of the best applications use it or their own variation of it.Loads of XMPP apps use it: ChatSecure, Conversations, Gajim etc.All the BIG TECH and messaging apps use variations of it (modified so that they can share loads of metadata): FB messager, Google RCS, Skype, Viber, Whatsapp, Wire.The matrix protocol uses it in Element (not sure about the other clients).Lots of cybersecurity firms use it.I could go on but the morons who call Signal "glowware, glowfag or whatever" are basing that on the fact that the CIA once donated $3 million dollars to it, by that logic you should never use any of the services or products listed below as they MUST all have backdoors for the three letters:THE INTERNET, TOR, lithium Batteries, breast cancer detection hardware/software, GPS, pacemakers, MRIs, acelerometers, the flu shot, Airplanes, LEDs, microchips, subtitles, car tyres, lead-free solder, touchscreens, limb prosthetics, weather monitoring hardware/software.
>>101895577>>101895594in english, doc!
>>101905741You can build Telegram yourself. You can download a Telegram build from F-Droid. You know what you run.Meanwhile Signal includes binary blobs and the app you get in the app store is not the same thing as the code you have on github.This make Telegram better than Signal.Telegram has some weird own encryption scheme that i wouldn't trust... but i rather have a bad encryption than a fucking backdoored app with proprietary blobs.It doesn't matter how much Signals encryption is shills. Even if it is true and it is super safe god like... IT IS STILL A WORSE CHOICE.It is like protonmail, where they read your mail before they encrypt. What is the purpose?And i am not even using Telegram.I run an own matrix homeserver, but i am not putting too much trust into it either. PGP encrypted mails are better for me for trusted communication, because i know what is happening.
>>101905741>All the BIG TECH and messaging apps use variations of itYou think this is an argument in favor of it?Also does this mean that WhatsApp is just as secure as Signal? Then why use Signal, just use WhatsApp, all normies use it.
>>101904674I don't understand why people are so protective of their phone number when it's one of the most trivial pieces of data to gather on any idividual. If you're really that precious about it though, just use a non kyc sim card. It's not that hard.Just walk into a shop and buy a prepaid simcard, or buy one online.https://simsup.net/https://silent.link/https://crypton.sh/
>>101905358the library got replaced because of the cve he found the guy isn't a shills just a guy disclosing his findings.
>>101905741>the morons who call Signal "glowware, glowfag or whatever" are basing that on the fact...that they refuse to allow an OpenSource build and add weird binary blobs, while also being shilled, financed and run by glowies
Smells like a """white hat""" that got paid off by his government to shit on non-approved communications
>>101905839the library got replaced in 2021
>>101905833>why are you so protective about your data?What a smart question to ask in a thread that is about privacy and encryption.
>>101905828No because as I clearly stated they use a modified version of it, plus whatever they do on their backend, such as collecting the device id, user id, ad data, purchase history, location data, email address, contacts, various data about whatever OS you're running it on etc.Which is why they're able to provide far more metadata when subpoenaed than Signal is able to.
>>101905940Why do you trust the binary blobs of Signal more than the binary blobs of WhatsApp?Both use the same protocol, that you say is secure?Could it be that the encryption doesn't fucking matter if the App you run is a proprietary black box?
>>101905845There's a completely foss version downloadable from both f-droid and their website.If you're stupid enough to use to play store, that's your fault.
>>101905957>FOSS Signal build is downloadable from F-DroindLink it, you disgus.
>>101905954You don't seem to understand the definition of proprietary...
>>101895577If I had the choice between trannies and furries I'd pick furries, they at least admit it's all play-pretend
>>101905971
>>101905940>Noneso Signal doesn't require my phone number?
>>101895577FurroidshackerssharpskillsunleashedMatrixcrackedcodesfallswiftlycybermastersrulenetworksowned
>>101904674Glowies getting desperate. I'M. STILL. USING. SIGNAL.
>>101895577>Issue in matrix client>Which is open sourced>Where the affected part was also deprecated, the devs are just lazy fucks >The flaw is cache timing attacks (kek, enjoy trying to achieve that on a random private client)Absolute nothingburger from a seething furry clearly paid by signal. At this point it's literally easier just to steal the laptop instead of trying to do this fancy shit
>>101905997>>101905968>>101905968I'll link three for you aboslute morons. One's a hardened version of Signal..https://signal.org/android/apk/https://julianfairfax.gitlab.io/fdroid-repo/fdroid/repohttps://molly.im/
>>101906082>hardened versionHow would you harden something that is already perfect? What does it change? Did they find something that is insecure to change it?And which one do you use?
>>101906105Shhh don't ask questions
>>101906010Can you even read? I swear there needs to be a aptitude or IQ test to use this board.
>>101906082>https://signal.org/android/apk/That is literally the store app.Why would you think that an app is more trustworthy because you download the exact same apk from a website rather than the play store?
>>101901749If you just pretend there is nothing wrong with it what the fuck they gonna do? They can take a lot of things but they can't take you imagination.
>>101906119The picture says that signal collects no data.So they don't have my phone number?
>>101895594But Libolm isn’t the encryption that is used anymore they ported it to rust unfortunately.
>>101904674Burner sims cost less than $1 and will give you a number with out having to to topped up for nearly a year. You can keep the signal account even longer but the number will eventually be recycled.
Why would i use Signal, which requires my phone number and is used by 99% of people with the binary-blob app that doesn't match the source?Even if i use some weird third party build, and it happens to not crash all the time, glowies still have full control over everything if the person on the other end uses the binary shit.
>>101906169>just buy a burner simCan't do that in Western Europe without showing ID.And even if you are living in a third world country that doesn't require it:Why wouldn't you just use a service that doesn't require your phone number instead?
>>101906105The protocol is already perfect but it isn't the only variable involved is it you absolute twazzock.What type of android device is it on, is it on stock android, a custom OS, android plus a load of bloat from Samsung, Xiaomi or whoever the fuck.At the end of the day I couldn't care less what app you use because you've got no one to talk to anyway.Have a nice life, you should go live in Idaho and start prepping or something it seems like a good idea for someone like you. At the very least it will get you out of the house.
>>101906203would you recommend people to use the Signal app from the App Store?
>>101906196Yes you can, you're just too stupid to do it. I live in Switzerland and it's really not hard.
>>101906203>isn't the only variable involvedSo you are saying that Signal App is unsafe?It is only the protocol that is so awesome?
