this post was submitted on 23 Sep 2024
339 points (98.8% liked)

Technology

59366 readers
4115 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 46 points 1 month ago (5 children)

I wish Telegram would just enable default E2EE. Oh well, time to switch to Signal!

[–] [email protected] 34 points 1 month ago* (last edited 1 month ago) (1 children)

And if they had implented that to begin with and used servers that kept no logs he wouldn't have had anything of value to hand over and they would have had to release him since he physically could not provide those things.

He built the damn situation for himself, and the fact that such issues weren't considered practically screams "honeypot."

[–] [email protected] 11 points 1 month ago

they would have had to release him

Maybe we could say he wouldn’t be in this situation because he could’ve responded to every request his company got and they could’ve provided all of the zero logs they had.

I believe Telegram just wasn’t cooperating at all which is wild! Such a Musk thing to do.

[–] [email protected] 8 points 1 month ago

Just keep in mind that any service that asks for a phone number can also disclose it.

I hope what leaves the Signal client is a hash of your phone number, rather than the number itself. They might even be using salts and expensive-to-execute key derivation functions, to mitigate brute force searches (which are otherwise easy given the relatively small search space of phone numbers). But if compelled, it would be trivial for Signal to change that behavior.

[–] [email protected] 3 points 1 month ago (4 children)

I also don't trust Signal.. And I won't gonna switch a 4th time. I might as well switch to Matrix chat now.

[–] [email protected] 16 points 1 month ago (2 children)

I'm not sure how much we can trust matrix either to be honest. There's some cryptographic flaws in their Olm Library. https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/

As it turns out being both secure and convenient is very difficult

[–] [email protected] 9 points 1 month ago

That is a pretty weak argument. The issues are minor and in a library that people are moving off of to a better build and stronger validated library. Yes, it should have been like that in the first place, but the problem is minor and being addressed.

I would look more to the various features of Matrix that aren't encrypted like room names, topics, reactions, ... and not to mention the oodles of unencrypted metadata. I really wouldn't call Matrix a high-privacy system.

I like Matrix and use it regularly, but it definitely doesn't have a privacy-first mindset like Signal does. I'm hoping that this improves over time, but without a strong privacy first leadership it seems unlikely to happen.

[–] [email protected] 5 points 1 month ago (2 children)

Olm is now deprecated and all development is now focused into Vodozemac: https://github.com/matrix-org/vodozemac. That being said, is there no proven Olm Protocol alternative implementation for e2e encryption (proven technology) instead of reinventing the wheel.

[–] [email protected] 4 points 1 month ago (1 children)

ow interesting. TIL.... Olm Protocol is a clone of Signal’s Double Ratchet.

[–] [email protected] 1 points 1 month ago

vodozemac might become that proven implementation. Without reinventing the wheel there will never be an alternative, because everyone just reuses the one existing library.

[–] [email protected] 10 points 1 month ago (3 children)

I also don't trust Signal..

...why?

I might as well switch to Matrix chat now.

Man, Simplex seems to check all the boxes for me...

[–] [email protected] 4 points 1 month ago (1 children)

...why?

While it might be secure.. I'm done with centralized services.. If I can't host it myself, I won't bother switching anymore.

I don't know Simplex chat very well.. But that seems also good.. As long as you can have encryption and run your own server. It's not that I have anything to hide, but at the same time I'm tired of the infiltration of all states (which now also include EU).

EDIT: They need to change their name. The first results you get in search engines are this: https://www.simplex.com/ followed by (Dutch): https://simplex.nl/

[–] [email protected] 1 points 1 month ago

As long as you can have encryption and run your own server.

You can :)

[–] [email protected] 2 points 1 month ago (2 children)

Simplex doesn't support mutli-device. That's a deal breaker for me. I do 90% of my messaging at my desktop but also want to be able to chat on the go. Using my laptop on the couch is also fairly convenient.

[–] [email protected] 3 points 1 month ago (1 children)

SimpleX also loses messages if you don't pick them up in time. Going on vacation for a few weeks could be problematic, for example.

