• jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    4
    ·
    edit-2
    11 months ago

    If signal can collapse because of a single contributor withdrawing support, then it kind of deserves to die. If It’s not robust enough to withstand the lack of money, it would never stand up to government intervention.

    Though I suspect signal is perfectly fine, this is just an outrage seeking article for clicks. Or unnecessary conspiracy. If you don’t trust signal, you have other options like simple x, briar…

    • Otter@lemmy.ca
      link
      fedilink
      English
      arrow-up
      15
      ·
      11 months ago

      Intentional conspiracy, judging by who the author writes for

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        It’s a good thought experiment. Let’s assume signal is a conspiracy.

        What do we do now?

        The article doesn’t seem to have any thesis here. If signal becomes untenable:

        Briar and simple x are the most promising in my mind, but I know there’s a lot of proponents of matrix.

        I personally don’t think session is sustainable, simply because they don’t have any development going on, no perfect forward secrecy added.

        If we’re talking about the signal replacement, we need a way for people to find their contacts. A phone contact list as a social graph is pretty good. I could see that being added as a discovery, optional, service for simplex, or even briar. But that would probably take quite a bit of development of work to do it in a non-Spammy fashion

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            11 months ago

            Yeah they had perfect forward secrecy when they forked from signal, and then they tore it out because it was too complex to fit in there model. That’s an admission their bad programmers, and we shouldn’t trust them with crypto, or nefarious and we shouldn’t trust them with crypto.

            Going back to what’s next:

            Contact Discovery is the major hurdle to adoption of any really secure platform. I do appreciate signals SGX enclaves, they solve the problem in a nice way… If you trust SGX enclaves. That being said, that’s not the only way to do it. Though I can’t think of many contact discovery mechanisms that don’t rely on a central source of truth. Maybe that’s the necessary evil for onboarding, but it doesn’t have to be part of the day-to-day operations.