>>101906227Cool, so why wouldn't you just use a messenger that doesn't require a phone number instead?Imagine buying some dual sim phone or switch sim cards just to register on a messaging app.
>>101906082>just add "Julians F-Droid Repo" and install thishow about No
>>101905813wtf does Signal have a blob for lmaowhat's the excuse THIS TIMEno federation - all metadata in one place"Entry points" BUT all by OWSphone number requiredthey necessarily have a list of phone number / registration correlationstook money from covert US govt funded group"Free" press out the wazooobvious participation in the "internet freedom" CIA opfull of "ex" spook employeesmarketing full of minoritiesbackpedalling / degrading service levels when too many ypeepo IN EUROPE use itlmaolmaolmao
Matrix:>here you got the source, you can run it yourself>in fact, we prefer if you run it yourself, so we have less headache on matrix.org homeserver>Element is FOSS, F-Droid has automatic builds of it>We changed license of Sypase because of governments and companies changing it without contributing, its now AGPLTelegram:>App is opensource, you can build it yourself, there are lots of forks>You can download an automatic build from F-DroudSignal:>Our App is OpenSource, but there are binary blobs>Don't ask questions about the server, goy>We don't want F-Droid to make builds and actively told them to not allow them>the forks of Signal like Session are UNSAFE, we won't elaborate why! DO NOT USE THEM, only use the official App with our binary blobs>yikes, sweaty, why are you claiming we aren't OpenSource? Look at "Julians Fdroid Repo", ten people downloaded some non-functioning build from there>why? yes, the CIA is funding us, but DARPA did fund the Internet, so if you use the Internet, but don't want to use us, you are a Hypocrite!
>>101906427>>101906237>>101906252>>101906284>>101906223>>101906176>>101906118>>101906361It depends entirely on the how seriously the user take their security and privacy. Signal's great but the average person is of below average intelligence as you've all so kindly gone so out of your way to demonstrate in real time. For example, if the phone is compromised in anyway e.g. bootloader unlocked, has a weak passcode/pattern, has already been compromised by some shitty pirated apk a user installed, is running an outdated version of Android and hasn't had a security patch in months.At that point the security of Signal is is not relevant.Anyway, go back to SimpleX, Tox, Session, Status, Cwtch, Speek!, Briar or wherever the fuck you hide frrom society you utter imbeciles. They all seem totally ready for everyday use and mass adoption...
>>101906440>It depends entirely on the how seriously the user take their security and privacyIf you take encryption seriously, you can't use a binary that is not reproducible.That's it. No other argument needed.If you don't take encryption seriously, then why the fuck would you use Signal?All your talk about Julians F-Droid Repo is useless if 99.999% of Signal users run an unverified unsafe unknown binary.If you want a secure fork of Signal, run Session.But oh well, i bet the Singal glowies will write textwalls about why Signal - but without phone bullshit - is unsafe.
>>101895577They switched to a different encryption method years ago so this is a nothingburger
>>101906508Session is a garbage crypto failure of a project that will never get any adoption. I genuinely wish it wasn't but it is.https://getsession.org/blog/upgrading-to-session-network1 million people have downloaded it via the play store, not sure about Apple, direct from their github, or the f-droid repo.How many of that 1 million do you think are using it? i don't know the answer but I can't imagine it's more than 100,000 at the most. The subreddit has 3.5k members, they have 84k twitter followers and 4.5k on Mastadon. They have no XMPP or Matrix server for obvious reasons so no metrics to check there.
>>101906440>mass reply negative IQ shill has an opinionmass replies should be reported for instigating flamewars.
>>101906724And here it is, the Signal glowy spreading FUD against a signal fork that doesn't require phone number.>muh crypto failuretell me more about Mobilecoin, founded by Signal>b-but nobody is using itCompared to WhatsApp, nobody is using Signal either. And since WhatsApp has the same encryption as Signal, shouldn't you be shilling WhatsApp hard?Your argument, that Signal collects less data, was literally already proven a lie.
>>101905940Telegram is known to cooperate with feds.Meanwhile, Signal makes feds seethe.Durov is a fag.Whittaker is right.
>>101906813Maaaaaaa nigga. Finally someone sane.
>>101906813>Signal makes feds seetheyes, it makes feds seeth about Venezuela banning Signal.The CIA is also seething so hard that they fund Signal.>Telegram is known to corporate with fedsyou don't remember the CoViD times when all Western government whined and cried about anti-vaxx groups on Telegram and threatened to shut Telegram down?
>>101906813Spain banned Telegram in March because Telegram didn't reply on a subpoena
>>101906813When the CoViD bullshit happened and Western governments threatened to block it and Apple and Google threatened to take it from the AppStore, Telegram told their users to download the FOSS App, in case the Store App is censored.Meanwhile Signal told F-Droid to never include Signal or any of its forks.
>>101906894nice story, tell it to those Germans who are in jail now because of their Telegram history.
>>101906790>that Signal collects less data, was literally already proven a lieHuh did I miss something?
>>101906813Signal literally got founded by the Open Technology Fund run by the CIA
>>101906932see >>101905940Claiming that Signal collects no data, while you can't even run it without giving them your phone number.This is a lie.
>>101906946>mental gymnastics and flimsy conjecturesas always
>>101906963aaaand we reached the seething stage>YOU ARE LYING>POINTING OUT WHO MADE SIGNAL IS MENTAL GYMNASTICSwe all know where this will end
>>101906963>Stating literal facts is Le mental gymnastics The absolute state of /g/
>>101906963Don't ask where Moxie got 50 million USD from.Don't ask why the binary in the signal app can not be reproduced and doesn't match anything you can build from the source.Don't ask why Signal told F-Droid not to include any OpenSource Signal builds.Don't ask why Signal even needs a phone number, when Session proved that it can operate without.
>>101895577I give 0 fucks about some literally who sexuality.
>>101895577At least you can look at the code of matrix.There is no way for me to look at the code of signal.
>>101907060https://github.com/signalapp/Signal-Server
>>101907170The binary in the app is not built from the source on github.And whatever runs on the server can't be verified.
>>101905813Just use molly then
>>101906361hey man, i find that picture somewhat relatablemay i download a copy of it and store on my non volatile storage?
>>101906440>They all seem totally ready for everyday use and mass adoption...Yes :)
>>101907199>use mollySo install a third-party F-Droid repository (because Signal doesn't allow any open source build on f-droid).And communicate with people who use the fucking store app with unknown binary?No, thank you.