[–] [email protected] 1 points 1 month ago

Adding to that, their notification system kinda sucks for me.

[–] [email protected] -1 points 1 month ago (2 children)

Simplex doesn't support mutli-device.

...yes? It does?

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago) (1 children)

No, it does not. The closest it comes is allowing a PC to take control of a mobile client on the same local network. That might be a convenient way to type with a full-sized keyboard if you have both devices in the same place, but it is not what people mean when talking about multi-device support.

GP wants the ability to use their account from multiple devices independently. From different locations, not tethered on a LAN. With shared message history, notifications, unread state, identity, etc. That's what multi-device support means in the context of messaging services.

[–] [email protected] -2 points 1 month ago (1 children)

Device 1: PC Device 2: Phone

How many devices is that? 2? Sounds like multiple devices to me 🤷‍♂️

[–] [email protected] 2 points 1 month ago (1 children)

2 devices that can’t function independently. That would make it functionally one device. You’re just splitting hairs now.

[–] [email protected] -3 points 1 month ago* (last edited 1 month ago) (1 children)

2 devices

Glad we settled that one.

You’re just splitting hairs now.

My guy, you're the one splitting hairs.

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago) (1 children)

No, lol. “Multi-device” does not just mean “multiple devices can be involved”. It means “Multiple devices can operate independently”

And you know that. But you’re splitting hairs to try and fit this use case into something it’s not.

[–] [email protected] -1 points 1 month ago* (last edited 1 month ago) (1 children)

No, lol. “Multi-device” does not just mean “multiple devices can be involved”.

My guy... "multiple" = >1. "Device" = some sort of electronic. It's that simple. And you know that. But you’re splitting hairs to try and win an internet argument and misrepresent something you don't like.

[–] [email protected] 1 points 1 month ago (1 children)

Yes linguistically that’s what the those two words mean.

But in the context of a messaging app, “Multi device” becomes one singular term with a set meaning agreed upon by everybody but you, that you’re trying desperately to change by deconstructing the words it’s composed of in order to misrepresent something that you evidently like a whole lot.

[–] [email protected] 0 points 1 month ago (1 children)

By "everybody but you" you mean just you, right?

[–] [email protected] 0 points 1 month ago

No I mean me, the other people who’ve corrected you, the people who’ve downvoted you, and everyone else.

[–] [email protected] 0 points 1 month ago (1 children)

https://github.com/simplex-chat/simplex-chat/issues/444 suggests otherwise. Do you have any information about multi-device support.

[–] [email protected] 3 points 1 month ago

The only information that I have is that I personally use it on multiple devices, and I didn't invent it, I just downloaded the software provided by SimpleX.

[–] [email protected] 4 points 1 month ago* (last edited 1 month ago) (1 children)

Spin up your own server for best results.

Then you only have to worry about minor metadata leakage.

[–] [email protected] 4 points 1 month ago (1 children)
[–] [email protected] 5 points 1 month ago* (last edited 1 month ago) (1 children)

There's also SimpleX chat and Briar, but I've used both of those less than Matrix. They seem to be aiming to solve the last few issues that Matrix has, like usernames and metadata leakage.

I consider Matrix to be closer to an "Enterprise" solution, like what a business or government or non-profit would use for secure communications (literally both French and German governments use Matrix), while SimpleX/Briar seem much more aimed at individuals just wanting control over their personal conversations.

[–] [email protected] 4 points 1 month ago

Personally I really hope that Dendrite will release a version somewhat close to v1: https://github.com/matrix-org/dendrite

The main downside of Matrix is the Synapse Python server (blurp). But Dendrite is still far for complete even years later now.

[–] [email protected] 1 points 1 month ago

Here.. SimpleX comparison table.. Signal is also centralized.

[–] [email protected] 3 points 1 month ago

Telegram would never do that.

[–] [email protected] -3 points 1 month ago (1 children)

Anyone who used Telegram as a private communications channel in the first place is an idiot.

[–] [email protected] 1 points 1 month ago

Anyone who thinks they can have privacy near a computer is an idiot.