Telemetry shows that users who didn’t opt out of telemetry don’t care about fingerprinting. Who’d have thought.

https://blue.mackuba.eu/stats/

https://arewedecentralizedyet.online/

> We need to finish moving PLC into an independent org

Does not make it decentralized; instead creates a second centralized failure point.

> large scale “appviews” — the aggregating backends of apps — are still a bit too expensive and a bit too difficult to write

Which is an architectural limitation, because AppViews must store the entire network, and will only get worse.

It’s really weird to say that BlueSky is an example of “practical decentralization” when all of its decentralization serves no practical purpose at all.

https://photos.goldstein.lol/share/OIgowBN4Wmi4zlm8DmDP0s8jH...

Something like this happens basically every time I try to use Matrix though. Messages are not decrypting, or not being delivered, or devices can’t be authenticated for some cryptic reason. The reason I even tried to use Element Desktop is because my nheko is seemingly now incapable of sending direct messages (the recepient just gets infinite “waiting for message”).

https://oss-security.openwall.org/wiki/mailing-lists/distros

> Only use these lists to report security issues that are not yet public

> To report a non-public medium or high severity 2) security issue to one of these lists, send e-mail to distros [at] vs [dot] openwall [dot] org or linux [dash] distros [at] vs [dot] openwall [dot] org (choose one of these lists depending on who you want to inform), preferably PGP-encrypted to the key below.

I did say more already. Maybe you believe in serious communication tools that can’t synchronize searchable history between devices, but I don’t.

> They, and other communities that use GPG-encrypted emails are LARPing, and it’s only fine because their emails don’t actually matter enough for anybody to care about compromising them.

Are we talking about the same Openwall? Are you aware what Openwall’s oss-security mailing list is? Please, do elaborate how nobody cares about getting access to an unlimited stream of zerodays for basically every Unix-like system.

It’s important to me — as a user — that a communication tool doesn’t lose my data, and Signal already did. Actual practicioners keep recommending Signal and sure, I believe that in a weird scenario where my encryption keys are somehow compromised without also compromising my local message history, Signal’s double-ratchet will do wonders — but it doesn’t actually work as a serious communication tool.

It’s also kinda curious that while the “email cannot be made secure” mantra is constantly repeated online, basically every organization that needs secure communication uses email. Openwall are certainly practicioners, and they use PGP-over-email: are they commiting malpractice?

I’ve already lost message history consistency because one of my devices was offline for too long. The messages are there on my other device, but Signal refuses to let me copy my data from one of my devices to another. Signal is, quite literally, worse at syncing message history than IRC — at least with IRC I can set up a bouncer and have a consistent view of history on all of my devices, but there’re no Signal bouncers.

Using it as something more than encrypted SMS requires persistent message history between devices.

> metric fuckton of messages

“More than 45 days” is a metric fuckton? Seriously?

> If you want Signal to host the encrypted storage, that costs money. If you don't want to pay Signal money, they provide 45 days of backup for free.

I don’t want Signal to store my messages. I want Signal to not lock in my messages on their servers, so I can sync them between my devices and back them up into my own backups.

> If you want to self-host your own backups (at your own cost), that's easy to do.

Except there’s no way to move it between platforms. I have more than one device.

> Are you referring to MobileCoin? That feature isn't in the pipeline for sending messages.

I don’t want shady crypto company to hold my data hostage, and there’s no way to store it on my hardware and then move it between platforms. That’s my problem with signal.

> A Synchronized Start for Linked Devices

It only properly transfers 45 days. You can’t have more than one phone. Phones are special “primary devices” and AFAIK you can’t restore your messages if you lose your phone even if you have logged-in Signal Desktop.

I want secure messaging, not encrypted SMS. I want my messages to sync properly between arbitrary number of devices. I want my messaging history to not be lost when I lose a device. I want not losing my messaging history to not be a paid feature. I want to not depend on a shady crypto company to send a message.

This sounds really arrogant. Element X _still_ lacks a lot of features, saying that the only reason to use classic Element is that you must be unaware of Element X completely ignores that. I wish “Element Creations Ltd” was as aggressive in creating Element X as they are in pushing it.

Yeah, I mean “access to the system”. It’s not the same as using headless chrome, because it gives you ActiveX and you can shell out to an arbitrary command.

Comments URL: https://news.ycombinator.com/item?id=46339551

Points: 13

# Comments: 8

Comments URL: https://news.ycombinator.com/item?id=46302004

Points: 3

# Comments: 0

I would pay for Firefox if it was focused on privacy and customizabilty, not telemetry and LLMs.

> making a tar file that when inspected looks fine

Am I correct in understanding that manual inspection would reveal a nested .tar archive (so recursive inspection of nested archives should be enough)?