>>101907060>>101906996>>101907060>>101906979We know where he got 50m from, it was from his co-founder Brian Acton who turned down nearly 1 billion from the Zuck so that he could co-found SIgnal. Installing apps via f-droid is inherently unsecure because they're all signed by the same fucking key. Use rss or obtanium you moron.Except you literally can.reproduce the builds and look at the code for yourself...https://github.com/signalapp/Signal-Android/blob/main/reproducible-builds/README.md
>>101907271Still better than using 'You have to enable secret chats' Telegram. If you value your privacy you shouldn't use either
Not a single Signal glowfag will ever tell you that the official Signal App is Closed Source and untrusted.But Telegram fags will happily tell you to use the FOSS version. Even Telegram itself tells you to use FOSS, cause they prefer to not be hostage of App Stores.
>>101907292And even when they're enabled as secret chats the encryption protocol they use is trash.
>>101907277>You literally can look at the code of the centralized server and blobs millions of signal users useKek, sure buddy
What's a messaging app that provides high quality audio/video calls on Android? iMessage clears everything unfortunately
>>101907297That's because it's not closed source.
>>101907277>Except you literally can.reproduce the builds and look at the code for yourself...You can't.Nobody ever managed to recreate the binaries in the official Signal App.Signal is factually Closed Source.
>>101907304Clearly didn't read the link. IQ estimated to be sub 70.
>>101907322Why are you lying?
>>101907301True, but some see it as a feature claiming they are totally free of government surveillance while telegram actually works with governments
>>101907320https://jitsi.org/
>>101907338>Clearly doesn't know what signal is and how the absolute majority of people use it
Why should i use an unknown binary from some App Store, communicating with a centralized Server and requiring a phone number - if i could use an protocol that can be self-hosted instead, with clients that are trustworthy and FOSS?Glowfags... tell me why i should use Signal.
>>101907349SIgnal doesn't just actively work with governments, signal is funded by the CIA.
The last time when a CIA funded messenger got shilled... guess what happened...
>>101907420I know, I don't advocate for either
>>101907420Jesus you are so dumb.
>>101907459Almost all OpenSource communities are on matrix.GNOME, KDE, Librewolf, etc. all on matrix.Univeristies use matrix.I am influential in at least two.Tell me why i should use the CIA honeypot and move a community to Signal.
>>101904415Truke
>>101907301I will say it again:A "trash" encryption (that got never hacked btw.) is still better than a supposedly god-like amazing encryption, if the first is OpenSource while the second is ClosedSource.
>>101904415>Furriness is the Aryan spiritSo, iranians? Why them exactly?
>>101907505I'm not saying move to Signal. Signal is best when used for personal usage, as in your friends and family. Matrix is awesome, I use it daily as well.The reason I said you're dumb is because you fell for the CIA HAS A SIGNAL BACKDOOR thing. There's literally zero proof for this, the only thing these morons say is "buuuuuuuuuutttttt, Signal got CIA grants early on" (before it was even called Signal).They've probably all read this moron on github from 5 years ago and think it's true. It's been proven to be untrue, they have zero proof of anything they say, so they'll just resort to glowie.https://github.com/signalapp/Signal-Android/issues/8974It's very easy to prove that Telegram cooperates with the Russian government, And yet for some reason there's zero evidence that Signal has ever cooperated with any government or three letter agency.Believe what you want but until you show me some proof, I'll stick with Signal thanks.
>>101895577>by a furryWhat's their fursona?
>>101907703I see..So why should i use Signal with my friends and family?Why not WhatsApp, Telegram or.... Matrix?
>>101907758To explain:>WhatsAppused by absolutely every normie and offers the same encryption as Signal>TelegramOpenSource App that can be verified, is on F-Droid and doesn't include unknown binaries. Not CIA funded.>MatrixSelf hosted server and many clients, even proper Desktop clients rather than web shit.I already use it for Communities - and Signal can't replace that - so why not for friends and family too?All three of those seem to be better options.
>>101904334t-then what is safe? do we have to actually push ircv3 out the door?
im not even against privacy focused messenger apps but its hilarious that furfags insist on it. almost as if they're sick freaks huh
>>101907804He claims that running a CIA funded messenger that requires phone verification, has closed unknown binary blobs and is centralized is safe.The whole blog is full of Signal shilling. And he uses marketing terms for it.
>>101907339https://signal.org/blog/reproducible-android/Supposedly, the android builds are reproducible.
>>101901402awesome! life on easy mode: always do the opposite of what the nazi communist reptoid chicoms say
>>101908087you still have to give a cell number to get signal, right?mental
>>101907801telegram requires cell number, right?
>>101908169You can buy one through them :)
>>101904415your ancestors didn't cosplay as wolfs to go to degenerate sex orgies, you coping retard
>>101907804not in my opinion
>>101897589not sure what midov niggers though, organizing their community on a mossad spyware platform
>>101908087Sorry, not running your jew script.Allow it on F-Droid, with CI builds and a system in place to very, or go homehttps://f-droid.org/en/docs/Reproducible_Builds/
>>101906724You're glowing. After this post pretty much everyone is convinced you're a paid shill
>>101908228Jesus
>>101907900noted
>>101907277>Installing apps via f-droid is inherently unsecure because they're all signed by the same fucking keyIt will be signed by both the developer and by f-droid. Whatever the reason is for Signal to deny f-droid... and to be so harsh about it, that they even kick out any third party OpenSource builds.... this isn't it.I think we both know the answer to that question.
