You must log in or register to comment.
okay
Man, I haven’t seen a goat.se in years
Not trying to be pedantic, but the original was goatse.cx
Yeah everyone likes to call it “Goat-see” or “Goat-say”, but it was originally supposed to be “goat-secx” i.e. “goat sex”.
I think part of the confusion may be that when the site was taken down, the mirrors that sprung up were things like goat.se, etc.
I’ve heard it pronounced “goatsee” and said that myself back when the original site was live. You are 100% right on the intent of the name though.
That’s probably the only reason I clicked it. Honestly, kinda regret that I did because the author just seems like a dude yelling at the sky because he’s wildly critical of the smallest things but doesn’t offer up any solutions.
So you’re disappoint it wasn’t a rickroll of the original image?
No I think he clearly said he’s disappointed by the low quality content.
The original, while disgusting, was not low quality content.
I (wrongly) assumed that if he was hilarious to have made that graphic, that he’d maybe be more reasonable, hopefully funny. I was disappoint.
It did kick off me spending about 2 hours comparing Signal to SimpleX, and Briar, and a bunch of others, and I can only conclude Signal is the best out of them. The security community seems to be REALLY paranoid about every, single, tiny little thing - but I understand that they must be.
SimpleX doesn’t do any kind of IP address masking or have quantum resistant double ratchet encryption.
Briar doesn’t account for rogue-tor nodes, etc.
There’s just always some big glaring flaw in one of them.
Is this a random thought or should I not click the link?!?
Edit: oeuf. There it is. Nice.
The fact that there are no interoperable third-party implementations, or even third-party builds/distributions of the Signal app
that’s not true, Molly is perfectly fine
Who is this clown “jwz” and why does his opinion matter?
He’s someone that was a developer for Netscape and Firefox. I used to follow him but stopped doing so and now I find him quite annoying, haha
I agree with him in many things but he’s always replying people like he’s better than everyone which makes me think he must be a very shitty boss considering he’s the owner of a club.
“Right about a lot of things but fucking insufferable” is an apt summary of JWZ
“Insufferable ass” doesn’t begin to summarize my experiences with him. But he’s been right about a lot of things.
This was exactly my experience.
Also got the same impression back when I used XScreenSaver. I looked in to customizing the logo shown on the login dialog and some of the screensavers, only to find a rather preachy write-up on the advantages of XScreenSaver and a very stubborn affirmation that the logo is hard-coded and should not be changed because it is the identity of the program or something.
Oh yeah, the Debian vs. JWZ XScreenSaver spat, that was royally stupid and led me to stop using it altogether
Kids these days…
Hard to take them seriously, if they can’t even use a search engine to realize most of this is complete bullshit. What is this? A Twitter post?
What is this? A Twitter post?
Just about. JWZ is known for his cynical hot takes on tech in general.
I don’t think any of his complaints are invalid, though his conclusions are uncharitable at best. Making a communication tool that’s both reasonably secure and sufficiently palatable to people who don’t know how to use computers to achieve broad adoption is a hard problem with no perfect solutions. If he has a better idea, well… he’s a skilled and somewhat famous programmer; he’s better equipped than most to implement it.
There are some fairly good solutions tho. Matrix is still kinda half-baked (specifically thinking about 2.0 and Element X) and Conversations has limited capabilities, but they are fairly easy to use
Edit: Although I would really wish Matrix had a ‘normie-mode’, with secure and reasonably easy to handle defaults
I use Matrix, and I’ve moved some conversation with people I met in public rooms there to Signal because it kept failing to transfer keys rendering it unable to decrypt messages. I haven’t seen that in a while so maybe it’s fixed, but I haven’t been using it for one-to-one conversations lately.
Unfortunately, I’ve found most people have a lot of resistance to adding another messaging app. I don’t really understand why that is, but it’s true. Asking someone to install a messaging app when I’m their only contact who uses it and they have another way to contact me has a success rate near zero.
Yeah, I also had encryption problems, especially when I was running Conduit rather than Synapse. However, I never had such problems in XMPP with OMEMO.
Element X is pretty easy to use. I honestly don’t know why anyone listens to tech illiterate people about security and you have to be tech illiterate to think setting up element is hard.
Yeah, Element is super easy to use.
