Oh, hey! Wasn’t even a problem for me.
Oh, hey! Wasn’t even a problem for me.
By that simple logic any new browser will be ridiculously behind Firefox. Firefox’s code base has been in development for nearly 30 years - https://en.wikipedia.org/wiki/Netscape_Navigator
I was excited for it up until I saw what happened. I get the perspective the maintainer might be coming from, but they made a huge deal out of something that shouldn’t have been.
Sure, but it’s worth asking why the management is so poor
Could just be incompetence.
Working in a bigger corp and seeing people continuously fail upwards or get hired into positions where they run around like headless chickens - sometimes the reason is leadership putting people in the wrong role and not holding them accountable because its easy to “fudge metrics” and believe things are going well.
The strategy I’ve seen far too often:
Too often I’ve seen meetings between management not even understanding what their “core issues” are. How do you even make a business better if you don’t even understand your pain points?
It’s both fascinating and scary.
Hard agree. Apple’s ecosystem is primarily completely closed-source. If you abandon them or they abandon you you’re left with nothing. At least with open source-based projects like Chrome/Firefox you can fork the code and not have to start from zero against a goliath. Apple would never give its customers that kind of leverage.
I agree with you. It’s frustrating to see people lump in genuinely good AI/ML work like private on-device translations in attempts to discredit Mozilla. There are good criticisms against them. They’ve made mistakes. There’s zero need to lump in AI/ML.
that’s interesting. I had found it fast initially when it was first released. I didn’t use it often but when I finally stared using Matrix more often I was bouncing between both and Element X was significantly slower than normal Element so I decided to uninstall just a few weeks ago. I had even tried un/reinstalling to see if it would fix it, but it didn’t. Much happier with it now.
I had just uninstalled Element X like two weeks ago because I found it to under perform compared to the normal Element client on Android, in addition to lacking some features. I guess I’ll give it another shot.
Update: WOW this thing feels lightning fast compared to just a few weeks ago. This is great. Not sure about feature completeness, but based on speed I think I’ll migrate Element > Element X again. Great job to the team!
can you post a link to this rule?
while true, that doesn’t mean that it isn’t compromised but not hackable yet, or that a weakness won’t be found in the future. I would heed the advice of those in the field of cryptography and stay away from Telegram and MProto
lets not forget AI was trained on human data. some people will “sound like AI” because they likely make up a big portion of its demographic training data.
container tabs don’t just isolate but also give you the option to have multiple profiles without having to log in + out of websites. if you don’t need that feature, then probably.
Imagine saying that without a hint of irony after Snowden revelations
Funny enough, “Edward Snowden has reiterated his faith in the Signal app by saying that he uses it every day.” - published 2021.
I’m going to stop replying to you here because I’ve said all there is to say on the issue and we’re just going in circles.
Same here, lets end this amicably and find common ground. I think we’re both pushing for what we believe is best in attempts to guide people towards a secure platform, can we both at least agree that SimpleX is superior under more threat models compared to other messengers, even if it does have a few UX issues it needs fix?
Matrix doesn’t harvest metadata like phone numbers by design while Signal does.
You’re right, Matrix doesn’t ask for a phone number but it damn sure leaks metadata like a sieve. Unless things have significantly changed in the last year, here’s a list of things Matrix can see about you in an encrypted room, that an app like Signal cannot:
I love how I’ve addressed this numerous times but you’re still unable to understand the difference. Trusting that the protocol works correctly is different from trusting people operating a server. Clearly this is a concept that is beyond your comprehension.
I clearly understand the difference, what you fail to address is that at the end of the day you are placing your trust in a third party, whether its the code, the protocols or a back-end server. Matrix removes the server if you host your own and never interact with other instances, but otherwise, you’re still trusting the code and the protocols and that - as I’ve pointed out above - that what you’re recommending isn’t already leaking tons of data. And don’t get it twisted, I’m ROOTING for Matrix, it just has a long way to go to address issues that Signal clearly identified early on would hold back the platform (federation + third party clients).
Maybe go read up on where Signal comes from instead of spending your time trolling here. http://surveillancevalley.com/blog/internet-privacy-funded-by-spies-cia
I know what you’re talking about but you don’t want to bring it up because its all tinfoil hat wearing flat-earth conspiracy theory web of poorly connected dots. Your response is the MAGA equivalent of “do your research”. I’ve done my research. The onus is on you to bring forth the evidence. To quote Carl Sagan, “Extraordinary claims require extraordinary evidence”. Don’t try and connect dots that don’t back up your claim and stand proud behind what’s at best poorly thought out misinformation.
first I doubt anyone compiled the code themselves and use what’s in the app store
Molly-FOSS exists and is basically a Signal fork built by a third party that removes any non FOSS components. So there are groups of people who are building the Signal code and enhancing it.