why is cybersecurity such a place of larp for mentally ill people?it's like nothing else, even way they describe their work in their own words is often so demented, a 2010 blogosphere js frameworks macbook hipster webshitter couldn't keep up with the sheer faggotry
>>101908604it requires autism
>>101907801>Why WhatsApp over SIgnal if they both use the same encryptionl?Imagine that every message sent is an envelope. In both cases of Signal and Whatsapp using Signal Protocol, the contents of the envelope are secure in transit from one device to the other. This is security. In the case of Whatsapp, the details on the outside of the envelope (to: from: time: date: size of envelope: etc) along with how frequently envelopes are sent, are all captured as metadata which can be (and is) used by Meta, as well as be sold by Meta to other companies, and more importantly, can be provided to law enforcement. This is (a lack of) privacy. Additonally, to use Whatsapp you must grant Whatsapp access to your entire contacts list, by using Whatsapp you are by default sharing with Facebook/Meta your entire contact list, social circles, and other peoples' private information (names, numbers, addresses, birthdays, etc). Signal receiving funding from the CIA is irrelevant.>http://surveillancevalley.com/blog/internet-privacy-funded-by-spies-cia>Why not use Telegram?It has zero encryption by default, due to it's popularity many of it's users are "normies" who will likely never use encryption The fact that it's completely disabled by default is a red flag. Even when you turn on encryption it's bad. Being FOSS doesn't automatically = safe. Long history of cooperating with governments, poor security practices etc.>https://en.wikipedia.org/wiki/Telegram_(software)#Security>https://www.spiegel.de/netzwelt/apps/telegram-gibt-nutzerdaten-an-das-bundeskriminalamt-a-0e4d3fcb-8081-4b87-b062-db412bbc294b>https://www.independent.co.uk/tech/telegram-russia-ban-lift-messaging-app-encryption-download-a9573181.html>MatrixI use Matrix daily (it uses the Signal encryption protocol by the way) but it's not an alternative to Whatsapp/Telegram/Signal. Matrix = alterative Discord
>>101908406Oh no I'm glowing because I don't think Session is going to be used by normal people.
>>101908755>Signal receiving funding from the CIA is irrelevant
>>101908789You're glowing because you post like a paid shill. I'm not going to reiterate the concerns of others, just letting you know.
>>101908755>the encryption doesn't matter if the app is shitSo, can you guarantee that Signal doesn't sell metadata? Or that their app isn't backdoored?Signal even uses Google Play Services for notifications, so Google naturally gets that data and will know who messages you and when.With both Telegram and Element i can either verify it (literally self host) or i can at least verify that it isn't backdoored (Telegram FOSS F-Droid, which also doesn't use Google Play Services).>Telegram is used by normiesHere >>101908789 you say that is a good thing.Also almost everyone using Signal uses the official App with Google Play Services. Which makes it insecure.>Matrix no alternative to SignalNo normie uses Signal. I can convince normies to use Matrix easier, because of the communities. And i can do exactly the same on Matrix that i could do on Signal - in reverse, signal can't do what Matrix can.If i already use Matrix, i don't see a reason why i would use the glowyware too.Not very convincing what you write.
>>101908840I don't give a shit>>101908755Look at the image you moron. Are you saying all of the services listed in the image are not to be trusted? You're calling Signal "glowware, glowfag or whatever" basing that on the fact that it received CIA funding, by that logic you should never use any of the services or products listed below as they MUST all have backdoors for the three letters:THE INTERNET, TOR, lithium Batteries, breast cancer detection hardware/software, GPS, pacemakers, MRIs, acelerometers, the flu shot, Airplanes, LEDs, microchips, subtitles, car tyres, lead-free solder, touchscreens, limb prosthetics, weather monitoring hardware/software.
>>101908908>THE INTERNETnon-sequitur>TORenjoy hooking up to honeypot guard nodes>lithium Batteries, breast cancer detection hardware/softwareyou good?did you have too many percs?
>>101908755>It has zero encryption by defaultFor me, this is even a good thing.You don't need encryption for a PUBLIC chat that EVERYONE can join.Yet, many idiots in the early years enabled encryption for their public rooms. Which is utterly pointless and just makes everything uncomfy!Encryption are for private groups and DMs.If you say "its insecure because it doesn't default to encryption" you just prove that you are a sensationalist security scammer.If you say "they don't enable encryption per default on private chats" that is a different thing. And i don't even know if Telegram does that or not, because of all those scammers like you whining about default settings.btw. any comment on the Mobilecoin scam that Signal did run?
>>101908908>if you think that signal is glowware because they got founded and made by glowies - then you also aren't allowed to use the internetdo you really think that this argument works, glowfag?
>>101907703just the fact Signal is shilled so hard by that turboretard Matthew Greene on twitter is all i need to know Signal glows in the dark, im using Session, glowniggers can tongue my claymored anus
>>101908899The encryption is easily the most important part of an ENCRYPTED chat application. Yeah a play install uses firebase for notifications & I agree that the majority of users will have installed via the play store but you don't have to. I just download the apk on graphene and it's works perfectly with no google play services.>No normie uses Signal. Well I managed to get all friends and family to switch to it without any issues and that's who I use it to communicate with.>I can convince normies to use Matrix easier, because of the communities.Then go ahead, I have no issue with Matrix, it's an aweesome protocol. I just think the vast majority of people would agree that it's more of a replacement for Discord/Slack/TeamSpeak/Mumble.>I don't see a reason why i would use the glowyware too.Then don't use it I couldn't care less, you're using it's encryption when you use matrix anyway.Give this a video explaining the encryption protocol for dummies: >https://www.youtube.com/watch?v=9sO2qdTci-sAnd for the love of god don't use Telegram if you value your privacy: >https://www.youtube.com/watch?v=t7HZrpJ4OyQ
>>101909119>(((reportedly)))thank fuck retards out themselves in thumbnails lest I'd have to give someone a view
>>101907900the furfaggot is clueless and masks basic common sense cryptography security with fancy writing and cringe edgy ellegance oneliner jokes to larp as if he is intelligent and actualy knows what the fuck he is talking about, just like 95% of security researchers bullshit things being exploitable in some insane edge of edge cases big bang moment z-score tier constructed conditions for it to work, he does the same when he has to explain why his bullshit takes are security threat, thats also why so many mentally ill non-biologicals are in security/cryptography, they just schizo(in a bad way) edge case scenarios with 50 paragraphs to convince everyone of some flawalso pic rel, i dont trust the news but i trust the mentally ill furfag who made the moderna vax that it's safe TOPLEL
Why does it feel like this thread is full of feds trying to shill their own glowware?
>>101908604becase mentally ill derraged non-biologicals are often on ADHD meds such as Ritalin/Amphet that allows them to bullshit edge of edge theoretical cases with 50 paragraphs, funny that Adderall side effects include hypersexuality
>>101909119>I agree that the majority of users will have installed via the play store but you don't have toWell, its not on fucking f-droid, because Signal itself doesn't want that AND YOU STILL DIDN'T TELL US WHY.The only other way you proposed is to add Julians Third Party repository that nobody can verify, which apparently has an OpenSoruce build.But guess what: NOBODY WILL DO THAT.If i talk to anyone else on Signal, who doesn't use an OpenSource build by Julian, my messages will be sent to an insecure Play Store Signal app and use Play Store notifications.Signal is not any more secure than WhatsApp.
