this post was submitted on 20 Sep 2024
264 points (98.5% liked)

Technology

58152 readers
3776 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
264
Ukraine Bans Telegram Use For State, Military Officials. (www.rferl.org)
submitted 14 hours ago by 101@feddit.org to c/technology@lemmy.world
37 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] 101@feddit.org 23 points 13 hours ago (1 children)

How is Signal compromised?

[–] TheTechnician27@lemmy.world 14 points 13 hours ago* (last edited 13 hours ago) (1 children)

It's not, unless they're some sort of cryptography expert with a peer-reviewed white paper pending publication. The Signal protocol (GPLv3) is extremely robust and has almost no capacity for metadata generation, and both the app and server-side code are under the AGPLv3 (technically if they were compromised they could use different, unaudited server-side code, but refer back to "basically no metadata"). Signal has essentially no capacity to be compromised; they can't even bait and switch users with a pre-compiled app whose source code isn't the publicly available one and actually has a backdoor because their builds are reproducible and it would be caught immediately.

Maybe they take issue with the crypto bullshit, which is valid but doesn't compromise messaging security. Maybe they don't like that they took away SMS, which I completely agree with, but also actually makes it marginally more secure. Either way, I seriously doubt if they had any mathematical insight into Signal being "compromised" that they would be here hanging around on Lemmy right now.

[–] kwozyman@lemmy.world 6 points 12 hours ago (1 children)

Be that as it may, it's still an incredibly short sighted decision to use a centralized service that is under 3rd party control for real security sensitive applications.

[–] sugar_in_your_tea@sh.itjust.works 6 points 12 hours ago (1 children)

Yeah, that does bother me. But it's also a lot easier to build a centralized service like that than to get people on a decentralized one.

If you really want something private and are willing to jump through a few hoops, Simplex exists. But most people aren't willing to jump through a few hoops, and even Signal (a pretty low bar) is a hard enough sell as it is. And that's why I use Signal, because it's my best chance to get people onto something better. In other words, don't let perfect be the enemy of better.

[–] helenslunch@feddit.nl 0 points 11 hours ago (1 children)

But it's also a lot easier to build a centralized service like that than to get people on a decentralized one.

Is it? No one seems to have problems using email.

[–] sugar_in_your_tea@sh.itjust.works 4 points 11 hours ago (1 children)

Yet pretty much everyone uses the same one: gmail.

[–] helenslunch@feddit.nl 1 points 11 hours ago* (last edited 11 hours ago) (1 children)

not true. Plenty of people use Yahoo, Outlook, Proton, and some even use AOL!

[–] sugar_in_your_tea@sh.itjust.works 3 points 10 hours ago (1 children)

Sure, and I use Tuta. Those are outliers, the vast majority use gmail, or at least the vast majority in my circles do.

It's the same thing as the network effect, just a little less ubiquitous, people will tend to use whatever everyone else uses. Getting something new like email (SMTP) is a huge endeavor, it's a lot easier to just build a centralized service and get people to use that, and most people will use the same provider anyway.

I don't like it, but I understand why it works and is so common.

[–] helenslunch@feddit.nl 2 points 10 hours ago (1 children)

Those are outliers

...I don't understand your point. Do outliers make it not decentralized?

[–] sugar_in_your_tea@sh.itjust.works 0 points 10 hours ago (1 children)

No, those being outliers means the email argument isn't particularly strong, especially when talking about a new standard. If most people use a single service anyway, why would a company go out of its way to make something decentralized? And for something like encrypted chat, that's a lot of extra work.

[–] helenslunch@feddit.nl 1 points 10 hours ago (1 children)

If most people use a single service anyway, why would a company go out of its way to make something decentralized?

Same reason they did it for email?

[–] sugar_in_your_tea@sh.itjust.works 1 points 10 hours ago

What, by starting as a government system using a completely different protocol, then adapting to always-online network connections (i.e. universities) at a time when spam didn't really exist?

The 70s and 80s were a very different time, and regular consumers didn't use email until it had gone through several iterations. Even so, most people used a single implementation (sendmail on BSD) for quite some time before anyone else got involved.

The internet today is a very different beast, you can either try for an open standard, or you can try for user acquisition. Almost nobody seriously goes for the open standard anymore, unless it's an iteration of an already existing open standard.