For anyone considering Session messenger:
The Session developers dropped Perfect Forward Secrecy because it would be hard to work around it.
First things first, let’s talk about what we’re leaving behind: Perfect Forward Secrecy (PFS) and deniability.
Source: https://getsession.org/session-protocol-explained
In plain English, they dropped a security feature for their convenience to the detriment of their users’ security.
For anyone unsure what PFS provides:
The value of forward secrecy is that it protects past communication.
Source: https://en.wikipedia.org/wiki/Forward_secrecy
The Session devs also claim:
Session provides protections against these types of threats in other ways — through fully anonymous account creation, onion routing, and metadata minimisation, for example.
Reading between the lines, we can interpret that as introducing security through obscurity, which is generally considered bad practice - https://cwe.mitre.org/data/definitions/656.html
What’s wrong with Briar? https://briarproject.org/
Censorship-resistant peer-to-peer messaging that bypasses centralized servers. Connect via Bluetooth, Wi-Fi or Tor, with privacy built-in.
I think the reason these apps don’t take off is the compromises they make in order to work the way they do. When you do need them, you best hope you’re able to get them and get others to use them as well.
For women in Texas, a new study says you’re getting the short end of the stick. WalletHub ranked Texas among the five worst states for women to live in, with its study released Monday, February 26.
Source: https://www.mysanantonio.com/news/local/article/worst-state-for-women-texas-18690990.php
Texas is the worst state to live and work … Factors like Texas having the highest number of uninsured residents in the nation, higher violent crime rates, a low number of primary care physicians per capita, a strict abortion ban and laws targeting LGBTQ+ people were what made Texas’ score so low
This link goes straight to the video and skips the website for anyone wanting to avoid it.
https://customer-aw5py76sw8wyqzmh.cloudflarestream.com/2463f6d3e06fa29710a337f5f5389fd8/iframe
Jack doesn’t own bluesky but he is on the board [0] and even working for a public benefit company, is supposed to [1]:
… operate the business with the same authority and behavior as in a traditional corporation
It does go on to state they’re required to consider the impact of their decisions not only for shareholders but also employees, customers, community, etc, but there’s no mechanism that forces them to do “the right thing”. A public benefit company is basically a way to protect decisions made if they were to not align with the concept of “shareholder primacy” [2]. On the other hand, if Bluesky had registered as a certified B Corp [3], that would have more weight to it as they not only have to state their intentions but also provide evidence.
In regards to being federated - are they actually federating with anyone yet? Genuine question, I haven’t kept up.
In regards to being open source, it’s a good start, but like the Chromium project, the company’s needs will drive it forward and the interest of the company will come first, good or bad.
[0] https://en.wikipedia.org/wiki/Bluesky_(social_network)
[1] https://en.wikipedia.org/wiki/Benefit_corporation
[2] https://en.wikipedia.org/wiki/Shareholder_primacy
[3] https://en.wikipedia.org/wiki/B_Corporation_(certification)
Ooh silverbullet looks nice too, thanks. Link for the lazy: https://silverbullet.md/
To the point of the person you’re replying to, I think it may be treated the same as email. For example, if you send an email and it gets forwarded somewhere else, all the “custodian of your data” (lets say google in this example) can do is delete any copies they have on their server. Anything outside of that is outside their responsibility/capacity.
FYI - although not official, Discord can be installed as a Flatpak [0], albeit with some features missing [1].
Also, I’ve found Webcord [2] a good alternative for my limited use-case. You may want to try it and see if it works for you. Lastly! I see there’s now a GTK4/Go Discord client available [3], I’ll have to give this a try and see how well it works at the moment.
[0] https://flathub.org/apps/com.discordapp.Discord
[1] https://github.com/flathub/com.discordapp.Discord#differences-in-flatpak-version
The way I did it was getting rid of the apps I no longer wanted on my phone. This forced people to send text messages. If they try sending a good pic/video it would obviously fail. Their only option was usually something more difficult than just installing Signal. I don’t provide Whatsapp as an alternative. I did lose some contacts, but close friends/family will obviously opt for the better messaging experience compared to default SMS.
Signal could have implemented RCS messaging themselves
That would have been great, except Google doesn’t provide an API for developers to use RCS in their own apps like they did with SMS. Google’s basically forcing everyone (long term) into their messaging app, which I suspect will eventually be the “iMessage” of Android since there wont be any alternative “texting” apps.
Great search engine, don’t forget to try the ‘random’ link[0]
. It’s how I’ve been using it to discover the interesting and less-visited corners of the internet.
Also, apparently the developer is going to be working on this project full-time for the next two years[1]
. Hoping for the best and interested to see where he takes the project.
The problem I had was I was basically paying so my parents could use it - and they are mostly using my other sibling’s HBO account. I barely watch TV and would only really put it on to have something to fall asleep to, so at least in my case, they’ve lost minimal my account’s minimal usage + whatever I was paying them.
I’ve read from SME’s that Signal is the gold standard for encrypted private messaging. I haven’t seen that claim of any other messenger. What are the alternatives?
I’ve tried Briar and that seems like it may be good in 5+ years, but not something I’d ask non-techy people to use in its current form. Sessions dropped Perfect Forward Secrecy because it was too hard to make it work. I don’t want security features dropped just because they’re “hard” so that’s an immediate no from me. What are viable alternatives that don’t leak metadata?
I’m gonna need some evidence before I believe Google isn’t analyzing all the data that passes through it unencrypted.