>>101909168Because the loudest in here can't compare stuff and see that everything has arguments for and against it
>>101908908>>101905741>subtitlesThey funded subtitles???
>>101909219Yep. Look up the history of closed captions.
>>101908962just use Tor bro? just because it would cost barely 8k total nodes * $10 a month(accounting for different locations, IP subnets etc) = $80k a month to have 8k Tor nodes running 24/7 doesnt mean a government agency with blank check budgets can do it ok? i-i-i-i know some people that host nodes and its not the feds t-t-rust me bro!
>>101909210Yes it is because >>101905940.
>>101909007>send unencrypted message at 3 in the morninghmm wonder why he is up at 3 in the morning like all the bad guys are>It has zero encryption by default>For me, this is even a good thing.TOPKEK
>>101909273>links to the pic that lies and claims that Signal collects no data
>>101909119you glow harder than Chernobyl
>>101909155>as a gay man, I'm acutely aware of the long-term damage of public health crises: The HIV/AIDS...yeah, being part of a demographic that made spreading illnesses into a fetish truly gives him credibility when its about health
Didn't the FBI try to get information from someone's Signal account but all the company had was the account number, most likely the phone number but already knew that, the account creation date, and when it received a message?
>>101905052>SessionSession is hot garbage.-Slow Mode (what, you use push notifications?) takes 15 minutes to ping you that you received a message. Briar, SimpleX(+Orbot), and Cwtch were all sub-30 sec with 5+ minutes of screen-off time. Yes I tested this.-6MB filesize limit is as bad as 4chan's. Atrocious!-If you don't log in for a few weeks, say bye to your 'account' as it slips off the servers.-File picker gallery for Android is tap-to-send and not tap-to-select or tap-to-attach. This means you will accidentally send antisemitic memes to your family group if you are careless. You can't delete group chats.-Group chats can go over 1,000 members no problem on SimpleX, whereas Session chokes at less than a tenth of that.-Various other longstanding issues on their repo going unaddressed.Session is hot garbage. SimpleX configured to only use onion hosts, always use private routing with no downgrading, and set voice/video call relay to your preference (hide IP from counterparty vs hide call metadata), is at least as secure, private, and anonymous as Session. You lose anonymity if you choose to forego Orbot or some other persistent VPN, as SimpleX does not mixnet by default. SimpleX is designed to optionally interface with Orbot.SimpleX is also available to iToddlers, which both Briar and Cwtch (i like both more than SX+O actually) are Android-only mobile clients. With well-configured SX+O, you have secure voice and video calls between iToddlers and Droid-chads, you have Session-or-better text comms, and you have practically limitless filesize limit (I've pushed a couple hundred MB file before).Stop FUDding SimpleX+Orbot. It's not the best it could be but it's the most useful while giving effectively absolute privacy.
>>101909379Yes, that and other glow ops designed to gain your trust
HWAT IS THEIR FURSONAI MUST KNOW
>>101909311loool I don't care what you schizos think and I'm not even telling anyone to use Signal. If you're happy using whatever other service you use, stick with it. There are things I don't like about Signal, the phone number requirement left over from textsecure / for spam protection is annoying, the mobilecoin thing was a bizarre decision that for some reason still hasn't been removed from the app despite the fact that I've never heard of anyone using it. If I thought session was a viable alternative I'd be using that.Unfortunately the reality is that I manged to get my friends and family on Signal and that's good enough for me and demonstrably better than using WhatsApp and giving facebook all my contacts. But hey, I'm being paid to post all this so just ignore the facts and stick to what your gut tells you because of what you've read on some schizo blog.The second anyone shows me proof Signal is compromised, I'll no longer be using it.
>>101909379Same happened with iMessage, i use iMessage now. iMessage has perfect and unbeatable encryption and Apple proved that they won't give data away.If it would be any other way, then the FBI would have been able to crack the phone in that low-profile case.I bet that even Facebook has examples of refusing subpoena, so WhatsApp is just as secure. WhatsApp also uses the same hyper godlike furry encryption. God, i am so happy that Big Tech and the CIA cares so much about my privacy.
>>101904999Is it actually?
>>101909447niggerfaggot
Does any of this academic dork shit actually matter in practice? Who is going to perform a theoretical timing attack when you're talking?
>>101909475Yes, yes it is >>101901402
>>101907339>issue from 2015>closed>reproducible since 2016
>>101909505The only important thing is that you abandon a messenger that you can self-host, and instead use a centralized one, that is out of your control, requires phone verification and that is funded by the CIA.
>>101909547why isn't it on F-Droid?
>>101909419>Slow Mode (what, you use push notifications?) takes 15 minutes to ping you that you received a message.Yes>Briar, SimpleX(+Orbot), and Cwtch were all sub-30 sec with 5+ minutes of screen-off time.Not in my experience>6MB filesize limit is as bad as 4chan's. Atrocious!10 MB, also be happy since it got abused heavily by the pedos>say bye to your 'account' as it slips off the servers.That is entirely incorrect, I hadn't used mine for over a few months and it was still there. You won't receive messages from more than two weeks ago since it's not stored in the swarm anymore>File picker gallery for Android is tap-to-send and not tap-to-select or tap-to-attach. This means you will accidentally send antisemitic memes to your family group if you are carelessMight be, I can't tell. You can still select in your gallery app and use the share function there>You can't delete group chats.Do you mean closed or open groups? >whereas Session chokes at less than a tenth of that.You must mean private groups, public groups I visited never went that high and I heard that those that did worked fine>Various other longstanding issues on their repo going unaddressed.True>Briar are Android-only mobile clientsDon't forget Briar Desktop>It's not the best it could be but it's the most useful while giving effectively absolute privacy.It's still overengineered and has no good reason to exist. I would prefer Session one hundred times over a program of a fag who thinks global IDs are bad for privacy
>>101909550I don't use a messenger because the only person I talk to is my mom. Now tell me whether this security flaw actually matters.
>>101909475yes note the shift from Israel based telco to UK another glow country. Given the recent developments in the UK I would be careful when shitposting on matrix.
