isn't @signalapp centralized? shouldn't we all be moving to something that isn't?
Top-level
12 comments
@abmantis @railmeat @wjmaggos @briankrebs @signalapp @element @matrix last time I checked (2 years ago maybe) metadata « sharing » on element/matrix wasn’t its forte compared to Signal (minus the need to have a phone number ofc). @wjmaggos @railmeat @briankrebs @signalapp @matrix or alternatively #xmpp / @snikket_im which has OMEMO that's based on the same double-ratchet algorithm as Signal. It also bridges well to SMS and voice phones using jmp.chat (or similar Vonage/Twilio for non-US/Canada numbers) Matrix has some nice features that XMPP lacks, but XMPP is still a well used and reasonable alternative. @wjmaggos depends on your threat model. I don't think the average user should be required to know a trustworthy admin. matrix is an option if you care for that. couldn't the people who run Signal instead run a Matrix server, along with Mozilla and Automatic etc? isn't that our better future, FOSS decentralized tech and lots of companies with principals that run these servers and we pay them a sustainable rate? @wjmaggos security in a decentralized service is hard. That is why email is the mess it is. if you don't want to cut of people, you need to use the lowest common denominator, which often is out of date and insecure @wjmaggos federation adds complexity which is the enemy of security. there is a reason why mastodon dm's are not end2end encrypted and it is not that msto defs are lazy. @Bindestriche @wjmaggos A good example of this: Matrix still hasn't rolled out fixes to all the Nebuchadnezzar vulnerabilities (homeservers control group membership and can add/remove members at will): https://nebuchadnezzar-megolm.github.io/ This is in part because fixing anything in a decentralized system is hard! Fixing these required, AIUI, a protocol change, which is a nightmare when you don't control all the servers and clients. @wjmaggos getting back in the habit of paying for online services with money instead of data is a good development. but choice of provider is not a silver bullet. there are good reasons why we have central food health inspections. checking if a provider is trustworthy requires a skilset that should not be necessary to just use a messenger. just as I don't want to bring a lab in a restaurant just to know the food is save to eat. there's two ways to ensure good service, democratic oversight/control or economic competition. neither are perfect. Signal seems great right now but I don't see the incentives for that to maintain. I guess there's also dog fooding, that the people who rely on something have the power to keep it good. the model of lots of FOSS projects and Wikipedia I guess. |
@wjmaggos what decentralized equivalent to Signal?
@briankrebs @signalapp