You just need to chose a Matrix instance, create an account with username and password that have nothing to do with what follows, log in (not that), generate keys, ideally back up those keys (which you could ignore, but you are prompted to), then it bothers you with cross-signing (which you can also ignore, except you kinda can’t, depending on you contacts, so log in again and confirm the devices), then chose another, unrelated instance to be discoverable via mail/phone (which again is optional, except if you want to be or don’t want to explain how adding via domain + name works), than add mail or phone number and activate it and boom, you are golden. Except you are not, because if you want Element X, well, you still have no push notifications, which just require you to… Oh, create another account, neat!
Meanwhile on Signal you do what? Punch in your number, confirm, optionally set a PIN, optionally enable backups, done. Yeah, that’s not as private, and missing online massage backups, I know, but it’s also a 1-3 step setup without any alarming prompts, telling you to do non-straightforward stuff that could very well compromise your privacy. Or having to dig through options and make choices and handle keys you don’t understand.
Do you need a reminder that 123456789 is a popular password and 2FA commonly considered a nuisance? Matrix is complicated enough to confuse even (non-ITSec) IT people.
As a professional software developer, I consider Matrix/Element to be quite user-unfriendly (and anecdotally also quite buggy)
Edit: Some clarifications. Describing this easy process was kinda confusing for silly ol’ me
mostsome of the stuff on that list isn’t even true (at least not anymore) lolThere are six bullet points. Which ones are no longer true?
The only one I know of is point 4, in that you can now choose not to share your phone number. But, IIUC, the app uses the dark pattern of forever nagging you to share it, hoping you’ll eventually accidentally click the wrong choice.
Point 2 is mostly not true, in that Molly exists and you can do reproducible builds with either implementation.
To be fair, from Signal’s attitude it seems that Molly is tolerated rather than welcomed. And that it may be shut off if it gets big enough.
Unless Signal’s policies recently changed, Molly is not interoperable, since Signal does not allow third-party clients to use their servers/network. That would make point 2 correct.
If that policy has changed, then someone please link the announcement so I can update my notes.
They’ve been allowing Molly to continue to function for multiple years. Notably, from Molly’s readme:
Molly connects to Signal’s servers, so you can chat with your Signal contacts seamlessly.
I looked over the terms of service linked there and don’t see anything specifically calling out third party clients. Is that elsewhere in another terms page somewhere or is it just not being specifically mentioned?
It was a few years ago when I read Signal’s statement about this, so I’m afraid I don’t have a link for you.
I believe you when you say Molly functions, but it’s important to note that without Signal’s blessing, anyone using Molly can be locked out of the network (and their chats and contacts) at any moment. It’s not the same as official interoperability.
I wonder if the Digital Markets Act will eventually force it.
If they have such “security concerns” with third-party clients, a compromise would be to mark profiles using unofficial clients, and make it possible to see what client it is. Because it’s audacious to disapprove of third-party ones while your own lacks features people find important! Such as:
- Allowing an arbitrary proxy rather than just their own solution (because not only is their own solution inferior to some of the more advanced censorship-evading technology, but this is the field that needs multiple options when one stops working. Also if a person uses a proxy for everything else anyway, making them set up a whole separate solution or find someone else’s proxy just for your app is pointless.
- UnifiedPush.
- Allowing tying a desktop client by typing a code rather than scanning a QR code, which is important when registering on an Android VM (because again, Signal just arbitrarily disallows account creation on a desktop, nevermind that most phones are very hard or impossible to make private!)
Absolutely, and I’m not trying to say they don’t own their infra or have the ability to cut off the Molly users. Luckily, if that were to happen, you could use the automated backups to restore back into Signal, since they’re functionally the same.
Regardless, both apps have reproducible builds. It’s the infra that isn’t reproducible.
I use the Signal a lot and have never been nagged to share my phone number.
4 and 5, from what I remember you have to opt into being discoverable by number even if you give it your contacts. that said I don’t fw signal for the other reasons stated, it’s basically just the easiest secure alternative to texting.
2 is probably wrong. Molly exists. Trademark cannot be used to prevent other implementations, just the use of the name or other dress. What may not be open is the server side code and federation is not supported.
Is there a better alternative? I don’t see anything conclusive in the link on that front
It’s like a politician, “Look how bad the others are” and then not proposing anything better (because at this moment, there isn’t).