>>101909155Yeah, I'm gonna trust the furry over some schizo RFK supporter who lives with his parents like you.You /pol/ lolcows need to go back to your containment board and stay there.
>>101909456>iMessage has perfect and unbeatable encryption and Apple proved that they won't give data awayyeah no
>>101909453LOOL still giving up metadata. You cannot have a Signal without somehow unneccessarily tying something which is likely PII-connected.I can download Orbot and install it, then I can download SimpleX chat and install+configure it, and no PII whatsoever required. Your Signal just can't beat the simplicity of SimpleX+Orbot!
Oh Jesus Christ uhhh well I'm panicking right now about this, but to put it bluntly what is the retention policy for the Matrix.org servers?
>>101909589>got abused heavily by the pedosYour opinions are worthless, didn't finish reading.If your secure chat app lacks pedos, it lacks security. Full stop. Pedos are your darknet coal mine canaries.
>>101909563>Looks like this is not reflected in the documentation (that’s strange…), but this is our common practice: avoid conflicts with apps authors. If they don’t want their app on F-Droid, we don’t put it there. License and other people’s wishes don’t matter in this case.
>>101909726Don't worry, we still got pedos. But less of the 'Let me send you 20-50 10 MB videos all at once' kind. Guess I should be grateful for the fag ddosing all public groups for some NSFW groups closing
>>101909589>It's still overengineered and has no good reason to exist.I lied, I read the rest. You are law enforcement. I hope you choke on that donut piggie!Thanks for crystalizing my opinions Session vs SimpleX(+Orbot).
>>101909505For the vast majority of us probablty not. To be honest if I had a high threat model, I wouldn't be using Signal either.Since I don't have a high threat model but do value my privacy, I use Signal as it's the best middle ground in my opinion. It protects my privacy more than the viable alternatives and despite some flaws no one has even shown it to be unsecure. if you're targeted by a nation state or three letter you're fucked anyway So a lot of people are apathetic privacy today and wonder privacy is even possible nowdays. I get like that sometimes but privacy isn't all or nothing, it's a journey of small steps. The thin line between privacy and convenience that you must find yourself for your use case. You can't expect to be totally private unless you're a hermit in a cave somewhere away from the open internet.Degoogling as much as you can is a good idea, finding foss alternatives to proprietary services that hoover up as much of your data as possible is another step, using an email alias services for signing up for things is another step, not using IoT devices is another good one, using a password manager (ideally one you can selfhost) and a 2FA application that you can use on an airgapped device is good. Each one of these incrementally improves your privacy and makes you more secure than the vast majority of people on the planet.https://whyprivacymatters.org/
>>101909687Wait until you hear who funds Orbot.
>>101909796>I lied, I read the rest.I'm glad you did>You are law enforcement.Ah yes good old law enforcement telling you to use Session and Briar>I hope you choke on that donut piggie!I wish I had a donut
>>101909893Hol' up? You've got donuts over there?
>>101909837>>101909893>>101909904>>101909773all of you niggers (1) deserve to be mailed anthrax
>>101905267>I wrote a blog post urging the furry fandom to move away from Telegram and start using Signal morelol wtf do furries in particular care about privacy so much? nothing inherently wrong with them, but they in specific?
>>101905813your thoughts on Molly?it's a fork of Signal that piggybacks on their serversyou still need a phone number but there aren't blobs in itif Signal wants to let me use their bandwidth to send encrypted packets made without blobs, I feel alright with that
>>101909958I'm guessing people don't want to been outed as a furry? Saying that, who knows? Those freaks have no shame.
>>101909923>WAHHHH IF YOU TELL ME THAT THE GUY WHO TELLS YOU GLOBAL IDS IN SOFTWARE HURT PRIVACY IS A SCHIZO YOU SHOULD DIENigger, use briar and stop worrying. No need for some janky Orbot setup and no need to worry about internet outages
>>101909958they only use telegram for the stickers
>>101905813Ah interesting that you run your own Matrix server, that means you know that Matrix collects more metadata than Signal right? Better make an annoucement in your server.
>>101909981what the fuck are you even talking about, nigger?you think I read the shit I'm replying to?
>>101909700yeah about that…
>>101905813>PGP encrypted mails are better for me for trusted communicationThey are also the worst suggestion technically in this thread and should only be used as a last resort.>because i know what is happeningSo its a (you) problem. If you know what is happening then you would also know why nobody recommends it anymore.
>>101910021>you think I read the shit I'm replying to?Sorry I forgot where I was
>>101909923classic lashing out because the truth hurts doesn't it. https://guardianproject.info/partners/That's an interesting list of funders, Eric and Wendy Schmidt Foundation, Open Technology Fund. Gooogle... NOTHING IS SAFE, THROW IT IN THE MICROWAVE!
>>101908246Yes they did. Always cosplay as wolf or bear when going to war orgies
>>101906105>hardenedfor one, MollyFOSS removes binary blobs
>>101910237He won't listen to reason mate. In his mind the CIA has a backdoor and there's nothing you can say to change his mind.
Why did you need all this noise to know matrix was garbage? It literally demands PII when you install it, are you retarded?
>>101905813>>101906361Why does everyone praise Signal for being open source if we don't know they're actually running the open-source version on their servers? They could have a completely proprietary version they ACTUALLY run instead of the open-source version on Github.Because it doesn't matter what the server is running. That's the point. The service is built not to trust the servers hence end-to-end encryption. The only way to decrypt the content is to be at one of the "ends" i.e. the Android, iOS, or Desktop client. You can build any of the clients from the source code on GitHub and validate that it matches what is uploaded to the app stores and their website. Conversely, WhatsApp's code is closed-source meaning the code is not publicly available and cannot be independently verified. So when Facebook says "WhatsApp is end-to-end encrypted so we can't read your messages" there's no way of knowing if they're telling the truth, but you definitely know they're lying because they're Facebook, and Facebook has been lying to everyone for nearly 20 years. The NSA could be hosting the signal servers and it still wouldn't matter. Every signal message ever sent through signal servers could be saved and it still would matter. All the signal servers do is route messages from sender to receiver. They are "dumb".Signal encrypts every message before it ever leaves your phone. And that message can only be decrypted by the receiver on their phone. In fact, signal uses a awesome tech called a ratcheting algorithm which means that every single message ever sent was encrypted with a different (sub)key. If someone were to spend 9 months brute forcing a signal message and succeed, they would only get that one single message and have to spend another 9 months to crack 1 more message.
