• kbal@kbin.melroy.org
    link
    fedilink
    arrow-up
    44
    ·
    edit-2
    8 months ago

    Well, she’s not wrong that we need more influential people fighting back against this latest push in the global coordinated effort to put an end to communications privacy. It’s really quite alarming how little attention it seems to get most of the time. Civil society seemed much more robust when it fought off similar attacks in the 1990s. I do hope that the “VC community” isn’t our only hope.

    But of course Signal can’t interoperate with another messaging platform, without them raising their privacy bar significantly

    Signal is supposed to be free software. You could probably manage to interoperate at least with other operators of actual Signal-Server instances, if you wanted to.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      8
      ·
      8 months ago

      The problem with trying to be compatible with everything is that no one can agree on what a good protocol should be. Trying to force apps to work together is problematic as you end up creating a large attack surface.

      I appreciated what they want to do but the GDPR has kind of gone over the top in my opinion.

    • LWD@lemm.ee
      link
      fedilink
      arrow-up
      8
      ·
      8 months ago

      There’s already something like this and it’s called SimpleX. Messages are sent through relays and a very familiar form of ratcheting encryption is used.

      It’s still in its infancy, but anyone can run and use their own relay.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        3
        ·
        8 months ago

        Simplex is a great example of why trying to force apps to work with each over is bad for a number of reasons.

        Simplex chat would be massively compromised as a messager if it was required to work with Telegram. Imagine the amount of spam you would get if nothing else.

        • LWD@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          IMO a better example is Matrix bridging - in order for an app like Signal to work on your Matrix account, you do have to compromise your Signal messages on it.

          But otherwise, yeah, I definitely agree with your assessment. Even if Signal and SimpleX used an identical protocol, the nature of sealed sender messages would make spam prevention and server abuse more difficult to handle IMO. SimpleX is still relatively obscure, and I’m not sure what scaling up will look like for it.

    • haui@lemmy.giftedmc.com
      link
      fedilink
      arrow-up
      6
      ·
      8 months ago

      I run a matrix server that interoperates with signal, whatsapp and discord so people who need to use those platforms are able to use one app instead of three and also keep their info private.

      • LWD@lemm.ee
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        8 months ago

        How’s that keep people’s info private? Every Signal-Matrix integration I’ve seen decrypts the data and just holds it unencrypted on a (Matrix) server.

        • haui@lemmy.giftedmc.com
          link
          fedilink
          arrow-up
          2
          ·
          8 months ago

          I‘m talking about apps like discord or whatsapp that have a lot of info on you when you open them. The open source clients are a lot less data hungry afaik.

          But yes, the encryption between the apps is not seamless so you‘d need to activate encryption again for this if you want it.

          • LWD@lemm.ee
            link
            fedilink
            arrow-up
            4
            ·
            8 months ago

            Maybe. If you communicate on Matrix with someone who is bridged from Discord, you have now given Matrix data to Discord and Discord data to Matrix. Which isn’t great for privacy at all.

            Granted, I guess you don’t have to use the Discord app at that point, but the extra data is a server-side treasure trove regardless.

            • haui@lemmy.giftedmc.com
              link
              fedilink
              arrow-up
              2
              ·
              8 months ago

              I dont know where you got that info from but afaik the most data collection is automated and does not include manually sifting through stuff. Having a discord bot does not give discord the info from a persons matrix account. Its the persons decision if they want to name the matrix account the same (which they shouldnt).

              • LWD@lemm.ee
                link
                fedilink
                arrow-up
                1
                ·
                8 months ago

                Well, it’s not all your Matrix data, but if you don’t trust Discord with writing an app that runs client-side, I’m not sure why it’s helpful to trust them with holding onto your conversions with other Discord users either…

                I’ve also run a Matrix server and I can tell you from experience… You shouldn’t trust me with your conversations. Even if I was a good friend, I’m definitely not a security professional!

                • haui@lemmy.giftedmc.com
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  8 months ago

                  Well, I‘m not a security professional but an admin. Keeping people out of your matrix chats isnt that hard if you follow some standard procedure.

                  Sending 1000 texts to discord through matrix is a lot different than having 1000 texts and all photos, geo coding, contacts and microphone accessible.

                  • LWD@lemm.ee
                    link
                    fedilink
                    arrow-up
                    2
                    ·
                    8 months ago

                    You can’t keep the admin out of your Matrix chats and bridge them to Signal (or Discord) though. Either they sit around effectively unencrypted on a server that’s built to hold data and especially metadata forever (which is one data breach away from being everybody’s data) or the user has to just not use Signal bridges.

                    I guess if you’re comfortable with that it’s fine, but I’m really not.

    • turkishdelight@lemmy.ml
      link
      fedilink
      arrow-up
      4
      ·
      8 months ago

      I have been disappointed by signal so much that I’m not suprised by this. There is no legitimate justification to why they don’t distribute on F-Driod.

    • honk@feddit.de
      link
      fedilink
      arrow-up
      3
      ·
      8 months ago

      free software doesn’t necessarily mean federating with other services.

      They have stated their reasons why they don’t wanna do it. You might disagree with them or not. But the technology they built is still open. Anybody could take what they created and use it as a foundation that does federate.