I sure don’t know. SimpleX is suggested, among others: https://dessalines.github.io/essays/why_not_signal.html#good-alternatives
Could you explain/elaborate to a know-nothing (me) on the following from your link?:
Caveats of federation: Metadata leaking
When using federation, Matrix’s room states (containing a lot of Metadata) get replicated and stored indefinitely on every homeserver any user connects with or connects to. While this is a feature for enabling distributed chat rooms, it comes at a serious privacy cost.
To avoid this, you can either disable federation, or make sure that your users signed up with no linkable identifiers other than their user names.
The author of that essay (@dessalines@lemmy.ml) is one of the main devs of lemmy, so you’re asking in the right place lmao
Matrix is not really a chat system, but rather a distributed database that pretends to be a chat system. As a result all servers participating in a room get a full copy of the room metadata all the way back to when the room was created, which is a serious privacy issue.
This is not a general problem of federated systems though, and XMPP for example basically only shares the metadata that other participating servers strictly need to function.
How…do you think chat systems with storage are supposed to work? They store data. In a database
What specific fields are shared by matrix but not xmpp?
The main difference is that in Matrix, a chat’s history and media is stored indefinitely on every participating server, while on XMPP it’s only the duty of the one “hosting” it. And to my understanding, in 1-to-1 chats, the server doesn’t even retain the messages after delivering them, since there’s a separate module for “syncing” the history between devices (that you can set the retention time for).
Yes in a local database, not a distributed one.
The main difference is that XMPP (like most other federated systems) is based on passing messages, so if a new server joins a chat, it gets send messages from that point onwards.
In Matrix that is different. When a new server joins a chat it exchanges the entire database for that chat, and for DAG consistency reasons this means all the metadata since the chat was first created, often years ago.
I’ve never looked into how Matrix works at all, so I can’t really speak to that.
That could work, it looks like it was a lot of features like reacts and video calls. How easy it is to setup and ‘plug-and-play’ will determine whether I’ll be able to convince people to use it
It is still in early stages but the bones are good.
I would not advise for people who expect shit to just work.
Maybe next year. A lot of progress since last time I tried it.
Conversations is very simple
- matrix if you want cloud storage for conversations
- jami or briar if you’re okay with p2p
- simplex for the most secure cryptography and “just works” better than p2p
Why do you claim simplex has the “most secure” crypto? Why is it more secure than the standard double ratchet everyone else uses?
it is using double ratchet but heres the most recent tob. the fact that they use distributed self hostable relays and no user identifiers is more secure imo
Last time I tried SimpleX, you had to scan a QR code to go from Desktop to mobile and vice versa, any chance of them changing that? Otherwise it did look promising.
yeah you can only use one device at a time because simplex doesn’t have accounts, just devices. but you can make another account per device and add them to your chats
Wowww that’s bad design
yeah it’s annoying, but they’re pretty committed to the no user id thing
deleted by creator
deleted by creator
deleted by creator
Every interaction I’ve had with that person is insane. Who even are they?
Among many other things, the person who created Mozilla/Firefox.
More like one of many developers
Obviously. But it wouldn’t have happened at all without him.
Thanks! I only knew them as yelling, cursing, and attacking others on mastodon person
He’s old and cranky like me 🤷
Haha! How did you simpsonify a photo of yourself?? That’s so cool!
I know him as the guy who made his webserver respond to everything with a ballsack in an eggcup if your Referer is hacker news. Seems childish
The big upside of signal is that it is better then SMS, and has more adoption then any of the other reasonable options. Adoption is still not enough to make it that useful when compared with Messenger and SMS and even with this addressbook thing your complaining about trying to drive it.
Big downsides abound too including needing a phone number, and being tied to a phone.
I thought they changed the phone number requirement? Or was that a fever dream I had?
No, it still requires a phone number, but you can hide your phone numbers from other users now.
Ah that’s what it is.
You can share a name or handle now but I think you still need the phone number otherwise though you no longer have to share it.
Yep, the number is still required as a bs “are you human” check, but signal doesn’t stop you from using gvoice or other voip services like twilio.
Removed by mod
A Beehaw user using slurs, not something you see everyday…
(I was under the impression Beehaw was “Aspiring to bee a safe, friendly and diverse place”)
sorry, sometimes I can’t hold it back anymore. maybe I should just stay silent sometimes
They could just be older than 30, it’s predominantly considered a slur by the young.
What did he say
“retard”
So lemmy.ml censors it as well?
I don’t know lol
Sorry but in this house we avoid jwz’s opinions on things like the plague
He’s like the Morrissey of foss
Removed by mod