>>101905940>it makes no attempt to link that to your identitysure thing buddy...
>>101910895Read the code faggot.
>>101910993using phone number = not safe
It seems to me, based on the blog post, that the issues are in Matrix clients, not the server. Did I read that correctly?
>>101910768>All the signal servers do is route messages from sender to receiver.With sealed sender its also an extra step if the server tried to associate messages with the sending account.>If someone were to spend 9 months brute forcing a signal message and succeed, they would only get that one single message and have to spend another 9 months to crack 1 more message.The second message would be easier than the first because you would have narrowed the possible states but you are correct that it does not come for free after one message is cracked. The real benefit of the ratcheting algorithm is PFS and if you miss a single message then the previous knowledge is useless.
>>101910768>The service is built not to trust the servers hence end-to-end encryption. The only way to decrypt the content is to be at one of the "ends" i.e. the Android, iOS, or Desktop client>He doesn't know about e2ee backdoorsOh no no no
>>101908795You wasted 19 bytes
>>101895577Yet again xmpp sisters we win
>>101912023
>>101906227Wrong.
>>101906082>Three versions of the same app.Not a good look.They just have to find which dumbass in the group chat is using a compromised version.Then your DMs are pwned.
>>101905940But a phone number is literally tied to your identity. Just paste it in to the yellow pages and you get full name and address. It's worse than your full name and date of birth, because there could be several people sharing those.
>>101912060Image for ants
>>101907758Actually explanation:>Whatsapp Closed Source client, Encrypted, Centralized servers for Zuckerberg and co. to stalk you like a vengeful x-gf.>TelegramOpen source client, Slavjank “encryption”, also held on centralized servers ran by BRICs oligarchs/glowies>MatrixOpen source client, Self hosted, but everyone expects the protocol to carry some kind of hidden Zero-Day exploit locked away in the vaults of Tel Aviv, which is what the furry in the OP was trying to find.>SignalClosed source client larping as open source, God tier DARPA encryption, Centralized servers that don’t take logs (we pinky promise!)
>>101907209I don't own the rights to it, you have to make that judgement call yourself.>>101910768>"open source">not in f-droid>no reproducable builds>useless blobs>OWS collects your phone number>OWS has spook employees and funding>ZERO counterargumentskekekekek, you're not convincing anyone with that spiel you bloody bitch bastard.
>>101912551XMPP and Session still look pretty shiny and nice to me. Tox also, but Tox needs new maintainers to fix up the UI minimally and write a barebones (but stable) Android app.
>>101912551>ran by BRICs oligarchs/glowiesCorrection: it's only Russia and China really.
>>101906169You have to find one without ID verification, which may not be trivial but is doable.Then you need a burner phone or the number will be associated with all your previous ones via your IMEI. You must never reuse this phone for anything that you don't want associated with that new number.You also need to do all of that in a location that will be logged and associated with the number. If you connect that phone or number to the mobile network in any other location, it'll get logged too with an accuracy of at least 50m.
>>101907277>Installing apps via f-droid is inherently unsecure because they're all signed by the same fucking key. Use rss or obtanium you moron.Inane take. A key of the original author means nothing but that the updates are made by the same person (unless they lose it, which is quite possible since I doubt everyone has good key management). If the upstream app gets compromised (often happens when people sell their stuff to spyware companies, consider e.g. the Simple Mobile apps as a recent FOSS example), then F-Droid will protect you from that, but using a dev-signed one will not.
>>101895577hqly sh!t
>>101912696>but Tox needs new maintainersYeah so it's not abandoned anymore, also look into Briar
If glowies don't stop, I'm gonna start making "Signal + ProtonMail + Matrix" threads.You have been warned.
>>101913174It's half-abandoned now apparently, by which I mean there are no commits to any desktop client for 2/3 years BUT there is a maintained Android and TUI client. Good to hear.>BriarCool that it supports sneakernet and BT besides Tor and Wifi and Internet.
>>101913115Wrong. It's an issue with f-droids underlying architecture. Do some reading.https://privsec.dev/posts/android/f-droid-security-issues/https://discuss.grapheneos.org/d/16-f-droid-auto-updates/4
>>101905845There are valid reasons for this, you're just too stupid to understand them.Here's an old github thread explaining some of it.https://github.com/signalapp/Signal-Android/issues/127Also, read these:https://privsec.dev/posts/android/f-droid-security-issues/https://discuss.grapheneos.org/d/16-f-droid-auto-updates/4
>>101913338Wrong. By having the F-Droid maintainers in front of the app devs, you mainly need to trust just them and the F-Droid build process. They can catch many misbehaving upstreams and prevent damage before the app even reaches you. You only need to fully trust the F-Droid team, with the actual app devs only requiring partial trust.On the other hand, by installing apps signed directly by the upstream developer. you need to fully trust each one individually. There's no F-Droid checks that the app actually corresponds to the published source. As i mentioned in the previous post, the upstream dev can also just sell their app and you'll update to the compromised one just fine. This means that such an approach requires constant vigilance about any misbehaving upstreams and you need to do your research before every single app update.
>>101913426Devs have to maintain a seperate version of each release of their app just for F-droid due to it's fairly strict requirements. This leads to slower updates/patches.F-droid signs everything with their key which is stored on an airgapped machine, meaning a human has to push each app update through. The reason the machine with the key is airgapped is because it's a single point of failure for every app on f-droid.
>>101913475>Devs have to maintain a seperate version of each release of their app just for F-droid due to it's fairly strict requirements.This just implies that the original version was bad.>F-droid signs everything with their key which is stored on an airgapped machine, meaning a human has to push each app update through.In contrast, individual app devs' keys would likely get compromised by any kind of malware on their machine and they probably wouldn't even realize it.
>>101913475And do you trust Google?Why is F-Droid, which has strict reliable checks, a problem for you, but the Google Play Store - where Google actually can modify any apk they want - is not?If a developer has issues with the F-Droid process, then i can not trust him.
>>101913501Nta but exactly, the F-Droid model implies that every update that IS also released on F-Droid is strictly as secure or more secure - signing / build-wise - relative to the dev's private builds.An app which releases every update both on F-Droid and privately is imo the best option, and this scales to multiple appstores of similar design at the cost of maintaining a fixed-cost build pipeline descriptor per store.That's a really good deal.