the insistence to be tied to the phone number
This is a legacy requirement (Signal used to send encrypted messages via SMS) and is now primarily used for spam mitigation. This feature is unfortunately (or fortunately depending on your POV) costing them millions now, so I suspect they will eventually be forced to look to alternative spam mitigation methods as the cost to benefit ratio starts looking cheaper at spending engineer/developer time to figure out some alternative method.
refusing to work if you don’t update (in the app store)
If you’re referring to the expiration of the app ever ~90 days, this is security feature. It prevents people from using old/outdated and potentially insecure or unpatched versions of Signal. Secondly, you don’t need to update via the app store. There are some Signal forks (not sure if Molly is one of them) that remove this expiration, but even they will state that you should not expect the app to work forever as Signal’s always being updated and using an old client will always be liable to break as its basically not being maintained.
Even Matrix is far better in terms of privacy and it’s plenty mature at this point.
I would disagree, this guy’s been finding issues and reporting them to Matrix for a while now and appears to find them every time he glances at the project. I LOVE Matrix. I would recommend it over Discord, Telegram etc, but I would not recommend Matrix over Signal.
The fact remains is that I simply do not trust Signal knowing where it originates.
This is fair. No critique against this stance.
Trusting countless researchers an security experts to read the code, understand the protocols, and provide reproducible builds,
I agree! Trust the countless researchers, security and cryptography experts.
… is a lot better than trusting a sketchy US company that was started by the CIA and NED.
You’re gonna have to cite your sources.
Those clients exist despite Signal Foundation, not because they encourage community development. They are doing everything they can to discourage third party app development.
That was your original claim. None of the sources you provided back up your original claim. We can talk about Google libraries or the delay in server side code if you want to go down that path, but that’s a completely different discussion. Why are you pivoting to other topics? Will you concede your original point or do you have evidence to back it up?
No, you don’t have to trust anyone. That’s literally the point of having secure protocols that don’t leak your personal data. 🤦
Unless you’re reading all the code, understand the protocols, and compiling yourself you are placing your trust in someone else to do it for you. There’s no way around this fact.
You suggest SimpleX, Matrix, and Briar (which I believe are great projects btw, I’ve used them all and continue to use SimpleX and Matrix) but have you read the code, understand the underlying protocols, and compiled the clients yourself or are you placing your trust in a third party to do it for you? Be honest.
I will agree though, if you absolutely do not trust Signal, you should use Briar or SimpleX, but neither are ready for “every day” users. Briar doesn’t support iPhones so its basically dead in the water unless you can convince family/friends to switch their entire platform. SimpleX is almost there but it still continues to fail to notify me of messages, continues to crash, and the UX needs significant improvement before people are willing to put up with it.
The discussion in this thread is specifically about Signal harvesting phone numbers. Something Signal has no technical reason to do.
Let me give you a history lesson, since you seem to have no clue about where Signal started and why they use phone numbers. Signal started as an encryption layer over standard text/SMS named TextSecure. They required phone numbers because that’s how encrypted messages were being sent. In 2014, TextSecure migrated to using the internet as a data channel to allow them to obscure additional metadata from cell phone providers, as well as provide additional features like encrypted group chats. Signal continued to use phone numbers because it was a text message replacement which allowed people to install the app and see all their contacts and immediately start talking to them without having to take additional action - this helps with onboarding of less technical users. Fast forward to today and Signal is only using phone numbers as a spam mitigation filter and to create your initial profile that is no longer being shared with anyone unless you opt into it.
Now, you can say they’re collecting phone numbers for other nefarious purposes but they publish evidence that they don’t. Will they ever get rid of phone numbers? Unlikely unless they figure out a good alternative to block spam accounts.
Privacy and security are not based on trust
You’re 100% right. If you read the code, understand the protocols, and build the clients from source, you don’t have to trust anyone 😊
They could be waiting until it becomes a big issue
I guess I don’t see that as a problem if its causing a big issue.
Let me throw it back to you: If you were providing a service and a third party client was using your resources and causing a “big issue” like you stated, would you not want to remediate the problem? Lets say you introduced a new feature, but it doesn’t work for 15% of your user base because they’re using an outdated third party client that may not get fixed for another year or two - if ever. What would you do?
Here’s another example, lets say someone develops a client that lets you upload significantly bigger files and has an aggressive retry rate that as more people start using your client, it starts increasing the hardware requirements for your infrastructure. Do you just say “oh well”, suck it up and deal with having to stand up more infrastructure due to the third party client doing things you didn’t expect? Is that reasonable?
Any sites out there even serving JXL? With a “global usage” of 13%, I don’t see many developers wasting their time on it unless there’s some niche use case that requires it.