-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, On 14/10/18 18:31, Rick Moen via luv-talk wrote:
Quoting Andrew McGlashan (andrew.mcglashan@affinityvision.com.au):
A Signal call can equally put to rest issues raised by ambiguous Signal messages in the same way as a call does for emails.
btw Nobody should put ANY trust in the mobile phone network when it calls to calls and SMS as it is an extremely insecure medium. At the very least you should be using Signal [or some other trust worthy end-to-end encryption tool with encrypted messages and calls, at the very least.... So sad that there is a need for Signal at all, but such is life.
FWIW, here's what a friend who's even more jaundiced on these matters than I am wrote about Signal and similar:
tj> I've heard talk about people attempting to spend less time on tj> Facebook and more on Signal, Slack or Wire.
These are nasty companies.
signal -- never had any real federation. posting server source is an irrelevant stunt, similar to wire. posting client source is only useful for someone who wants to fork the whole network, not someone who wants freedom within it.
unfriendly to pseudonomy by forcing phone number id, tying keys to phone, not supporting multiple accounts, etc.
doesn't support free software. They refuse to allow publication in F-Droid because of $arrogant_rant. Yes, yes, reasons, but don't go full aspie on me. They don't meet the bar, and that's that. Rants are a distraction not an excuse because the issue is control, not why you want control.
talks a lot of shit but has had multiple pants-down security moments: the group chat membership bug and the poor-choice-of-framework Blink bug.
slack -- offered irc gateways to build network effects then shut them down fucking evil.
a closed system designed specifically to poach lazy entitled "maker"-style can't-be-bothered non-player character users from a perfectly adequate open platform, then lock down the playing characters using network effects. Evil!
wire -- this is some proprietary Swiss garbage, right? four legs good, two legs bad. Why do we have to go through this over and over? "But if you're not paying for the product you are the [SLAP]." Shut up, Robin.
What's worse, unlike Google and Facebook, these "alternative" proprietary companies aren't under government and media scrutiny and don't have valuable reputations-to-lose bonding them. You would be better off protesting by using Bing, Wechat, or Baidu.
tj> If so, where did everybody go? I'm wondering what happened to tj> all the people who actually did delete Facebook.
still a good question. my nitpicking doesn't answer.
I've been trying to get normies on riot.im. It uses signal-like insecure web frameworks, but prefers to run them in a browser tab instead of a standalone desktop app, which is more secure because you get chrome sandbox and chrome updates. It has a gateway to irc that is a little flakey but about halfway to ok---I use it with irc.hackint.org which runs their own instance of the matrix gateway. The server is a single-threaded Python twistedmatrix app that they are rewriting into multiple Go frontends around Kafka. The client is a single javascript blob for android/ios/web. The endpoint identifiers are Jabber-like, but there is a lookup server for verifying & "discovering" phone numbers (not sure how well it works), so theoretically best of both worlds. It's properly federated: you can set up your own domain-namespaced instance, and if matrix.org ceases to exist you can continue chatting.
--end--
Again, that's _his_ view, quoted. I actually don't personally use any such services. In fact, what I use is a simple flip phone (calls and SMS), and I don't particularly trust it: To the best of my understanding, the baseband processor problem is so pernicious that you really cannot trust any cellular device to not have been hacked from over the air.
All valid points, sure Signal isn't perfect, but it's at least better than "clearnet" even if the devices cannot be fully trusted due to the baseband and other "builtin" vulnerabilities. Still better for the normies of the world though. Heck, baseband ..... IME .... we are so lost these days, when we should be enjoying a far better and infinitely safer computing environment without needing to revert to flip phones and ancient pulse dialer phones (neither of which are as safe as they should be either fwiw); which the powers that be couldn't care less about ... AU legislation for instance (both direction and current situation). btw not interested in using Slack either and riot.im -- I wish, but for the same reasons that Signal is a fair base for the normies, so too is FB, just don't over share and be skeptical of any and all stories that are often fake news and other hype that is totally bogus. I do run my own XMPP server, but rarely both with it. Cheers A. -----BEGIN PGP SIGNATURE----- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW8Lz5gAKCRCoFmvLt+/i +0CpAQCJW36drvp43ZlzWk2CAAPiwJfAJmYaUss73cGy1BVWxgEAjvh+KVYVuryD hqej661VgIevYwt7k/P5mmMKeEh28jc= =8SpS -----END PGP SIGNATURE-----