>>101913596No obviously not, Play Store is full of slop.>If a developer has issues with the F-Droid process, then i can not trust him.Then you're an idiot who clearly didn't read the numerous issues with f-rdroid. Maybe you're more of a visual learner.https://www.youtube.com/watch?v=IzpVI4zaso0
>>101913661Yes, this is what I was implying. If the dev has to make a separate build for F-Droid, then their regular build is bad.
>>101913666>no obviously notwell, Signal trusts Google fully and completely, they trust them so hard that they send every notification over Google servers.But the F-Droid process of reproducibility... that's too much for them.... requiring Signal to provide stable versions of their software that can be built by the F-Droid CI is not an option for them.This idiot here >>101906082 even tells up to install some private bullshit third party repository that nobody can verify to enjoy a hardened FOSS built of Signal.
>>101913666All he says is "old api version LE BAD = install Droidify XD", kys nigger
>>101913709you know that Signal sends push notifications perfectly fine without firebase right?The apk is reproducible but it's it doesn't matter what the server is running. That's the point.https://github.com/signalapp/Signal-Android/blob/main/reproducible-builds/README.mdThe service is built not to trust the servers hence end-to-end encryption. The only way to decrypt the content is to be at one of the "ends" i.e. the Android, iOS, or Desktop client. You can build any of the clients from the source code on GitHub and validate that it matches what is uploaded to the app stores and their website. Conversely, WhatsApp's code is closed-source meaning the code is not publicly available and cannot be independently verified. So when Facebook says "WhatsApp is end-to-end encrypted so we can't read your messages" there's no way of knowing if they're telling the truth, but you definitely know they're lying because they're Facebook, and Facebook has been lying to everyone for nearly 20 years.The NSA could be hosting the signal servers and it still wouldn't matter. Every signal message ever sent through signal servers could be saved and it still would matter. All the signal servers do is route messages from sender to receiver. They are "dumb".Signal encrypts every message before it ever leaves your phone. And that message can only be decrypted by the receiver on their phone. In fact, signal uses a awesome tech called a ratcheting algorithm which means that every single message ever sent was encrypted with a different (sub)key. If someone were to spend 9 months brute forcing a signal message and succeed, they would only get that one single message and have to spend another 9 months to crack 1 more message.
>>101913762Watch part 2 and read the sources. Anywway, I'm done educating this special needs class for today.Going to take my dog for a walk and talk to him about it 'cause it understands it better than you.
>>101913775>The apk is reproducibleIt's reproducible if you take binary blobs as inputs. The blobs themselves are not reproducible, since they're not open source.
>>101913775>The NSA could be hosting the signal servers and it still wouldn't matter.false, because of metadata this why martix is mossad spyware
>>101913775They default to sending them over Google.And they want you to exclusively use the Google Play Store.Or use sideloading, which is retarded, because you have to download it manually on updates again (which means you yourself would have to check signatures, lmao, and are unsafe if you don't).Someone who does all this ridiculous bullshit... and then claims that F-Droid is insecure... can not be trusted.There is obviously a different motive behind that. They don't want to have a proper reproducible build process.Why? We can guess...
>>101913809Oh a moved goalpost! No thx.Again, KYS NOW!
>>101913775Nigger, whenever we have discussions about the security of matrix, the metadata comes up.Even thought that matrix homeservers can be hosted privately, so the one getting the metadata can be you.But when its about Signal, all of this suddenly doesn't matter and we should trust a centralized NSA server?
>>101913849>because you have to download it manually on updates again (which means you yourself would have to check signatures, lmao, and are unsafe if you don't).This isn't quite true. The app will prompt you to update and download it for you. Due to the way Android app signing works, you can only update an app if the update uses the same signing key. Thus, if you trust the initial key and trust that the devs aren't sneaking bad stuff in with the update, it's okay to update existing apps from anywhere.
>>101913977Pretty sure i signed an apk myself once, to remove it from being deteced by the Play Store, because an update added ads and i wanted to stop it from updating.Worked just fine.
>>101913316Afaik the protocol isn't maintained. I still believe it's dying, sadly
>>101914050I'm not 100% sure how it works, but this might imply that an update requires all of the previous signatures.
>>101905741>Furry blogger is clearly retarded but they're rightWho is they? Isn't it just him alone?
>>101909672That was a Samsung.
>>101913267>ProtonMailLiterally almost as bad as gmail lmao. They fully comply with any subpoena and log way too much information.>Signal>Some email provider with minimal logs and a transparency report, don't bother with encryption but always sign emails. For public announcements and the like on mailing lists, bug trackers, etc.>Matrix for public groups>Mumble for group voice chat
>>101913596The apks published on play store are signed by the developer. It is a TOFR policy but if an app becomes compromised (either by compromised dev account or store) an error would be signalled on update and require you to uninstall the old app. I would absolutely avoid it because of the privacy concerns and their insistence on proprietary blobs in every app but security wise it tends to be one of the best app stores available.
>>101908141Bot.
>>101909662you do you bro
is the cia going to be able to stop me from hating niggers? nois a furry going to be able to stop me from hating niggers? noare trannies going to be able to stop me from hating niggers? nowill i give up and use mainstream (((media))) platforms that censor me trying to say nigger? notrannies lostfurries lostCIA losti'll say nigger no matter what. i don't care how insecure or encrypted, but the word must get out. Nigger.Tongue my anus, niggers, trannitors and CIA agents.
Practically impossible to exploit outside the lab.
>>101911091>>101912003You're all morons who don't understand the differences between privacy, security and anonymity.
>>101919899This.WhatsApp is the most secure messenger..The glowfag wants us to use secure apps, not anonymous or privacy respecting ads.
>>101919927No. You can have security without privacy, but you can't have privacy without security. WhatsApp is neither secure or private.
>>101908253>tfw midov server userI used it only for learning japanese...
>>101920184You can't just lie your way out of the watchlists like that.
>>101920500Not my fault tatsumoto decided to host his server there.
>>101906873>Spain banned Telegram in Marchheard about that, still using it, not gonna stop, fuck the gubmint
sneedov
>>101895577still not going to use the glowfag spyware Signal, you fucking furry.
>>101920068>You can have security without privacyThis is the Freedom vs. Security argument.If you give up your freedom for daddy government to protect you, you will end up losing your security, because the same government can now fuck you over.If you give up your privacy for the CIA messenger to protect you from muh Russian hackers, you will end up losing your security, because the CIA can now rape you.
